Subscribe to Monitoring Matters RSS Feed

Monitoring Matters

by: Ginger Hill - Wednesday, June 26, 2019

Being a part of the security industry as a journalist, it intrigues me as to the wealth of security-related knowledge floating around out there in cyberspace, magazine articles, books, newspapers, tv … any and all media outlets really. Take just a moment and think about this: at any given time, we can access information via our smart devices about any topic we choose. Seriously, let that soak in for a minute … 

The conclusion? Knowledge is power, as the saying goes; there’s even a Twitter hashtag dedicated to the adage: #KnowledgeIsPower. And, as I learned from my dad, it’s the one thing no one can take away from you. But I want to challenge this with: knowledge is power, but taking action based on that knowledge is powerful. Knowing something is only half the battle; it’s action taken because of knowledge that creates power-filled outcomes that truly supports, and adds truth and value to this concept.

With that in mind, The Monitoring Association (TMA) has joined with APCO International, the world’s oldest and largest organization of public safety communication professionals, calling on us — security industry professionals — to support a bill. To make an educated decision, we must gain knowledge: 

Name of the bill: 9-1-1 SAVES Act.

Type of bill: bipartisan, bicameral, simple and zero-cost.

What the bill would do: fix the federal classification by appropriately grouping Public Safety Telecommunicators with other “protective” occupations. 

Why this is important: our federal government currently classifies 9-1-1 operator positions as administrative/clerical, in the same group as secretaries, office clerks and taxicab dispatchers. While 9-1-1 operators do sit at desks, working on computers and phones, would you agree or disagree that this is an inaccurate classification and a disservice to the lifesaving work and dedication of these professionals?

TMA’s and APCO’s argument: Public Safety Telecommunicators should be classified as Protective Service Occupations. This includes a broad range of “protective” occupations such as lifeguards, gambling surveillance officers, fish and game wardens, parking enforcement workers, firefighters, playground monitors and more. These organizations believe reclassification is common sense, and about getting Public Safety Telecommunicators the recognition they deserve for the work they do every day to protect and save the lives of the public and first responders. 

Now that you have the knowledge, it’s time to take action. Here are your two choices: 

  1. Do nothing. After all, not taking action is in essence making a decision.
  2. Send a letter. APCO’s website offers a dynamic form where individuals can provide key contact information and the appropriate letter is sent automatically to your U.S. senators and representatives. (I just did. It literally takes less than 1 minute.) 
 
by: Ginger Hill - Wednesday, June 19, 2019

According to urbandictionary.com, the somewhat “official” definition of “trippin’” means “when someone is overreacting or getting all ‘bent out of shape’ over something small.” And while most of the more popular IoT devices present themselves as a small physical footprint — for example, Google Home is only 3.79 inches in diameter, 5.62 inches in height and only 1.05 lbs. while on the other side of the ring, fighting for market share is the Amazon Echo Plus Voice Controller, 2nd Generation, standing at 5.8 inches tall, 3.9 inches in diameter and weighing in at 27.5 ounces — they can pack a huge, unsettling punch when it comes to security. 

Having taken an interest in IoT devices in terms of security, I’ve written previously about what connected smart home IoT devices are REALLY doing as well as covered IoT devices from the perspective of trust, in which California is the first state to pass a bill, Senate Bill No. 327, that will require IoT manufactures to equip devices with “reasonable” security features, effective in the year 2020. Maybe government control of IoT devices is a step in the right direction, maybe not, but the fact remains that, according to a report from Zscaler, over 90 percent of data transactions from 270 different IoT devices developed by 153 device manufacturers, including smart watches, digital home assistants, medical devices, smart glasses, industry control devices and more are UNencrytped! This exposes these devices to hackers intercepting traffic and stealing or manipulating data, known as man-in-the-middle (MitM) attacks. 

Let’s take a moment to explore a real-life MitM attack and how these attacks can rob people just like you and me of our security. 

Meet Paul and Ann Lupton from England: happy, proud grandparents of baby Oliver, who had purchased a flat (aka apartment) in south London for Oliver’s mother and their daughter, Tracey. After the birth of Oliver, Tracey moved to a bigger home, so the Luptons decided to sell the flat for approximately $429,200 … quite a nice chunk of change and apparently some “others” thought so too.

