Japan’s Funai Electric, which claims to be the world’s last VCR manufacturer, says it will cease production of the machines later this month.
VCRs for home use were first introduced in the 1960s, gaining traction after Sony brought lower-priced models to market. Other Japanese manufacturers, including Panasonic, RCA, JVC and Toshiba, were also instrumental in developing the VCR.
These electromechanical devices were used to record, store, and play back television programs using a magnetic tape cassette as well as provide pre-recorded movies of the day.
Somewhat late to the party, Funai started manufacturing video-cassette recorders in 1983, and at one point was selling 15 million units a year. Unfortunately, the clunky VCR has since been replaced by an array of new technologies: DVDs, Blu-ray, and now, streaming video services.
As consumers moved forward to smaller, faster and more convenient methods of satisfying their video needs, Blockbuster and other like them fell along the wayside – not able to embrace the changes in video delivery technology.
Last year, Funai sold 750,000 units, and found it was getting harder to find the parts to make VCRs. A Funai spokesperson said that customers have been calling the company and asking where they can find the last few products.
With a landmark decision in 1984, the U.S. Supreme Court ruled that home use of VCRs to record television didn’t constitute a violation of copyright law, paving the way for an explosion of the technology in American homes.
For a period of time, a battle raged between Sony’s Betamax and JVC’s VHS — both VCR tape formats of that time — but VHS eventually won out.
So now the end has finally come. I remember when VCR tapes were used as “high-end” data backup systems for the business computers of that time. I can’t tell you how happy I am that those times are in the past.
If the founders of a new face recognition app get their way, anonymity in public could soon be a thing of the past. FindFace, launched two months ago and currently taking Russia by storm, allows users to photograph people in a crowd and figure out their identities, with 70% reliability.
It works by comparing photographs to profile pictures and in the future, the designers imagine a world where people walking past you on the street could find your social network profile by sneaking a photograph of you, and shops, advertisers and the police could pick your face out of crowds and track you down via social networks.
In the short time since the launch, Findface has amassed 500,000 users and processed nearly 3m searches, according to its founders.
Unlike other facial recognition technology, their algorithm allows quick searches in big data sets. Three million searches in a database of nearly 1billion photographs: that’s hundreds of trillions of comparisons. With this algorithm, you can search through a billion photographs in less than a second from a standard desktop computer. The app will give you the most likely match to the face that is uploaded, as well as 10 people it thinks look similar.
The technology can work with any photographic database, though it currently cannot use Facebook, because even the public photographs are stored in a way that is harder to access. I’m sure it’s just a matter of time before this challenge is resolved. We might even see Facebook leading the charge if they see a way to monetize this technology.
Some security analysts have sounded the alarm about the potentially disturbing implications. The app has already been used by a St Petersburg photographer to snap and identify people on the city’s metro line.
But the FindFace app is really just a shop window for the technology, the founders said. There is a paid function for those who want to make more than 30 searches a month, but this is more to regulate the servers from overload rather than to make money. They believe the real money-maker from their face-recognition technology will come from law enforcement and retail.
The pair claims they have been contacted by police departments in other regions, who told them they started loading suspect or witness photographs into FindFace and came up with results. “It’s nuts: there were cases that had seen no movement for years, and now they are being solved,” said Kabakov.
The startup is in the final stages of signing a contract with Moscow city government to work with the city’s network of 150,000 CCTV cameras. If a crime is committed, the mugshots of anyone in the area can be fed into the system and matched with photographs of wanted lists, court records, and even social networks.
It does not take a wild imagination to come up with sinister applications in this field; for example being able to tag and identify participants in street protests, sporting events or any large group or gathering in places where CCTV cameras are installed.
The pair also has big plans for the retail sector. Kabakov imagines a world where cameras identify you looking at, say, a stereo in a shop, the retailer finds your identity, and then targets you with marketing for stereos in the subsequent days.
Again, it all sounds more than a little disturbing. In today’s world we are constantly surrounded by gadgets. Our cell phones, iPads, tablets, televisions, fridges, everything around us is sending real-time information about us to the internet. We already have large data files on people’s movements, their interests and so on, cataloged on massive internet servers around the world – next they’ll be matching our interests to our photographs and perhaps when a camera picks us up on the street – everyone will know exactly where we are. Now we can really kiss our privacy goodbye. From the Washington Post: https://www.washingtonpost.com/news/morning-mix/wp/2016/05/18/russias-new-findface-app-identifies-strangers-in-a-crowd-with-70-percent-accuracy/
Adobe’s Flash Player will be switched off by default at the end of this year, meaning Chrome users will need to actively turn it on for all but a handful of top websites.
