Tag Archive for 4G

| October 27, 2015
Comments Off on Online Security in Era of Connected Cars

Online Security in Era of Connected Cars

Online Security in Era of Connected CarsKarl-Thomas Neumann, CEO of General Motors (GM) European Opel brand announced that GM would launch OnStar telematics service in vehicles sold in Europe in late 2015. The Opel CEO declared the new technology, “transforms the car into a true part of the Internet of things.” The Detroit Bureau says it raises some of the same concerns consumers face on the Internet, including how to protect their privacy in highly connected cars.

App controlled carEven though a growing number of consumers have embraced the idea of having mobile access to smartphone apps, built-in Wi-Fi, and the safety and security promised by systems like OnStar issues loom that consumers, manufacturers, and regulators need to address. At the 2014 Consumer Electronics Show, Jim Farley,  then the top marketing executive at Ford Motor Company (F),  told an audience that the automaker “know(s) everyone who breaks the law, we know when you’re doing it,” thanks to the data collected by its OnBoard Sync technology system.

Despite a quick backtrack by Mr. Farley, the article says he was being truthful. The fact is, the onboard black boxes in most cars are now equipped with two-way capabilities. Privacy has become “a big issue,” according to Jon Allen, a principal with consulting firm Booz Allen Hamilton who focuses on security issues. Precisely what makes such technology so compelling is why it is also so worrisome. Mr. Allen told The Detroit Bureau,

Connected products provide customization and convenience because of the data they track. Part of the great opportunity to improve the customer experience is producing a vehicle that ‘learns’ your habits and preferences. But that information must be protected.

Data privacyThe EU takes privacy seriously and these types of tracking technology have drawn the attention of regulators in Europe and to a lesser extent, in the U.S. The article describes a measure of just how strongly Europeans feel about the issue that came during Opel chief Neumann’s news conference. Unlike the U.S. version of OnStar, the European system will include a “Privacy” button to let a user “choose whether they want to provide location information or not.”

That choice would only be over-ridden after a crash severe enough to trigger OnStar’s emergency call system, CEO Neumann explained. It’s designed to call rescue crews in the event of an accident severe enough passengers might be disabled.

Don't panicThere have been experiments with marketing that could target motorists much as Google today can toss ads at a web viewer based on information revealed by hidden “cookies.” Imagine, they suggest, being able to send a McDonald’s ad and virtual coupon to a car driving near one of its restaurants around lunchtime.

While some drivers might embrace that possibility, others are appalled. The Detroit Bureau reports the potential to reveal more detailed personal information, as well as allowing a vehicle to be tracked, is raising flags on both sides of the Atlantic.

Digtal trackingIn the U.S., an auto industry alliance recently agreed on an approach called “Privacy Principles for Vehicle Technologies and Services.” (rb- Which I covered here) Meanwhile, both the U.S. Federal Trade Commission and the National Highway Traffic Safety Administration are exploring the issues – though in some cases, they are actually encouraging greater access, noted analyst Allen.

The issue is further complicated by the threat of cyber-criminals exploiting vulnerabilities in-vehicle communications systems.

rb-

I first covered this threat in 2011 here and here. And the theoretical became real in 2015 when researchers demonstrated they could use online systems to take over a Jeep Grand Cherokee.

The threat to personal freedom and privacy in your car has accelerated as Apple (AAPL) and Google (GOOG) join Microsoft (MSFT) in the battle to rule the car. Apple’s automotive ambition does not stop at CarPlay, they are also focused on developing an iCar. Google’s Autonomous Cars ambitions are well known, but their efforts to take over the car cockpit are also taking off with Android Auto.

The government is contributing to the connected car conundrum. The Feds are abetting the Autos by trying to prevent security researchers from doing testing and reverse engineering that could improve security and safety for all of us according to Naked Security.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Cars | Tags: , , , , , , , , , , , , , , , , , , ,
| July 25, 2013
Comments Off on The Wireless Car Frontier

The Wireless Car Frontier

The Wireless Car FrontierNow that the mobile floodgates are open, developers, manufacturers, and platform operators are trying to design wireless cars. These devices will channel the next wave of mobile usage and innovation. Some are looking at wearable tech, such as Google‘s (GOOGGlass and the Pebbles Watch and as the natural progression of mobile technology. But computing platforms, including mobile operating systems, are also becoming ubiquitous in consumer electronics and appliances. The Business Insider writes that the greatest potential for mobile platforms and services could be cars.

mesh nicely with popular activities on mobileThe article states the obvious, cars are inherently mobile. Additionally, many of the activities people do in their cars, listen to music, look up directions, mesh nicely with popular activities on mobile. The author claims that Americans spend an average of 1.2 hours a day traveling between locations and American commuters spend an average of 38 hours a year stuck in traffic. If mobile apps and Internet-based services can shoehorn their way into the in-car environment, that means a great opportunity to expand their ability to engage consumers, absorb their attention, and gather data.

