Tag: internetofthings

Darwin council claims new CCTV cameras “will not use facial recognition”

Internet of Things (IoT)

Darwin council insists that the new set of cameras in the Central Business District will not employ facial recognition until the technology is more carefully considered.

The 138 cameras were installed as part of the Switching On Darwin project, which also provides public wifi, new lighting, and traffic sensors. Although the cameras do have facial recognition hardware in them, the city does not plan to utilize it at this time.

However, council general manager Josh Sattler stated that although the city will not employ the technology, “requests coming from a state or federal agency” will “need to be complied with.” 

Install first, question later

Of the 81 grants offered by Australia’s Smart Cities and Suburbs program, only the Darwin proposal included funding for facial recognition technology. The Darwin council’s addition of the technology was done without public consultation. An estimated six month study by an outside consultant agency began in August.

Concerns with facial recognition

Many question the council’s decision to include a technology that will supposedly not be employed. Julia Powles, researcher and associate professor at the University of Western Australia, questions “the real reason why [the technologies] were sought in the first place”, adding “it’s like buying a supercomputer and then saying you’re just going to surf the web and check emails.”

Security of camera feeds also stands out as a major concern. Elise Thomas from the International Cyber Policy Centre, offered a warning along these lines:

“The ways in which a lot of these projects are being implemented at the level of local councils, particularly from a cyber-security perspective, those councils may not necessarily have the resources to ensure that their systems are secure”

Internet connected devices are notoriously vulnerable to security breaches. Any gateway into a network-connected device can open doors to the entire network. Depending on the type of access provided, compromised devices can be mined for data, or even remotely controlled by outside parties.

Former CEO of Theranos’ Trial Delayed

Internet of Things (IoT)

Elizabeth Holmes, former CEO of formerly multi-billion dollar valued corporation Theranos, has been awaiting trial since June 2018 over charges of wire fraud and conspiracy to commit wire fraud. Theranos aimed to develop medical technology providing blood analyses and diagnoses outside of a hospital setting. The trial has been delayed until August 2020, granting the defense’s request to further review evidence. The nature of the fraud and the confidence it inspired in investors are important in considering the status of internet-connected medical devices. Maybe we should all review the evidence.

Vision / Reality + Investment / Fraud

As an undergraduate, Holmes imagined a wearable patch that would provide doctors with real-time changes in patients’ blood. This notion of patient data being collectable and analyzable (by patients, doctors, insurance companies, advertisers) inspires most internet-integrated personal medical devices. Refining the patch into a station that could quickly analyze small blood samples, Holmes left school and founded Theranos, securing deals from Safeway and Walgreens to begin implementing these stations at their stores. The product development story doesn’t progress much further than that. After repeated missed deadlines and inconclusive results, both companies cancelled their contracts in 2015 and 2016. Walgreens filed suit and receieved $30 million in damages. 

At the same time, investment and valuation were skyrocketing. Within four years, the company had raised over $40 million. Ten years later, it was up to $400 million, and the company was valued at $9 billion. Over $100 million each was invested by: Rupert Murdoch, Betsy DeVos, Cox Media Group, and the Walton family. Obviously, there was a lot of media coverage during this time, which certainly fueled further investment, despite the concomitant failures of the device itself.

For health or money?

Things that have been energetically invested and promoted that end up failing (Fyre ) are easy routes into the hopes of investors, consumers, and the culture that shapes them. The dream of a pocket doctor is for patients not just to be able to record their medical data from outside of a clinic—like a FitBit might—but also to offer algorithmically-produced diagnoses. Devices such as these would, and do, create huge data troves revealing unseen information about users (‘patients’ seems less applicable at this point). That such a large amount of investment in Theranos devices came from retail and media moguls gives good reason to look for other (read: commercial) uses of such a depersonalized (replacing both the doctor and patient with figures) collection and analysis of medical information. The market for internet-connected healthcare devices was estimated two years ago to reach over $130 billion by 2021.

What You Should Already Know About Shodan

General

Shodan is an account-based search engine that searches for, and provides information about, internet-connected devices.

Use and misuse

Originally intended to help companies monitor where their software was being used, it is generally used today to gain access to or information about devices and systems. Searches can notify companies of weaknesses in their own databases. The most common vulnerabilities are default, system-wide passwords and logins, user-generated passwords such as “12345678”. These predictable entry points, coupled with the massive amount of devices whose username is “admin”, can easily allow outside access to an entire network.

Shodan users have been able to defrost hockey rinks in Denmark, reconfigure traffic control systems, and, more personally, access individual’s webcams and remotely access their screens.

Securing your devices

Insulating yourself or at least certain devices from Shodan searches can be simple enough. A device that isn’t connected to the public internet will not be searchable. Some devices are much more reliant on internal communication through educational or corporate networks, and may not need public internet access. Obviously this is not the case with most personal devices. Secure passwords are the next step. Any program or network that provides a default password or login should be changed after logging in. Not doing so is a blatant invitation for a device to be found on shodan (and accessed by a third party). A Shodan search for “default password” provided over 61,000 results at the time of writing. In some cases the username and password were the same. 

Shodan’s investigative reach

Shodan itself is only a port scanner; it searches for processes that can be initiated, but does not initiate anything itself, and is therefore legal and widely used for security and legal data mining. In the same way that Google offers an overwhelming feeling of access to information, Shodan’s tagline, “The search engine for security/the web/webcams/refrigerators/power plants/buildings” should be reason enough to consider how much you or someone else can know about any of your devices that are connected to the internet.