Perry Hay & Co. in Surrey emailed Mr. Lupton requesting his bank account details for the money from the sale to be paid into, and he replied, sending his Barclays bank account number and sort code (a six-digit number that identifies the bank, in this case Barclays, and the branch where the account is held). A seemingly innocent action that led to his email getting intercepted by fraudsters who posed as Mr. Lupton quickly emailing Perry Hay & Co. again from Mr. Lupton’s email account instructing the company to disregard the previous banking information and send the money to a different account.

The sale completed and Mr. Lupton, none the wiser, sent the funds to the criminals’ account totaling almost half a million U.S. dollars! 

Mr. Lupton responded by contacting Perry Hay & Co. and the crime was (very fortunately) discovered, and it was fairly easy since Barclays was the account provider for all three involved —the Luptons, Perry Hay & Co. and the fraudsters (hmmm, maybe not too smart on their part?!). The Luptons ended up retrieving about $342,000 of their money. 

While the Lupton’s situation didn’t involve IoT, per se, and it did have a rather happy ending since they got some of their money returned, it demonstrates what could happen if a hacker taps into one of your IoT devices, your smart home speaker, for example, and listens while you discuss private issues — account numbers, addresses to schools your children attend, when you’re going on vacation so your home can be burglarized and the like — with your household.

By no means am I an IoT “hater,” (as Urban Dictionary so eloquently puts it). I understand the useful and positive impacts these devices can have on the everyday; however, I do believe security should be the top priority when introducing an IoT device into your life. 

Maybe more manufacturers should be "trippin’" and then “encrytpin’” their IoT devices’ data!

Topic:
by: Ginger Hill - Monday, June 10, 2019

From the showroom floor and education sessions to motivational speakers, one-on-one interviews and central stage talks lead by SSN as the premier media sponsor of ESX, the goal of #PassionateSecurity was more than fulfilled. In my opinion, this passion for security was best seen as industry peers openly shared their experiences with others via conversations, interactive education sessions, networking events and receptions—even if that meant sharing with the competition, all in the name of keeping security as top priority.  

One of the unique things that happens at industry events is an overarching theme will emerge, one in which “everyone” seems to be talking about. At ESX 2019, that was the customer and employee experience. This takes empathy and the ability for security professionals to put themselves into the shoes of their customers as well as their employees to understand how they feel and what they truly need. The result? Employees feel appreciated, leading them to embrace a “servant” mentality toward customers, doing whatever it takes to ensure nothing but greatness, which fosters excellent customer experiences when working with your company. (Hence, #PassionateSecurity.)

Case in point: I was honored to moderate the education session “Sales vs. Operations: 6 Ways to Turn Conflict into Collaboration,” where Jeremy Bates of Bates Security, Paul Hevesy of Stanley Security; and Suvankar Roy of Xfinity Home shared some amazing tips on how to bond together sales and ops teams so that the customer benefits. One easy-to-implement tip presented was “Thankful Thursdays,” where people on the sales team identify someone they are thankful for on the ops team and why, and of course, the ops team does the same for the sales team, and then voice this during cross departmental meetings. This fosters a culture of appreciation and gratitude within the company, which spills over into customer interactions by sales and ops team members, and helps to enhance the overall customer experience. 

And, speaking of unique … this year at ESX, SSN live-broadcasted the central stage talks, hosted by Editor Paul Ragusa, via Twitter. Below you will find a list of informative quotes that emerged from each on-stage security professional. Simply click on their name to be transported to their specific talk to gather even more valuable tips, tricks and insights. It’s like sitting in your living room with knowledgeable security professionals, sharing a cup of coffee and chatting about the industry! In fact, grab a cup of coffee and sip along as you view! And, please don’t forget to “like,” share and comment on each one.

ESX 2019 Central Stage Talks

“The two touchpoints today are the voice of the customer and the customer experience. At the end of the day, I think it’s the personal relationships that are going to differentiate those well-sought-after companies.” 