The BI explains that there is already a sizable and growing mobile market in the car. Five years from now, there will be over 60 million connected cars on the road globally, according to estimates from the GSMA and others. Car-focused telecom, hardware, and software services will drive some $51 billion in annual revenue by 2018. Pandora, for example, is now being used in 2.5 million cars and 100 car models through one of its 23 partnerships with auto brands and eight partnerships with stereo manufacturers. BI identified three ways in which mobile products and services can be integrated into cars.

Wireless car integration

handset connects with vehicle-based hardwareThe owner’s Internet-connected handset connects with vehicle-based hardware and computing systems. However, the mobile device drives all key facets of the app, including Internet access, and the car simply provides some tools to facilitate it (i.e., dashboard user interface, voice controls, speakers, jacks, and/or steering wheel-based controls). Currently, many in-dash automobile app suites in cars are nothing more than an interface that provides control over a Bluetooth or audio jack-connected smartphone.

Tethering

The connection is provided through external means, but the computing and delivery of the services happen in the car. For example, a Bluetooth or USB connection might link a car’s navigation system to your phone-stored contact list, and from that moment forward a simple press of a button in the car would guide you to a friend’s house from any location. In this scenario, the car depends on the external device to gather Internet-based data.

Embedding

Connection and intelligence are baked into the car

Connection and intelligence are baked into the car. The car houses the operating system, apps, and other services that will deliver Internet-based mobile services to the user. A mobile device might sync with whatever is in the car, but external mobile gadgets aren’t essential to running car-based apps. GM is moving in this direction with its new fleet of 4G cars. (rb- I covered the evolution of 4G here) Means of integration can be blended, and often are. (rb- I wrote about Microsoft’s move into cars back in 2011, here.)

iOS in the Car

Emily Price at Mashable reports that Apple (AAPL) jumped into the mobile products and services integration game. Ms. Price reports that the folks from Cupertino have received a USPTO patent for a touchscreen car dashboard. If Apple carries through with their patent, it would replace most of your car’s existing instrumentation. The new dashboard would make your vehicle’s controls digital, letting you control everything from the temperature in your car to the radio station using a touchscreen.

OS in the CarThe article claims “iOS in the Car” should be released in 2014. Cars that support the service will allow your iPhone 5 to connect to your car’s in-dash system make phone calls, send and receive messages access your music, and get directions. Siri support will also let you do all of those things hands and eyes-free.

The blog reports that “Siri Eyes Free” is available in General Motors‘s (GMChevy Spark and Sonic via the Chevrolet MyLink system. According to reports sometime in 2014 Apple iOS will be available in 15 more car brands including:

Acura
Audi
BMW
Chrysler
Ferrari
Honda
Infinity
Jaguar
Kia
Land Rover
Mercedes-Benz
Nissan
Opal
Toyota
Volvo

rb-

Detroit moile cityI covered Ford (F) Executive Chairman Bill Ford Jr. plan to re-position Detroit as the “Silicon Valley of Mobility.” Hopefully, AAPL has figured out how to multi-thread iOS. I gave up my iPhone because it could not mult-thread. Every time I went to answer a call, I got 5 or 10 email pop’s that I had to deal with before I could answer the call. This kind of behavior could be catastrophic in a car.

What if you need to do two things at the same time, like shift from forward to reverse and turn on the air conditioning.

Then there is the privacy issue. Will AAPL give all the data they collect to the NSA or your insurance company?  

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| April 2, 2013
Comments Off on What is 4G Mobile Wireless

What is 4G Mobile Wireless

What is 4G Mobile WirelessWireless operators continue to roll out mobile networks built with acronym-heavy standards such as 4G, Long Term Evolution (LTE), IEEE 802.16 (WiMAX), or HSPA+. Stacey Higginbotham at GigaOM says it’s hardly a surprise that every press release is touting 4G, which presumably stands for the fourth generation wireless network. Only, according to InfoWorld, the truth is, neither WiMax nor LTE qualify as 4G technologies, according to the International Telecommunications Union Radiocommunication Sector (ITU-R). For a service to be called 4G by the ITU-R carriers will have to use one of two future mobile wireless technologies.

GigaOM reports that in October 2009, the ITU fielded 6 candidates that could meet the true definition of 4G mobile wireless. The main criteria required speed boosts, but more importantly, new technologies that make more efficient use of spectrum, as well as an ability to work with other radio access systems and fixed wireline networks. The standard also requires that equipment makers offer features that will help guarantee the quality of service on wireless networks. Of the 6 candidates, the ITU declared the upcoming called LTE-Advanced and WirelessMAN-Advanced – also known as IEEE 802.16m the only true 4G mobile wireless technologies.