The slow and steady slide to a world without Flash continues, with Google revealing plans to phase out support for Adobe’s Flash Player in its Chrome Web browser for all but a handful of websites. And the company expects the changes to roll out by the fourth quarter of 2016.
While it says Flash might have “historically” been a good way to present rich media online, Google is now much more partial to HTML5, thanks to faster load times and lower power use.
As a result, Flash will still come bundled with Chrome, but “its presence will not be advertised by default.” Where the Flash Player is the only option for viewing content on a site, users will need to actively switch it on for individual sites. Enterprise Chrome users will also have the option of switching Flash off altogether.
Google will maintain support in the short-term for the top 10 domains using the player, including YouTube, Facebook, Yahoo, Twitch and Amazon. But this “whitelist” is set to be periodically reviewed, with sites removed if they no longer warrant an exception, and the exemption list will expire after a year.
A spokesperson for Adobe said it was working with Google in its goal of “an industry-wide transition to Open Web standards,” including the adoption of HTML5.
Given that Flash continues to be used in areas such as education, web gaming and premium video, the responsible thing for Adobe to do is to continue to support Flash with updates and fixes, as we help the industry transition,” Adobe said in an emailed statement. “Looking ahead, we encourage content creators to build with new web standards.”
Many other tech firms, including Apple, Microsoft and Mozilla, have taken steps to stop Flash running. In 2015, Facebook’s security chief Alex Stamos called for it to be killed off once and for all. However, it still lives on because many sites still make heavy use of it and many games employ it in ways that are hard to replicate with other web technologies.
Security hole. Shortly before Google announced its plans, security firm Fire-eye revealed the latest reported vulnerability in Flash was being actively exploited by cyberthieves. The malicious campaign began only days after the bug was first discovered.
In a blogpost, a Fire-eye researcher said attack code was being included in Flash files embedded in Microsoft Office documents. Adobe has published patches that stop Flash being used as an attack route via this flaw.
Writing on the Sophos security blog, Paul Ducklin said this was the third time in three months that Adobe had needed to produce patches for vulnerabilities that, if exploited, would let attackers compromise a victim’s computer.
Many security firms now recommend that people uninstall Flash player to avoid falling victim to malicious attachments or booby-trapped webpages. A lot of web firms have now stopped using Flash in a bid to thwart attackers.
RING Video doorbell. An internet-connected doorbell isn’t a new idea. The Doorbot of a few years ago was clunky and ugly, but the concept was good: someone rings your doorbell, your smartphone beeps and buzzes, and with a tap, you can initiate a videochat with the visitor. It doesn’t matter if you’re in the kitchen, at the office, or on vacation in the mountains. You can talk to them and see them. They can hear you, but they can’t see you. If it’s a delivery, you can give the guy permission to leave a package and instructions on where to stash it.
The Ring Video Doorbell offers a more refined and comprehensive approach. It adds motion sensing, so it can alert you via your phone when somebody walks through your yard or onto your porch. It also records video and audio of each event (a ringing of the bell or a motion detection) and stores it in the cloud for later review.
The Ring unit costs $199, and you can easily install it yourself. Below the 180 degree camera eye is a circular button surrounded by an LED ring. At the bottom is a speaker allowing you to chat with your friendly FedEx or UPS driver. The companion app is a free downlaod, as is the user account that lets you access the Ring’s features. The cloud storage runs $3 per month or $30 per year.
The Ring Video Doorbell doesn’t offer a live video feed or the ability to constantly record footage, but Ring does say it will allow remote camera access at some point in the future, so you can take a peek out your doorbell even when nothing triggers the camera.
Knock, Knock, Who’s There?
All the tools necessary for installation are included—even caulk and a miniature level. Before you mount the Ring, you charge it using USB (you’ll probably have to take it down and recharge it once per year) and connect it to your Wi-Fi network, which happens through the smartphone app. (Ring is set to release their next generation doorbell that would in place of your current wired bell.)
When someone presses the button on Ring, your smartphone begins to, well, ring. The same goes for the unit itself—it rings to let the person at your door know something is happening. Opening the notification brings up a live video feed, where you can Reject or Accept the invitation to interact.
Bodies in Motion
Using motion sensors built into the camera, Ring can alert you when someone is at your door before they even press the doorbell. This is especially useful when the UPS or FedEx driver leaves a package and refuses to ring your doorbell. Also, before the button is even pressed, Ring detects motion at your door and begins recording video. This makes it possible to view what happened at your door before the bell was pressed. This video recording feature can provide you with the peace of mind in knowing any activity at your door is being recorded – well worth the minimal monthly fee. Not to mention, you can download any of the videos to your mobile device for easy sharing with family members, or in the hopefully unlikely case where it’s necessary, the authorities.
Video of how the Ring Video Doorbell works: https://www.youtube.com/watch?v=f9TRo7JDxFg
Check out their product line: https://ring.com/products
The U.S. Department of Homeland Security has issued a warning to remove Apple’s QuickTime for Windows. The alert came in response to Trend Micro’s report of two security flaws in the software, which will never be patched because Apple has ended support for QuickTime for Windows.
Computers running QuickTime are open to increased risk of malicious attack or data loss, US-CERT warned, and remote attackers could take control of a victim’s computer system. US-CERT is part of DHS’ National Cybersecurity and Communications Integration Center.
“We alerted DHS because we felt the situation was broad enough that people having unpatched vulnerabilities on their system needed to be made aware,” said Christopher Budd, global threat communication manager at Trend Micro. The only mitigation available is to uninstall QuickTime for Windows,” US-CERT’s alert said.
Instructions from Apple can be found here: https://support.apple.com/en-us/HT205771Apple has not discontinued security updates for QuickTime on Apple computer systems – just Windows based systems. It is not clear why Apple made the decision to end Windows support.
Zero Day Warning
Trend Micro’s Zero Day Initiative learned about the vulnerabilities from researcher Steven Seeley of Source Incite, who is named in the warning. ZDI then issued advisories detailing the critical vulnerabilities:
• The Apple QuickTime moov Atom Heap Corruption Remote Code Execution vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime. The problem first came to ZDI’s attention late last year. The number of users at risk is unknown at this time.
• The QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability allows an attacker to write data outside of an allocated heap buffer by providing an invalid index.
Software makers regularly retire applications, so it’s not unusual that QuickTime would be vulnerable. However, it was odd that Apple did not issue a public statement about ending its support for QuickTime for Windows and that the software was still available for download.
Increasing Software Vulnerability
QuickTime joins a growing list of software that is not supported any longer. That list includes Microsoft Windows XP and Oracle Java 6, which means users of those operating systems increasingly will be vulnerable to attack.
DHS didn’t have any comment to add to its alert, said spokesperson Scott McConnell, who referred questions to Apple. Apple did not respond to requests to comment for this story.
The warnings come amid recent reports about computer system vulnerabilities, including one issued just a few days ago about a vulnerability in Adobe’s Flash Player that could leave computers open to ransomware, which can lock up entire systems until an attacker is paid to release control.
When you’re on Facebook, do you ever get the feeling that you’re being watched? An ad pops up that’s right up your alley, or three new articles show up in your feed that are similar to something you’ve just recently clicked on.
Sometimes it seems like Facebook knows you personally, and that’s because it does. It has algorithms that track what you like, watch and click on. Facebook uses this information to target ads to users on behalf of its paid advertisers.
Facebook itself isn’t the only culprit. Tons of companies use Facebook’s platform as a way to track you. In fact, right now there a probably dozens of companies that are watching your posts, storing your profile information and more, without you even realizing it.
How did this happen in the first place? When Facebook first started out, people rushed to join because of the many perks that it offered. One of those perks, and probably the most appealing, was the fact that Facebook was entirely ad-free. You could use the service to connect with family and friends without being bothered by someone trying to sell you something.
Well, like they say, “All good things must come to an end.” Eventually, Facebook began selling ads like everyone else. And that’s when everything changed.
People realized that Facebook provided a treasure trove of information for advertisers. By clicking “like” users were telling companies exactly what they wanted — more of this, less of that. This led to the big data tracking we now see.
Three sneaky ways companies are tracking you: Most people understand that Facebook is tracking their preferences whenever they use the app. But, few realize they’re being tracked in other ways too. And, that’s what these third-party companies are banking on. If you don’t know you’re being tracked, then you won’t ask them to stop.
Here’s three things to watch out for.
1: Facebook apps: This is when you receive a request to play a Facebook game your friends are obsessed with, and you decide to sign up. If you’ve ever done this before, then you’ve allowed that app developer to track you. These third-party apps integrate with your Facebook profile and can ask Facebook for permission to pull various personal data, from your work history to timeline posts. And although you can edit what information they can access, very few people do.
2: Facebook logins: This is when you visit a site and it says “Log in with Facebook,” and you do, then you’re letting that company track you.
3: Friends’ apps monitoring you: Even if you didn’t download an app, your Facebook settings may allow apps your friends have installed to also see YOU. It’s pretty scary.
You might be wondering why this even matters, and how it really impacts you personally. The easiest way to answer those questions is to point out all of those big data breaches you hear about almost daily. Hackers rarely waste time on individuals these days. They’ve got much bigger fish to fry. Large retailers, for example – or the databases where these third-party companies store the information they’ve gathered. That’s why everyone should take these steps to protect their private information.
Some Options To Help Stop The Tracking Madness:
Review and edit installed apps: To see what apps you’ve installed over the years, open Facebook in your browser, click the down arrow in the upper right corner and select “Settings.” Then click on the “Apps” header in the left column.
To see what information an app is accessing, click the pencil icon next to any of the apps to see and edit the settings. The first setting lets you set who can see that you use the app. It defaults to “Only Me,” so it isn’t a big deal. Below it, however, is another story.
In the case of Skype, for example, it pulls your public profile information along with your list of friends, email address, birthday and hometown.
Remember that this information is being stored on a third-party server. Not every app developer is going to have Microsoft-level security, and hackers are good at turning tiny pieces of stolen information into big gains.
If you want to keep using the app, you can deselect certain items, such as your email address. Be aware that won’t remove the information from the app developer’s servers, however. If you change your email address in the future, however, the developer won’t get the new one.
Remove apps you don’t use: If you don’t want to use the app anymore, you can click the “Remove app” link at the bottom of the page. Just remember that this won’t automatically remove your information from the app developer’s servers. For that you’ll need to contact the app developer directly. Facebook has a link for more information on this under the “Remove info collected by the app” section in the app’s settings.
Turn off apps completely: If you’ve deleted all the apps, and you’re not keen on accidentally installing more in the future, you can turn off the app platform completely. Just note you won’t be able to install apps or log in to third-party sites using Facebook until you turn this back on.
To turn off the app platform, go back to the App Settings page. Under “Apps, Websites and Plugins,” click the “Edit” button. At first, this just looks like a way to disable app notifications and invites from other people, which is a big help on its own. However, you’ll want to click the “Disable Platform” link in the bottom left corner.
Facebook gives you their standard warning about what disabling the platform does. If you’re OK with it, click the “Disable Platform” button. Unfortunately, this won’t remove information that app developers might have collected about you already.
Stop logging into sites using Facebook: In the future, when you’re adding an app or logging into a website try to avoid logging in with your Facebook account. But, if you must use Facebook to log in, then look for the “Log in Anonymously” or “Guest” option so it won’t share your information.
Stop friends’ apps from seeing your info: Apps can still get your information through your friends. As your friends install apps, those apps can request permission to get info about you.
To put a stop to this, go back to the App Settings page. Then under “Apps Others Use” click the “Edit” button. You’ll see everything that your friends’ apps can see about you. Go through and uncheck every option listed on the page, and then click “Save.” Now companies can’t track new information about you.
It’s up to each of us to monitor and maintain what information we want shared with others. I’m sure you’ll be very surprised when you log in and check your Facebook app settings.
Do you own an older Kindle that’s been gathering dust? Get it updated before March 22 or you won’t be able to get online and download your books any more.
This is pretty much their final warning: If you have a Kindle, you need to update it before March 22 or it’s going to lose Internet connectivity.