Ivan Spector, president, TMA

“They [the customer] want the latest video camera, door locks, but at the same time they don’t want to have 50,000 apps. They want simplicity.” 

Celia Besore, executive director, TMA

“Really what we need are salespeople who can ask better questions: what’s the problem we’re trying to solve? What is it that they [the customer] is trying to accomplish? Not just be so product oriented but solution oriented.” 

Gretchen Gordon, president, Braveheart Sales Performance

“One of the strategies we use is to let citizens know how a policy like verified response, which means that it confirms some criminal or attempted criminal activity before the police will respond, will affect them.” 

Stan Martin, executive director, SIAC

“Almost all the features that we do in our panel, all the technologies that we put in there, are a direct result of listening to our customer’s feedback.”

Jeremy Mclerran, senior director of marketing at Qolsys Inc.

“ … there’s DIY and DIT, “do it together,” and I think dealers are figuring out how that’s going to work … customers are taking some responsibility for their systems … I think the more that there is opportunity for the consumer to become aware of their security system and some of the features it delivers for them, whether it be convenience featured of peace of mind features, the more they’re willing to spend to add onto and grow, I think that will grow our entire industry.”

Mark Hillenburg, executive director of marketing, DMP

“On average, consumers spend four hours or more installing their DIY security system in the home, so the market tends to push toward ‘do it for me.’” 

Dina Abdelrazik, senior analyst, Parks Associates

“We [ESA] are launching an assessment exam which I think is something we’ve needed in the industry for a long time … because we have so many training courses, we have this vast array of test questions. So, we took all that information and put it together in a software package; we can actually have a technician take an exam, and that will give us the information we need to understand where their strengths are from a technical standpoint and where their weaknesses are. And, then we can develop a roadmap for the member to put that technician on a path to improve their weaknesses and maybe even accentuate their strengths.” 

Merlin, Guilbeau, executive director, ESA

“One of the great things around the smart home being more common and more useful is it brings a lot of awareness. It wasn’t too long ago, we’d have to explain to a client or prospective client what was possible with their system; whereas now, people understand you could control your lights with your phone. You can decide whether or not that’s of interest to you.” 

Mike Jagger, president, Provident Security 

“On the commercial side, it’s really all about cameras; it’s really about video and everything that video can do … that’s not just driven by market demand, but it’s also driven by legislation and local governance.” 

Steve Firestone, president, Select Security 

 
by: Ginger Hill - Tuesday, June 4, 2019

It’s my first visit to Indiana and it’s amazing to be spending my time at ESX 2019 learning about new trends and happenings in the electronic security industry. The day opened with a breakfast panel: Nate Williams from Kleiner Perkins and Alex Pachikov of Sunflower Labs, both of which highlighted focusing on the customer as well as the customer experience as it relates to security solutions created and offered. Education sessions followed and then Rick Rigsby took the stage as the luncheon keynote speaker, who divulged getting back to the basics when it comes to excelling in the security industry as well as life in general. Rigsby’s motivation that he shared with the audience can be experienced on Twitter @SSN_Ginger. 

Once the showroom floor opened, our Editor, Paul Ragusa, took the central stage, interviewing leaders within the industry. The knowledge shared can be seen on my Twitter @SSN_Ginger. 

Tomorrow’s agenda is filled with time on the showroom floor, education and more motivational keynote speakers, so stay tuned for a recap of things learned at ESX 2019 and be sure to follow me @SSN_Ginger for live Tweets and videos of the action! 

 
by: Ginger Hill - Wednesday, May 29, 2019

Things are heating up here in the Lone Star State which means air conditioning bills are about to go up, water will be consumed by the gallons, the smell of sunscreen and sun block will be everywhere, but most importantly, it means the Cyber:Secured Forum will be here before we know it at The Westin Dallas Park Central, July 29-31.

Senior Technical Director for NSA’s Cybersecurity Threat Operations Center (NCTOC), David Hogue, will be taking the stage on July 31st, 11:30am to 1:30pm, keynoting about fostering innovation and public-private partnerships in cyber defense. 

“The NSA is one of the most forward-thinking security organizations in the world,” Joe Gittens, director of standards, SIA told SSN. “David Hogue has been a technical expert on many of the agency’s cybersecurity threat mitigation efforts and a lead researcher on a number of high-profile breaches, like the Sony Pictures hack.” 

Attendees can look forward to the following take-aways from Hogue: 

  • Principles on how NSA is approaching cybersecurity innovation
  • How the security industry can partner in this overall mission; and
  • Ways the industry can develop solutions for: managing gateways and cyber perimeters, hardening endpoints to meet best practices and standards, embrace comprehensive and automated threat intelligence and cultivate a culture of curiosity and innovation. 

 

“I believe there is not a better voice to educate our industry on the emerging threats that enemies are deploying to interfere with the ever-connected nature of our nation,” Gittens said. “Security battlefronts are constantly changing, and David’s presentation will offer rare insights into how partnership and innovation within the security industry can lead to increasing success in the public and private sectors.”

I look forward to seeing everyone at Cyber:Secured and taking lots of notes on what Hogue has to offer! 

 
Topic:
by: Ginger Hill - Wednesday, May 22, 2019

Earlier this month, I attended Catalyst 2019, hosted by Affiliated Monitoring, at the “happiest place on Earth,” where “magic” literally happens moment by moment. With two main goals—education and networking/relationship building—this year’s Catalyst provided a ton of “magical” nuggets that all PERS and mPERS professionals need to know.

Need to Know Data

Daniel Oppenheim, Affiliated Monitoring’s CEO, pumping up the audience with his keynote and survey results from Edmonds Group: in 2017, PERs signed up 1.4 million service customers. This data is significant, because up until then, the PERs industry didn’t have good data revealing the size of this niche industry.

Oppenheim continued on, explaining how professional monitoring protects our 911 system: Of the 3.4 million active PERs customers, 51 percent press their button every month. This results in 1,734,000 professional monitoring interventions per month, saving 166,464 lives per month and preventing 1,567,536 calls to 911 per month. To continue “protecting seniors and giving peace of mind to caregivers,” Oppenheim suggested the need for professional monitoring companies to partner with government entities.

Need to Know Challenges

The top three PERs company challenges are:

1.    Telecom changes – The National Center for Health Statistics found 24 percent of those aged 65 and older have do not have a landline phone and within the next five years, VoIP adoption is expected to see a 124 percent growth rate.
2.    The 4G transition – Carriers say there will be no new 3G Sim activations after THIS summer, with the 3G network forecasted to shut down by February 2022.
3.    “Self-monitoring” and overcoming customer objections – Educating customers as to why PERs and professional monitoring is needed when there are so many smart devices on the market today, including smart speakers and watches, and emergency alert apps.

Need to Know Telemarketing Insights

Michele Shuster, partner, MacMurray, Petersen & Shuster, LLP took the Catalyst stage, gave some important advice regarding:

•    Third-party lead generation (gen) – if you purchase leads, know exactly where the company is getting those leads from; make sure lead gen contracts include “callable leads,” meaning the consumer understood that by providing their information they will be contacted; train your staff on how to make calls lawfully and audit using scrubbers. Shuster also said if you receive a letter threatening to get sued because one of your company representatives called a consumer, do not ignore the letters; be proactive by obtaining legal advice.
•    Consumer data – if your company has collected sensitive data about consumers and that information isn’t needed, get rid of it.
•    STIR/SHAKEN – make it a point to understand this new technology standard to ensure calling numbers aren’t spoofed, or the calling telephone number is not altered.

Shuster explained that basically, a trust token is issued from a telephone company, authenticating all the company’s phone numbers. The type of token issued dictates whether your call will get through without harmful labels being placed on it, or even getting blocked.