True 4G wireless calls for peak speeds of 100 Mbps for mobile applications and 1 Gigabit per second for fixed networks. To do such speeds, operators will need five to ten times as much spectrum as most are using now to deploy LTE, as well as complex antenna configurations. The new 8×8 MIMO will need some new antennas at the tower and inside the mobile devices. Some operators won’t ever get to that point. Others might, but it’s going to take four or five years before people start rolling out anything like the ITU’s version of 4G mobile wireless according to the GigaOm article.

IEEE logoThe faux 4G we are getting now, comes in three flavors thanks to a bold marketing effort by T-Mobile writes Ms. Higginbotham. T-Mobile’s HSPA+ network is most assuredly 3G (or maybe 3.5G for some) but as its CTO, Neville Ray, argued with GigaOM founder Om Malik, its real-world mobile wireless speeds are better than those offered by WiMAX and are comparable to the real-world expectations of Verizon’s LTE network. The key to T-Mo’s experience lies in its spectrum resources. As a general rule, the more spectrum an operator has, the more lanes in its highway it can cram bits into. The blog says T-Mobile can use that spectrum to increase capacity or increase speeds. With plans to move from 21 Mbps to 42 Mbps speeds using HSPA+, T-Mo is going for speed to keep up with the wireless mobile Jones.

Laptop reports that other mobile wireless operators do not qualify as 4G either. “… Sprint and Clearwire’s Mobile WiMax (3 to 6 Mbps), T-Mobile’s HSPA+ (5 to 8 Mbps), and even Verizon Wireless’ LTE network (5 to 12 Mbps) don’t even come close to deserving the 4G moniker.

After all, marketers pushing LTE first starting waving the 4G mobile wireless flag several years ago, despite the ITU hadn’t yet decided if LTE was 4G. The first releases weren’t. We’ll have to wait for LTE-Advanced in about four or five years for true 4G. By then, it’s possible we’ll be dealing with 5G mobile wireless networks or something even better the marketers dream up. In the meantime, consumers will buy their faux 4G mobile wireless phones for their faux 4G mobile wireless networks and never sweat the difference GigaOm speculates.

The faux 4G networks are incremental improvements over 3G. As Tolaga Research analyst Phil Marshall told InfoWorld, these wireless mobile networks were designed from day 1 for data, and are all Internet protocol (IP) from end to end. That’s a huge improvement over 3G and it’s a marked change. Despite the improved architecture, Wi-Fi Net News asks if the spectrum is available to meet the 2015 rollout for real 4G. “It looks like the maximum speeds being discussed require extremely wide channels, like 100 MHz. That’s not impossible, but no U.S. carrier has 100 MHz in a chunk that it materializes. The FCC white-spaces rulemaking frees up a bunch of 6 MHz pieces, and that’s the last major realignment after DTV 700 MHz spectrum that I’m aware of. The definition of 4G may now be set, but the ability to roll out 4G at anything like the minimum speeds promised seems highly problematic even in five years.”

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| June 12, 2012
Comments Off on Security Considerations for IPv6

Security Considerations for IPv6

Security Considerations for IPv6For those who missed the Internet Society (ISOC) announcement that World IPv6 Launch day arrived on June 6. (I blogged about World IPv6 day, back in March) Carl Herberger, VP of Security at Radware (RDWR) recently wrote at Help Net Security that he sees World IPv6 Launch day as much more hype than an operational change.

Internet Society logoMany high-profile organizations have hooked their plans on change over to the ISOC launch date. Supporters include Google (GOOG), Facebook (FB), Microsoft (MSFT) Bing, Yahoo (YHOO), and Akamai (AKAM).  Mr. Herberger points out that many companies have already leveraged IPv6 WAN connectivity. Most mobile providers who have adopted LTE 4G infrastructures have built them for mobile devices, Mobile devices will connect to the Internet with IPv6 addresses by default. He argues that since a 4G phone must also be 3G and IPv4 compatible, the 5G providers have not done much. The service providers have woven IPv6 into the existing IPv4 Internet much to the chagrin of the initial IPv6 designers.

IPv6 Pandora’s Box

Bottom line: Because IPv4 is not going away any time soon, we will essentially live in perpetuity with both designs. A new dawn? Or the beginning of the end? The Radware VP thinks it’s neither, he calls the interoperability issues between IPv4 and IPv6, a Pandora’s Box of opportunity for those of the nefarious persuasion.

So, what are the three main takeaways from World IPv6 Launch day?