That outcome would be very bad, because without the update you’ll no longer be able to access the Kindle Store or sync your device with the cloud, not to mention any other Kindle services you might be using. According to Amazon, the update is required to ensure the Kindle remains compliant with continuously evolving industry web standards.
You’ll know if your Kindle didn’t get updated in time because you’ll see the following message on your device: “Your Kindle is unable to connect at this time. Please make sure you are within wireless range and try again. If the problem persists, please restart your Kindle from the Menu in Settings and try again”
If you’ve been using your Kindle regularly then it’s most likely going to be fine. Kindles will update automatically via Wi-Fi, but if the device has been turned off or out of battery for a while, charge it up and make sure you Sync and Check for Items.
When the update has been applied you’ll find a confirmation letter called “03-2016 Successful Update” on your device. You can check for it by viewing all Recent items in your Kindle Library.
The following devices don’t need the update:
Kindle Paperwhite (6th and 7th generation)
Kindle 7th Generation
Kindle Voyage 7th Generation
If you’ve got one of the following, you do need the update:
Kindle 1st Generation (2007)
Kindle 2nd Generation (2009)
Kindle DX 2nd Generation (2009)
Kindle Keyboard 3rd Generation (2010)
Kindle 4th Generation (2011)
Kindle 5th Generation (2012)
Kindle Touch 4th Generation (2011)
Kindle Paperwhite 5th Generation (2012)
Amazon also points out that the Kindle Keyboard 3rd Generation, the Kindle Touch 4th Generation and the Kindle Paperwhite 5th Generation will only update via Wi-Fi, even if you have the 3G connection active.
If you do miss today’s deadline, you’ll need to manually download and install the required update. You can get more information on that process here.
More than 200 million users are currently running Windows 10 and that number is growing rapidly. The temptation to save money with Microsoft’s free upgrade might be so strong that you’re ready to upgrade now.
Should you upgrade now? There are certainly many great reasons to upgrade but a word of caution before you proceed.
Now may be the perfect time for a conversation about upgrading your Windows operating system. This newsletter is designed to make you pause and give serious deliberation to your decision to implement the Windows 10 operating system at this time. As a Microsoft business partner we certainly see the benefits to Windows 10 for many people, but some businesses may want to take more time and do more planning because once you upgrade there is no turning back. (Well, you can downgrade, so long as you have not deleted the windows.old folder. Users have a month to go back without any change in files, on best case installations.)
As you probably know, Microsoft is offering a free Windows 10 upgrade available through July of this year. Upgrading to Windows 10 seems like an easy process, with just a couple of clicks you are up and running.
The decision to upgrade should be made very carefully as it will impact your business and the performance of your IT environment. While it certainly makes sense for Microsoft’s business model and moving to Windows 10 is likely to be inevitable at some point for your business, we recommend that you take the time to more fully understand what is involved in moving from your current operating system to the new Windows 10 environment.
Here are some things to consider:
1. There are different editions of Windows 10. There’s Windows 10 home and Windows 10 Professional. If you choose the free Windows upgrade, you have no choice in the version that you will be receiving. It depends on what you’re upgrading from but in any case it may make sense financially to take advantage of the free upgrade.
2. You also have the ability to control whether your upgrade will take place automatically or manually. I recommend “manually” performing the upgrade just so you are the one in control of the process rather than be surprised the next time you turn on your PC.
3. If you are planning to purchase new PCs or notebooks, we recommend that you consider purchasing a Windows 10 PC. It might be tempting to shop for Windows 8 PCs and upgrade for free but we are not convinced this is the smartest option. Individuals should seriously consider the Windows 10 operating system. In the business world you are likely using a Windows 7 system and possibly considering upgrading for free, while it’s available. It all depends on the line of business applications your company is running.
4. As with any upgrade or downgrade plan you will want to complete a full backup of your data beforehand to avoid any potential problems.
5. Keep in mind that not all PCs can support Windows 10. Before a PC will be upgraded to Windows 10, Microsoft uses a vetting process to help insure your system can handle the upgrade. If you’re buying Windows 10 compatible hardware, then you’re going to be assured of a successful migration.
In summary, you have until the end of July of this year to take advantage of the free Windows 10 upgrade. Deciding whether or not to upgrade now is an important decision for you, especially if saving money is a consideration. To plan the upgrade you’ll need to have a strategy in place very soon.