Need to Know Business Operation Tips

Richard Brooks, president, healthcare division, ConnectAmerica, gave the executive keynote, with business tips interspersed throughout:
•    Your teams make you successful; make sure each team member knows their jobs and their importance to the overall success of your PERs business.
•    Build “on-ground” relationships; you have to actually “touch” people so get “feet on the street.”
•    Your employees are your most important asset because they talk to your customers, sell your products and serve people.
•    Employees need to understand everything they do can impact a life.
•    As your PERs business grows, it’s impossible to do everything, so hire a management team to help with leadership.
•    For small PERs businesses, emphasize you’re the “local PERs provider” because seniors like local.
•    Local relationships are key for small PERs companies getting bought by larger companies. Know the key local people, interact and establish a good relationship. Brooks also advised keeping great books and records, staying on top of cash receipts.

Attending events is an exciting part of my managing editor role here at Security Systems News, which suites me to a tee because I love learning and then sharing my newfound knowledge with our amazing readers.

by: Ginger Hill - Wednesday, May 15, 2019

For the past few weeks, I have been rather intrigued with IoT devices, smart homes, and security and safety of people in this context. (After all, aren’t our homes supposed to be our safe haven … our place of escape from the crazy, hurried world we live in?) After perusing the internet regarding this topic, I thought I had read about almost everything imaginable, but I was thrown a curve ball by a man, Geoffrey A. Fowler, technology columnist, The Washington Post, who literally made a song out of the recordings Alexa had of him! (Click here to listen.) 

Fowler reported that he listened to four years of his Alexa archive that highlighted fragments of his life: spaghetti-timer requests, houseguests joking and random snippets of a once-popular TV show. Alexa even captured and recorded sensitive conversations—a family discussion about medication and a friend conducting a business deal—apparently triggered by Alexa’s “wake word” to start recording. So, why are tech companies recording and saving our voice data? According to Amazon, “when using an Alexa-enabled device, the voice recordings associated with your account are used to improve the accuracy of the results.” 

Fact or fiction? Maybe both, because another main reason is to train their artificial intelligence (AI). 

I may be going out on a limb here, but if people’s voice data is being recorded and USED without their knowledge, isn’t this an invasion of privacy? I say, “Yes, without a doubt!” Not only that, but shouldn’t these tech companies hire and pay people for their voice data to train their AI? I mean, “free” saves the companies money, but to the extent of people’s private conversations and information being recorded and used without permission?  

So, what can be done? Defeating the purpose of Alexa would be to mute its microphone or unplug it, but, in my opinion, if I was going to have a private conversation, that would be better than putting my personal business out there. Another option would be to delete Alexa voice recordings, but Amazon warns

  • “If you delete voice recordings, it could degrade your experience when using the device.” 
  • “Deleting voice recordings does not delete your Alexa Messages.” 
  • “You may be able to review and play back voice recordings as the deletion request is being processed.” 

(I wonder what a “degraded Alexa experience” entails and I also wonder how long it takes to process a deletion request, as during this time voice data can be used.)

For me personally, I will stick with the “old-fashioned” way of living to preserve and protect my privacy—physically stand up, walk over to the window and close/open the blinds by hand; set alarms manually on my smartphone or built-in timer on my microwave; and even use the remote to turn the TV off and on, change channels and control the volume. 

By the way, don’t forget to listen to your own Alexa archive here or in the Alexa app: Settings > Alexa Account > Alexa Privacy. What all does Alexa have on you? 

 
by: Ginger Hill - Wednesday, May 8, 2019

As the Jaws warning theme song plays in my head, along with the ‘Baby Shark’ song that became an internet sensation, patterns of “do-do-da-do” fill my head as I anticipate the first-ever Affiliated Monitoring Shark Tank at Catalyst 2019. I’m excited to be heading out to sunny Orlando’s Four Seasons at Walt Disney World Resort® to get a first-hand look at the PERs/mPERs niche of the security industry. This is Affiliated’s 4th Catalyst Conference and I feel congratulations are in order, so on behalf of the SSN team, “Congratulations Affiliated Monitoring!” 

As of February 28, 2019, at noon, via email, I got word that teams from over 70 companies were registered to attend this event. This is a marvelous turn out all on its own, but the final attendee count is yet to be determined since the event doesn’t even start until today! Soon, golfers will be yelling “four” as they swing their carefully chosen clubs at Tranquilo Golf Course on the Four Seasons Resort to determine who reigns supreme on the course in best ball with additional challenges for longest drive and closest to the pin. Afterwards tips for free and almost free tools, tricks and marketing strategies to grow a PERs business will be presented with a welcome cocktail reception closely following at the Four Seasons’ Pool Bar & Grill all on Wednesday, May 8th.

Then, bright and early on Thursday, May 9th, the live action will start on my Twitter feed @SSN_Ginger, and continue on until the end of the conference, sharing the highlights of each day. Thursday will be a PERs-related montage of Daniel Oppenheim of Affiliated Monitoring delivering the day’s keynote: a view of the demographic changes driving the growth in the PERs industry along with PERs-specific trends; presentations; sessions; and networking intermingled with coffee and food. 

Of course, on Friday, May 10th, there will be coffee and food, but more important, taking the stage is Executive Keynote Speaker and President, Healthcare Division at Connect America, Richard Brooks, an industry icon with story after story of priceless knowledge about leading and growing multiple PERs and telehealth businesses. Attendees will gain insights to take their PERs business to next level by learning the top things no one ever tells about when scaling a PERs company. Attendees are then invited to “swim” on over to the Shark Tank where innovators will come face-to-face with the Sharks, industry veterans who will listen to contestants’ pitches and decide if they are interested! 

Innovators include the brave: 

  • Jean Anne Booth, CEO, UnaliWear
  • Steve, Chazin, VP, product, Alarm.com 
  • Mara Perlmutter, founder & CEO, TrelaWear.

Sharks include the blood-hungry: 

  • Geoff Gross, president, Medical Guardian
  • Rob Flippi, CEO, MobileHelp
  • Sindee Shaulinski, general manager, medical monitoring, Doyle Security Systems.

I personally can’t wait to see (and Tweet about) what goes on in THIS tank! 

The day, and Catalyst 2019, will conclude with Brainstorming Roundtables with voted-on topics to include: 

  • Growing Your Connected Health Portfolio
  • Managing the 4G Transition
  • Payor Sources: Medicare, Medicaid & Beyond
  • Secrets of Reducing Customer Churn

This year’s Catalyst seems to be full of learning and building relationships while taking time to have fun. Here are some tips to get the most out of Catalyst 2019: 

  1. Follow me on Twitter @SSN_Ginger to keep up with live highlights of Catalyst 2019. 
  2. Bring a notepad and writing utensil to take notes of the amazing knowledge your will learn. 
  3. Before Friday, May 10th review the Brainstorming Roundtable topics and create questions to ask during each. Write them down in your notebook and leave space below each one for the answer to keep your notes organized.
  4. If you’re escaping to Epcot for the scavenger hunt, casual or athletic clothes are recommended. Sneakers are REQUIRED by Disney; NO open toed shoes allowed. 
  5. Download the official Catalyst App to stay connected at the conference.
by: Ginger Hill - Wednesday, May 1, 2019

The last blog I wrote, “What your connected smart home IoT devices are really doing,” highlighted the fact that there are no security standards for IoT manufacturers to follow when creating networked devices. This should cause concern or at least pause for people using such devices, especially in their homes. But, just how aware are consumers about potential risks and do people actually trust the devices they use every day? 

ASecureLife conducted a survey of 300 Americans nationwide to determine how much participants trust the technology they use regularly in their homes as well as people’s biggest concerns related to smart home technology, home security and online privacy. The survey found:

1. A quarter of Americans are NOT concerned with being monitored online by criminals. This nonchalant attitude resulted in 23 percent of American households having someone victimized by cybercriminals in 2018, according to GALLUP

Additionally, in 2017, the FBI’s Internet Crime Complaint Center received more than 300,000 complaints, totaling more than $1.4 billion in monetary losses for victims. 

2. Americans are more concerned about being monitored online by the government than by businesses.

3. Two-thirds of Americans believe their smart devices are recording them. While it’s time consuming, and to be honest, boring, thoroughly read a company’s terms and conditions so you know what personal information that company is collecting from you, and how they’re using it.

Tip: Adjust the settings on your smart equipment to maximize your privacy. For example, turn off Amazon Echo’s “Drop In” setting to prevent the it from automatically syncing and conversing with other Echo devices. 

