The cybersecurity black hole–and bad flashback–that is the Internet of Things

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2016/10/blackhole_596.jpg” thumb_width=”150″ /]One week after the Dyn DDoS attack, the post-mortems get more alarming. Our Readers knew they were coming in 2014-2015 (our ‘Is IoT really necessary–and dangerous?)

IoT devices, and a lot of older networked medical devices, have been proven to be easy to hack, as even this non-ITer, non-codegeek realized then. But those in tech have been to this movie before–with Bluetooth circa 2002! Now shouldn’t designers have learned? From ZDNet:

“It’s almost like we’ve learned nothing from Bluetooth” says Justin Dolly, CISO at cybersecurity firm Malwarebytes.

“Seeing what these IoT vendors are doing, it just blows me away because they haven’t learned from history,” says Steve Manzuik, director of security research at Duo Security’s Duo Labs. “They’ve completely ignored everything that’s ever had bad vulnerabilities”.

Many of these devices, according to these experts, have default log in credentials, if they have them at all. IoT devices are also allegedly findable on a snoop site called Shodan. Reason why: the financial and market need to get products out fast and cheaply.

Over at data security company Varonis’ blog, with the great title in part, “Revenge of the Internet of Things”, another succinct and telling quote:

Once upon a time in early 2016, we were talking with pen tester Ken Munro about the security of IoT gadgetry — everything from wireless doorbells to coffee makers and other household appliances. I remember his answer when I asked about basic security in these devices. His reply: “You’re making a big step there, which is assuming that the manufacturer gave any thought to an attack from a hacker at all.”

Privacy by Design is not part of the vocabulary of the makers of these IoT gadgets

Varonis also gives a how-to on changing settings in your router so you don’t become a victim, and how to secure your gadgets.

Bottom line: when Hackermania is Running Wild, do you, or anyone, really need to be an early adopter of an internet- connected coffee maker or fridge? And if you need internet-connected home security, telemedicine virtual consults, telehealth/remote patient monitoring or telecare….best heed Varonis and secure it!

Earlier in TTA: Friday’s cyberattack is a shot-over-bow for healthcare 

Radiation from smartwatches, wearables: real, alarmist, or the NY Times?

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2013/02/gimlet-eye.jpg” thumb_width=”150″ /]The Gimlet Eye has that certain half-baked radioactive ‘glow’. The healtherati are all aTwitter over a New York Times Style (!) section article that does the unthinkable–it dares to raise the question of the possible harm of radiation that wearables, including smartwatches as well as smartphones, might present to both adults and children. The writer, Nick Bilton, is a regular tech columnist.

After an unfortunate baiting for attention at the start, making an analogy of cellphone/wearable radiation to 1930s adverts with doctors ‘endorsing’ cigarettes, he for the most part tries to take a balanced approach. By the end, he lines it up like this. Bluetooth LE and Wi-Fi–no evidence of harm in adults. 3G/4G cellphone radiation–you may want to be careful. He points out that studies aren’t definitive. Older studies, such as the WHO’s, a Swedish and some European studies point to harmful (carcinogenic) effects from phones held extensively too close to the head, but nothing is definitive in causality as the CDC pointed out and additional studies have proven no conclusive evidence of harm. Conclusion–use anything 3G/4G with caution, away from the head, limit exposure by children or pregnant women. Cautious enough?

Oddly, he advocates Bluetooth headsets but doesn’t mention using speakerphone settings–and then, for the smashing windup, won’t put the Bluetoothed Apple Watch near his head. It’s a weirdly sourced (an alternative doctor the only one cited? Old studies?) and half-baked, partially tossed salad article. Consider: most wearables are–surprise, Bluetooth or Wi-Fi connected. But it does bring up the inconvenient question, only partially answered, of All Those Rads and What (If Anything) Are They Doing To Us.

What’s really interesting? The immediate, twitchy and prolonged press response. As they say in New Jersey, they are ‘jumping ugly’. (more…)

Apple Health, minus the ‘book’, announced

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2014/06/healthkit-apple-wwdc-2014-87_verge_medium_landscape.jpg” thumb_width=”170″ /]Breaking and developing… Apple announced their long-rumored health tracking app [TTA 22 Mar] this morning at their WWDC (World Wide Developers Conference) in San Francisco. The consumer app is called Health (not Healthbook) and the developer platform HealthKit which are both part of iOS8 for iPhones and iPads in the fall. HealthKit facilitates pulling in of health data from third-party developers so that all health-related information for the consumer user is in one ‘hub’, similar to what Apple’s Passbook app does now as a ‘virtual pocket’ for airline boarding passes, movie tickets and coupons. Apple’s Craig Federighi, senior VP of software (pictured, courtesy of The Verge), made the announcement of the app and platform as part of the broader debut of iOS8 this morning.

Already on board is Mayo Clinic with an app that logs information like blood pressure, tracking normal range and it appears from reports that a severe enough deviation will initiate a contact with medical professionals. Nike was prominently featured as an app provider, further confirming that it’s leaving the hardware to their close corporate partner now that it’s out of the FuelBand business [TTA 22 April]. Epic Systems, a leading large system (hospitals/practices) EHR, appears to be integrating integrating its personal health record (PHR) with HealthKit, “suggesting a framework for getting information collected via HealthKit into patients’ MyChart (Epic PHR–Ed.) app.”

Editor Donna wonders if the still-in-early-days Better iPhone health personal assistant app (PHA), developed in conjunction with and backed by the aforementioned Mayo Clinic [TTA 23 Apr], will prominently integrate into Health. (We’ll cover when this develops, as we think it will–but mum’s their word for right now.)

In Mashable, the news was applauded by the CEO of leading app MyFitnessPal as a big validation. In his opinion, Apple would work with the existing field of apps and devices. Leading fitness bands Jawbone and Fitbit had no comment. Fitbit was shown during the presentation: CNET (one of six pictures here) and The Verge (article below). The latter makes the excellent point that Jawbone, Fitbit and the Nike FuelBand have all been sold in Apple’s stores.

The speculation is that Health will be a key part of the features of the iWatch to come, but Mashable in quoting Skip Snow of Forrester Research does bring up a significant wrinkle. Bluetooth LE as a network protocol chews up a lot of battery power, and bigger batteries make for clunky devices. Not exactly the Apple design ethic. Could it be that what’s delaying the iWatch is development of a new, more power-efficient network standard?

Update 3 June: With iOS8 having apps communicating with each other, have the Apple-oids opened the door for a Happy Hacking Holiday?  Stilgherrian in ZDNet points out that the ‘attack surface’ in info security-ese just got a whole lot larger. A future ‘oopsie’?

Hat tip to Editor Toni Bunting

More information: Mashable can’t stop mashing stories: Apple Reveals iOS 8: Interactive Notifications, Health App and MoreApple Gets Into Fitness Tracking With Health App and HealthKit for iOS 8Apple’s First Step Into Health Tracking Is Small But Powerful. Mobihealthnews gets into the act noting Epic’s involvement: Apple reveals tracking app HealthKit and partners with Mayo Clinic, Epic. The Verge positively is on said verge with Apple HealthKit announced: a hub for all your iOS fitness tracking needs.