Take away #1

Dog and catIPv6 will first be implemented on the WAN, IPv4 will continue to stay in the LAN for years to come – Google, Facebook, DNS, CDN providers, and many, if not most ISP’s are all moving to default IPv6 WAN connectivity. However, nearly no one has made the transition to IPv6 on the LAN. Mr. Herberger adds that rapid IPv6 deployment on the Internet WAN operations side and the very slow rollout of IPv6 on the LAN side will wreak havoc on perimeter security. He believes that there are huge problems associated with IPv4 and IPv6 cohabitating.

Take away #2

IPv6 & IPv4 don’t cohabitate well – IPv6 and IPv4 make insecure bedfellows. There are no predefined standards in the way to handle the cohabitation of IPv4 with IPv6.  The transition mechanisms to ease the transitioning of the Internet from its first IPv4 infrastructure to IPv6 have not been standardized yet. The Internet Engineering Task Force (IETF) has working groups and discussions through the IETF Internet-Drafts and Requests for Comments processes to develop these methods. Some basic IPv6 transition mechanisms have been defined; however, nothing has yet emerged as a proposed uniform standard. As such, the article states, the world is awash with a plethora of IPv4 to IPv6 (and vice versa) Transition Mechanisms such as:

  • Encapsulating IPv4 in IPv6 (or 4in6)
  • Encapsulating IPv6 in IPv4 (or 6in4)IPv6 tunnel
  • IPv6 over IPv4 (6over4)
  • DS-Lite
  • 6rd
  • 6to4
  • ISATAP
  • NAT64 / DNS64
  • Teredo
  • SIIT.

If you are familiar with network perimeter security devices, one of the things they do well is deep packet inspection and Stateful aware analysis. However, one of the dirty little secrets is that nearly none of today’s technologies have the capability to inspect encrypted traffic such as SSL  or the ability to inspect tunneling protocols such as L2TP, PPTP, etc. What IPv4 and IPv6 transition does is effectively exacerbate these “Achilles heels” in security detection capabilities by introducing a whole new class of nearly undetectable transmissions. The author warns Don’t be fooled by a vendor’s claim that they inspect a v4 packet in v6 or vice versa, because even if true for one or two methodologies, the ways to carry out this task are almost immeasurable today. This is really a true community-wide problem and one that must be addressed.

Take away #3

ConfusedMeet your old vulnerability – Same as the new vulnerability! Much of our defense is single-threaded, and should an adversary be able to pass through your perimeter defenses, many of the ‘older’ vulnerabilities would find a receptive home having passed through the ‘corporate scrubbers.’Moreover, just think of the new opportunities available to more nefarious organizations that don’t have your interests in mind. This ‘transition mechanism’ essentially becomes an effective ‘unscrubbed’ gateway or tunnel for all newly developed organized crime-designed, state-sponsored, and Hacktivist-motivated attacks.

Moreover, most of us will be largely blind to these realities unless we are acting now to make certain that our gateways are designed with all encapsulated traffic being detected and mitigated. Anomaly detection takes center stage here and signature tools will leave you wanting.

The Radware VP concludes that this problem requires action on behalf of security professionals to solve; you HAVE to do something different because the inertia path will leave you vulnerable.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| February 12, 2011
Comments Off on AT&T 3G Network Magically Upgraded to 4G

AT&T 3G Network Magically Upgraded to 4G

AT&T 3G Network Magically Upgraded to 4GNow that the ITU has caved to the marketers at big telecom, miracles happen. AT&T (T), America’s second-largest wireless carrier, found that its 3G HSPA+ network had automagically evolved all by itself into a fourth-generation (4G) wireless network. Proponents of 4G promise that 4G mobile internet speeds are considerably faster than current wireless networks providing faster download, super-fast video streaming, and more billing opportunities.

Since the ITU downgraded the definition of 4G to catch up with the marketers and declared, “4G …  may also be applied … to the initial third generation systems now deployed” there is no consensus of what exact speed is a 4G network, so companies are free to claim what they want and hopefully the market will sort it out.

AT&T is betting that its customers are too dumb to care. TechEYE cites a Reuters report that AT&T’s chief exec Ralph de la Vega believes that consumers won’t notice the difference between HSPA+ and the forthcoming LTE network stating that “The whole industry has come to equate more speed with 4G.” TechEYE points out that AT&T saw a similar miracle in September 2010 when the marketers found that its HSPA+ network became “the nation’s fastest mobile broadband network.

rb-

The Business Insider has proof consumers don’t care about 4G. They report on Nielsen on findings that only 54% really knew what it meant (super-fast wireless). 27% of the people polled think it’s the latest version of the iPhone. Only 29% of the people polled said they were planning on buying a 4G phone in the next year.

proof consumers don't care about 4G.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries