Tag Archive for IOT

Son of PalmOS in Your SmartTV

Do you remember the PalmPilot?  By 1999, within three years of its launch, the Palm had user base of over 5 million users. I was a fan of the Palm. I went thru a series of them in the 2000’s. In 2011 I marked the sale of the PalmOS on the BachSeat. PalmOS has had a number of names since it glory days. It was also known as HP webOS, Open webOS (HP), Palm webOS, and most recently LG webOS.

SmartTVLG (LGLD) has been using webOS in their SmartTV’s since 2014 and more recently in their line of smart refrigerators. LG is updating LG webOS to LG webOS Hub. The LG webOS Hub is a new version of its webOS streaming television platform. The newest version incorporates a new hub for third-party partners to plug into.

Son of PalmOS

The webOS Hub will incorporate many third-party applications that are supported by LG’s streaming operating system. Some of the third-parties including Netflix (NFLX), Hulu, Amazon (AMZN) Prime Video, Disney Plus (DIS) Plus, and YouTube Google (GOOG). It will also include LG Channels, the company’s free, ad-supported streaming service. Support for NVidia‘s (NVDA) cloud gaming service is promised in the near future.

LG logoLG said webOS Hub was developed in partnership with Dolby, Realtek, and CEVA. It has been certified by over 160 broadcasters around the world.

Park Hyoung-sei, the president of LG Home Entertainment Company, told FierceVideo;

We are committed to refining and expanding our webOS Hub ecosystem, which continues to introduce more and more consumers to the unparalleled user experience of LG webOS.

Smart television platforms

More than 120 million devices in 150 countries are powered by some version of webOS. According to analytics firm Omdia, LG’s webOS is one of the more-dominant smart television platforms internationally. LG’s webOS owns around 18.5% of the market. It is bested only by South Korean competitor Samsung, which has nearly 30% of the global streaming platform market.

rb-

Besides the nostalgia of seem Palm resurrected into the media,. There is the creepiness factor of LG, Amazon, Netflix and Google (YouTube) monitoring and monetizing your TV viewing habits. They can data-mine your viewing habits to profit off what you do. 

Do not think they wont use your data to make a profit. Back in 2017 I wrote that Vizio had to pay $2.2 million to the FTC and the state of New Jersey to settle a lawsuit alleging it collected customers’ television-watching habits without their permission.

 

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Does that Doggy E-Toy Protect Privacy?

Does that Doggy E-Toy Protect Privacy?Thanks to COVID it is the virtual silly season. No more jamming into malls it is online shopping now. Half of shoppers spend some of their money on pet treats and other supplies this holiday season. If your virtual gift list includes presents for your four-legged buddy – be careful there are some puppy toys out there that can compromise your privacy while Fido is entertained. Mozilla’s “Privacy Not Included” project analyzed the security of pooch-gifts and the results are not good for your privacy.

Internet of ThingsAll of these technologies can become part of the Internet of Things (IoT). IoT technology interconnects them, IoT connects the camera in your living room with the smartphone on your desk, allowing you to monitor your pet while you’re at work. IoT enables the collection and interconnectivity of data. This is extremely important when considering your safety and privacy.

Dogness iPet Robot – This doggy toy costs $299.00 and has all the bells and whistles to keep Fido entertained. It moves and chases your pooch. It has an HD video camera with night vision to record your pup, two-way audio to talk to your doggo, a laser to chase, and the ability to toss treats to your buddy with the click of a button in the app. The iPet Robot connects over Wi-Fi so your home network better be secure – otherwise, somebody could take over the rolling spybot and catch your pooch – or you – in a compromising position.

Dogness iPet RobotThe Dogness iPet Robot also comes with a “*Privacy Not Included” warning from Mozilla. The bot can roll around your house with a night vision camera and microphone, while connected to Wi-Fi. Mozilla says that both the Dogness device and app can snoop on you. The researchers report the device doesn’t encrypt your data. Dogness doesn’t state what information is collected from the robot, or what they do with it. Dogness uses artificial intelligence but the reviewers could not determine how the firm uses AI.

If that is not scary enough, in March 2020, it was reported that Dogness left its Amazon ElasticSearch server, containing the usernames, emails, clear-text passwords, and session cookies of its users exposed. The unprotected information has lead to the complete exposure of its production SQL database, application source code, and the complete takeover and control of its pet feeding devices and associated accounts.

Mozilla could not determine if the Dogness iPet Robot meets it’s Minimum Security Standards.

Cheerble WickedboneCheerble Wickedbone Interactive Gaming Toy For DogsThis $78.99 interactive bone is next on the naughty list. You can control this interactive bone through an app on your phone that connects through Bluetooth. From the app you can make the bone roll around and change colors. When you get bored – there’s a 20-minute interactive mode that can entertain your pup without you.