4. About one in five parents would let Alexa entertain their kids while they’re away. WOW! Parents are actually trusting their children’s safety and security to the virtual world!? (We’ll be discussing this later on in this blog post! Read on!) 

5. Seventy-five (75) percent of Americans believe smart homes can be easily hacked, but 33 percent have and use some type of smart home technology. This indicates that consumers are indeed buying these gadgets. In fact, a joint-consumer survey conducted by Coldwell Banker Real Estate and CNET found 47 percent of Millennials, aged 18 to 34 years, have and use smart home products. 

6. Women are typically more concerned with home security than financial security, and the opposite is true for men. Participants were asked if they fear a home invasion more than identity theft: 53 percent of women participants said “yes,” compared to 44 percent of men.

Participants were also asked which of the following they would rather do: stop locking your doors or change all your passwords to “1234.” Men’s responses were split evenly, while 59 percent of women preferred to change their passwords to this all-to-common numerical sequence. 

7. Americans aged 55 and older are more protective of their financial security than their home security; the opposite is true for younger people. Participants over age 54 were asked if they feared home invasion more than identity theft to which 70 percent answered “no.” However, participants under age 34 were more likely to fear home invasion. 

While all the findings were eye-opening, for me personally, the one that haunted me pretty deeply was the one about Alexa “babysitting” kids. It’s one thing for parents to allow their children to use Alexa under their supervision, but to allow minors to access Alexa while they are away can be extremely dangerous, in my opinion and based on the news we see every day concerning criminals hacking into security systems, devices recording home-based conversations, apps giving away data to advertisers, and the list goes on and on. 

Question for you parents out there: Would you allow your children to access Alexa when you aren’t at home? Why or why not? 

 

by: Ginger Hill - Wednesday, April 24, 2019

As more and more people connect IoT devices to their homes, making them smarter, living machines, the more fodder hackers have to breach systems and gain access to consumers’ personal identifiable information, or even gain entrance into their humble abodes. The fact is, no security standards exist for IoT manufactures to follow when creating networked devices. 

Lawmakers and states are stepping up, looking at ways to help protect consumers.

Industry talk of late about protecting owners of IoT devices have circled around the Cybersecurity Improvement Act of 2019 which would require the National Institute of Standards and Technology to develop new recommendations for device makers to follow. Even some states have created specific rules for IoT device creators to follow, such as California, that will require devices to be shipped with unique passwords or force users to set or reset passwords when setting up a device as of January 1, 2020.

But, are laws really the answer to this seemingly never-ending debacle? Shouldn’t the security industry come together as a whole to offer protection to consumers, their data and their homes? After all, we are in the business of protecting people while offering comfort and ease of living. I think a more proactive approach is in order, where device manufacturers step up to protect consumer data as well as empowering consumers to protect themselves.

A group of computer scientists from Princeton University and the University of California, Berkeley created a tool called Princeton IoT Inspector, an open-source desktop application that passively monitors smart home networks, showing potential security and/or privacy issues. It identifies all IoT devices on a smart home network, shows when these devices communicate/exchange data with an external server, and determines which servers these devices contacted and if those communications are secure. According to the IoT Inspector website, the goal is to answer three questions:

  1. Who do your devices talk to?
  2. What information is gathered?
  3. Are the devices hacked?

Sounds great, right? Well, there are two cautions to be noted when using this tool. First, device names are included in the data sent, so that data will be accessible by Princeton. The app asks users to consent to this the first time the app is used. (Tip: Make sure your devices don’t include your name or any other personal identifiable information. If they do, rename them.)

Second, the research team is using a specific technique the “bad guys” typically use called ARP spoofing, a type of attack where a malicious actor sends false Address Resolution Protocol (ARP) messages over a local area network. Personally, I think it’s creative and smart to use the same techniques to beat the bad guys at their own games, turning malicious acts into something good. Just be sure you trust Princeton should you decide to use this tool. 

Currently, Princeton IoT Inspector is only available on macOS, but there is a waitlist for Windows, which will be released next month, and Linux to be released the week of April 24th, 2019.

 

Pages