The app requires access to your phone’s GPS location data – why? that a good question. Additionally, the reviews could not determine if the firm encrypted your data, required strong passwords, or uses AI to make decisions about you. And like most IoT devices it doesn’t seem to have a way to manage security vulnerabilities. For these reasons, Mozilla says this pet toy does not meet its Minimum Security Standards.

Fitbark GPSFitbark– I first wrote about Fitbark back in 2013. The Fitbark GPS costs $99.95 + subscription + the costs of Verizon’s LTE-M cellular network coverage. It is a bone-shaped tracking device that goes on your dog’s collar and will track her just about anywhere in the U.S. It also connects to Wi-Fi.

The Fitbark monitors your dog’s activity, sleep habits, scratching habits, and stress 24/7. You can link it to your FitBit, Google Fit, or Apple HealthKit apps and you can stress about your doogo’s health too.

Mozilla reports the Fitbark tracks your dog’s movements and whereabouts with Bluetooth. Wi-Fi and GPS. With all that tracking an attacker could keep tabs on you or your pup. The app does collect personal data including; Name, email, phone number, address, date of birth, profile photo, dog’s health, and your dog’s biometric data.

Felik Pet CompanionThe Felik Pet Companion – This mouse-shaped bot costs $129.00. It has a camera and artificial intelligence to track your pet, learn from their movements, and react to how they hunt so it can simulate real prey. Felik connects to the Wi-Fi in your house and has an app where you can schedule play throughout the day.

Mozilla says the firm seems to try and take privacy and security seriously. They built security and privacy aware features into the dog toy, like the ability to toggle Wi-Fi on and off with a physical button, an indicator light when the camera is streaming, and even an on-device firewall.

Since it has a camera and a microphone it could be sued to snoop on you. And the app tracks your location. The product uses AI to analyze your personal data to make decisions about you. But Users can request an explanation about any decisions taken as a result of automated decision-making by contacting Felix.

rb-

The Felik Pet Companion is the only online dog-toy that I would allow in my home.  

The Mozilla *Privacy Not Included buyer’s guide investigates the privacy and security of connected toys, gadgets, and smart home products. They flag products they think consumers should think twice about before buying. Mozilla looks at how well they can confirm a product meets a Minimum Security Standard.

 

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Elephants on the Internet

Elephants on the InternetThe global COVID-19 lockdown is now taking its toll on endangered wildlife like elephants and rhinos around the globe. Global lockdowns have caused a sharp drop in Africa’s wildlife tourism revenue. Wildlife tourism in Africa is a $169 billion industry. It employs 24.6 million people and is often the only employer in areas where wildlife thrives. The tourism business has helped curb poaching in several ways. First, tourists act as a deterrent to poachers. However, with fewer tourists, there are fewer tourist vehicles in parks. They are no longer a deterrent to poachers.

The amount of poaching is on the rise because COVID-19 has reduced funding for law enforcement in wildlife areasAfrica’s wildlife tourism revenue funds help to sustain wildlife reserves across the continent. At many of the reserves more than half of the budget comes from tourism revenues. Matt Brown, with The Nature Conservancy’s Africa program, told ABC News that tourist fees support rangers. Fees such as bed-night, and conservation fees help pay for the rangers‘ salaries. The fees also pay fuel for airplane patrols, and more – hampering security and opening the game reserves to poachers. 

Vulnerable to poaching

Without money to support the rangers — and the highly endangered animals they protect – elephants gorillas and rhinos — are left vulnerable to poachers. The amount of poaching is on the rise because COVID-19 has reduced funding for law enforcement in wildlife areas

highly organized illegal poaching threatens rhinos,

CNBC reports that highly organized illegal poaching threatens to send African wildlife into extinction over the next several decades. Most vulnerable to extinction are the black and white rhinos, lions, and elephants. The black rhino population has plummeted 97.6% since 1960. The lion population is down 43% in the last 21 years, according to the World Wildlife Fund. At least 35,000 African elephants are killed each year. There are only 1,000 mountain gorillas and 2,000 Grevy’s zebras that remain on the continent.

According to reports, six elephants were killed on one June day in Ethiopia’s Mago National Park. That compares to 10 in that nation for all of 2019. Officials suspect that most elephant tusks and finished products are shipped to China and south-east Asian countries. To make matters worst, in 2017 the Trump administration rolled back the ban on hunting elephants. The Trump policy allows elephant remains to be imported into the United States. Conservationists believe that elephants in the wild could be extinct within 10 years due primarily to poaching. 

Using IoT to protect elephants

 OpenCollar, an open-source modular animal-tracking collar system for wildlife monitoringExtinction does not have to be the “new normal.FierceElectronics reported on a collaboration using Internet of Things (IoT) technologies to protect elephants in the wild from extinction by developing a next-generation elephant tracking collar. The collaboration between Phoenix-based electronic components firm Avnet’s developer community Hackster.io, and conservation group Smart Parks which focuses on technology to protect endangered species, are running a design competition called ElephantEdge.

The ElephantEdge challenge asks developers to leverage the Internet of Things (IoT) technologies that can help humans protect elephants from extinction. ElephantEdge will combine software, machine learning (ML), and hardware to build the next generation elephant collars. The next generation collars will have better battery life, longer range, and accuracy that can be worn by elephants in the wild.

Elephant IoT collars

The elephant IoT collars will have sensors for audio pickup, location, and position as well as low-power, wide-area antennas that provide wireless connectivity. The new collar will use hardware and software from different vendors:

The ElephantEdge Challenge requires developers to build machine learning models with Avnet’s Edge Impulse Studio and tracking dashboards with Avnet’s IoTConnect– which will provide useful tracking, health vitals, motion, environmental anomalies, and more. ElephantEdge challenge looks to create machine learning  models like:

  • Poaching Risk Monitoring: Identify an increased risk for poaching by learning when an elephant is moving into a high-risk area and send real-time notifications to park rangers.
  • Human Conflict Monitoring: Prevent conflict between humans and elephants by sensing and alerting when an elephant is heading into an area where farmers live by detecting if any mobile phones or WiFi hotspots are near.
  • Elephant Musth Monitoring: Detect and alert when an elephant bull is in musth by using motion and acoustic sensors to discern this state of erratic, loud, and aggressive behavior.

vocal communications between elephants

  • Elephant Activity Monitoring: Collect data on the general behavior of the elephant, such as when it is drinking, eating, sleeping, etc. by using accelerometer data.
  • Communication Monitoring: Listen for vocal communications between elephants via the onboard microphone. 

rb-

This is an example of when IoT tech can do good for the world – protect animals like elephants, gorillas, rhinos, lions, and polar bears which cannot protect themselves from extinction.

Nobody is going to get rich doing this work – challenge winners will receive an Apple Watch 3 and a collectible t-shirt as prizes – but the world will be a better place.

By the end of 2020, ten next-generation elephant collars will be produced for Smart Parks to deploy in selected African parks, in partnership with the World Wildlife Fund. Final software and hardware will be documented and shared freely under an open-source license. 

Stay safe out there!

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Your Smart TV is Spying On You

Your Smart TV is Spying On YouMany people will find a smart TV under their tree this year. Smart TVs are like regular televisions but with an internet connection. The global smart TVs market is expected to reach 249.9M units by 2024. And all those smart TVs may be spying on you. A while ago I wrote about Vizio (VZIO) getting caught invading your privacy by collecting and selling your personal data. Despite the fact that Vizo had to pay a $2.2M fine, smart TV manufacturers continue to spy on their customers.

Data leakZDNet reports that that smart TVs send user data to tech titans including Facebook (FB), Google (GOOG), and Netflix. These devices are spying on you even when they are idle. U.S. and UK researchers say smart television sets produced by popular vendors including Samsung (005930), Apple (AAPL), and LG (LGLD), alongside content and app streaming devices such as Amazon (AMZN) FireTV, and Roku, are sending out information potentially without the knowledge or consent of users.

Smart TV's sharing users' personal data

Financial Times

Your Smart TV is Spying On You

In a paper titled, “Information Exposure From Consumer IoT Devices” (PDF), the team said that 34,586 controlled experiments found that 88% of devices send information to firms other than the device manufacturer; 56% of U.S. devices and 83.8% of UK devices send your info overseas. They also report every device they studied exposed some kind of information in plain-text.

eavesdroppingThe researchers from Northeastern University and Imperial College London found that 37% could “reliably inferred” user and device behavior from eavesdropping on the user’s interactions with television sets and other household IoT products.

The study found that almost half of the tested devices contacted Amazon. That includes devices not manufactured by Amazon. David Choffnes, one of the authors of the paper warns that Amazon has a lot of information about what you are doing in your home.

According to the paper location data and IP addresses were commonly sent by our IoT devices to third parties in the cloud including Netflix, Spotify, Microsoft (MSFT), Akamai (AKAM), and Google.

Netflix logoWhen it came to smart TVs, however, almost all of the devices included in the study would contact Netflix — whether or not a TV was configured with an account for the content streaming service. “This, at the very least, exposes information to Netflix about the model of [a] TV at a given location,” the paper reads.

Some of the tech titans collecting your data responded to the researchers.

  • Facebook said that it was “common” for services with Facebook integrated into them to send data to third-party services.
  • Netflix said that data transfers were “confined to how Netflix performs and appears on screen,” and
  • Google said user preferences and consent levels dictate how publishers “may share data with Google’s that’s similar to data used for ads in apps or on the web.”

Internet-connected smart TVs combined with streaming services like Netflix and Hulu seem to be a cord-cutter’s dream. But like anything else that connects to the internet, it opens up smart TVs to security vulnerabilities and hackers. But as is the case with most other internet-connected devices, manufacturers often don’t put security as a priority. Not only that, many smart TVs come with a camera and a microphone that attackers can access.

FBI warning

FBI issued a warning about smart TVsBecause manufacturers don’t put security as a priority, the FBI issued a warning about the risks that smart TVs pose. The FBI warned that hackers can take control of your unsecured smart TV and in worst cases, take control of the camera and microphone to watch and listen in.

… TV manufacturers and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home … your unsecured TV can give him or her an easy way in the backdoor through your router.

TechCrunch notes that some of the biggest attacks targeting smart TVs were developed by the CIA, but were stolen. The files were later published online by WikiLeaks.

rb-

If you are interested in inspecting the IoT network traffic in your smart home, Princeton University has developed and released an open source tool called IoT Inspector. The software uses ARP spoofing to analyze what IoT devices are connected to the Internet, how much data is exchanged, and how often information is traded.

Related Posts

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Church Wearable Device Very Holey

Church Wearable Device Very HoleyThe Vatican recently launched a holey wearable app onto the Internet of Things (IoT). The Church’s wearable IoT device, Click To Pray eRosary, is a bracelet of rosary beads along with a smart cross. The device is part of the Vatican’s mission to pray for peace. But the app is bedeviled by what sources call a “significant cybersecurity flaw.”

Pope’s Worldwide Prayer NetworkThe $110 device syncs with Click to Pray, the official prayer app of the Pope’s Worldwide Prayer Network. It tracks the user’s progress as they work through different sets of themed prayers. Oh, it also tracks your steps, too, for those that want to exercise both body and soul.

The Verge reports the gadget, designed by GadgeTek, a division of Acer, and pairs with an iOS or Android app you can download. The device can be bought through Amazon Italy or Acer’s Italian storefront, the specs include:

  • eRosarySix-axis inertial sensing
  • Bluetooth 5.0
  • IP67 water and dust resistance
  • Wireless charging
  • a 15mAh lithium-ion battery
  • 10 black agate beads and 11 hematite beads

The “smart cross” stores all technical data. The app, however, appears to handle all of the actual user-interaction — the “smart cross,” does not appear to interact directly with the user. Engadget claims that the device also tracks health-related information. It’s basically an adapted fitness tracker, and it still doubles as a fitness tracker. The Vatican News explained the Church’s moved to the IoT like this:

The Click To Pray eRosary is an interactive, smart and app-driven wearable device that serves as a tool for learning how to pray the rosary for peace in the world. It can be worn as a bracelet and is activated by making the sign of the cross. It is synchronized with a free app of the same name, which allows access to an audio guide, exclusive images and personalized content…

Its target audience is:

the peripheral frontiers of the digital world where the young people dwell (rb- Maybe something got lost in translation)

The Catholic Church proved it is merely mortal when it comes to the Internet of Things. Like Most things IoT it was released with security holes. Sopho’s Naked Security blog explains that Fidus Information Security discovered a flaw in the prayer app’s authentication mechanism. The pious can safely log in via Google and Facebook but in the good catholic tradition, any alternatives cause issues.

flaw in authentication mechanismThe flaw rises when a user resets their account using the Click to Pray app. it makes an API call to the server, which then sends the PIN to the user’s email. The server also returns the PIN in its response to the API request, meaning that someone accessing the API directly could get the user’s PIN without having access to their email.

The researchers say they used this method to easily log in and obtained phone numbers, height, weight, gender, and birth dates. CNet says the Android version of the app also asks for access to location data and permissions to make calls.

Also, there was no limit to the number of login attempts, which is a dream for any hacker who wants to make automated, or brute force, attempts to break in.

brute force attackSecurity researcher Elliot Alderson not only found the eRosary vulnerability, but he also reported it to the Vatican first.  And of course, the Vatican respond via Twitter with appreciation. The Vatican’s representative, a self-described “Digital Jesuit in Rome,”  Father Robert Ballecer, understood the significance of having a security researcher attempting to contact the Vatican.

The church’s developers reportedly patched the eRosary within 24 hours.

rb-

The quick response by the Vatican is more than we can say for most organizations. So when it comes to the security of the Vatican’s new wearable device, it’s a good thing the Digital Jesuit is on the team.

They moved pretty fast for an organization that took 350 years to forgive Galileo.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.