Windows 7 and 8 are fast approaching their end of sales date for PC’s with Windows preinstalled. That means that as of October 2016, major OEM’s like Dell and HP will no longer be selling PC’s with Windows 7 or 8 preinstalled – so if you replace a PC after this date you will only be able to get one with Windows 10. Keep that in mind especially if your primary line of business application is not supported under Windows 10.
We believe Windows 10 is a solid upgrade for most users, but it’s not for everyone just yet. In some cases, if your primary business software is not compatible with Windows 10 then it may not be for you at all.
Below is a chart showing the Microsoft Windows End of Sale lifecycle to help with planning you upgrade.
People who don’t want to pay for Netflix services can buy stolen log-in credentials on the black market for rock-bottom prices, Symantec reports.
The online security company said it found advertisements and software aimed at cheapskate streamers, though it didn’t mention the names of the shady sites and forums.
Netflix Logins For Sale. The ads, which show Netflix logins for sale for as little as a quarter each, proudly display guarantees of “freshly cracked” accounts. They also ask their “customers” not to spoil the fun by changing passwords or messing with payments, either of which would alert the paying user to the fact that their account has been breached.
It is, of course, illegal — these are stolen accounts, gathered through nefarious means like malware and phishing. But since Netflix takes a laissez-faire approach to sharing accounts, paying users could easily be watching shows at the same time as someone who bought their login for a quarter on the Dark Web.
Netflix CEO Reed Hastings has said in the past that he doesn’t consider password sharing a big problem, and as long as the user base keeps growing (the service just passed 65 million subscribers globally), this common practice is likely to stay that way
Sharing your Netflix log-in? Turns out you might not be the only one who lets a friend or family member log into your Netflix account. In fact, if you don’t, you’re in the minority, according to a poll of over 5,000 Netflix users conducted by Global Web Index.
Only 35 percent of users claimed to be the sole user of the account — 30 percent shared it with one other person, 16 percent with two people, and 19 percent shared it with three or more.
Netflix has plans that permit multiple streams to multiple screens at once, which means they’re fine with accounts being shared to a certain degree. Two spouses and a kid watching a movie shouldn’t require three accounts, of course — but spreading the login among four or five friends might be something the company would like to stop.
Could your account be on one of these lists? It’s hard to say, but one easy way to check is to look at your recently watched shows. If you see a lot you don’t recognize and don’t seem like your style (or that of anyone you share with), you might want to change your password. That simple action will immediately stop your account from being used by others without your permission.
The “Internet of Things” security is badly broken and getting worse. The Shodan search engine is only the latest reminder of why we need to fix IoT security.
Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams.
The feed includes images of marijuana plantations, back rooms of banks, infants and children in their homes, kitchens, living rooms, garages, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores. The cameras are vulnerable because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place. Shodan crawls the Internet at random looking for IP addresses with open ports. If an open port lacks authentication and streams a video feed, the new script takes a snap and moves on.
While the privacy implications here are obvious, Shodan’s new image feed also highlights the dismal state of IoT security, and raises questions about what we are going to do to fix the problem.
Of course insecure webcams are not exactly a new thing. The last several years have seen report after report hammer home the point. In 2013, the FTC sanctioned webcam manufacturer TRENDnet for exposing “the private lives of hundreds of consumers to public viewing on the Internet.” Today it’s estimated that there are now millions of such insecure webcams connected and easily discoverable with Shodan. That number will only continue to grow.
So why are things getting worse and not better? Webcam manufacturers are in a race to gain market share. Consumers do not perceive value in security and privacy and have not shown a willingness to pay for such things. As a result, webcam manufacturers slash costs to maximize their profit, often on narrow margins. Many webcams now sell for as little as $20.
The problem: Consumers are saying we’re not supposed to know anything about this cybersecurity stuff and the manufacturers don’t want to lift a finger to help users because it costs them money.
If consumers were making an informed decision and that informed decision affected no one but themselves, perhaps we could let the matter rest. But neither of those conditions are true. Most consumers fail to appreciate the consequences of purchasing insecure IoT devices. Worse, such a quantity of insecure devices makes the Internet less secure for everyone. What botnet will use vulnerable webcams to launch DDoS attacks? What malware will use insecure webcams to infect smart homes? You may remember in November the story about a 2008-era malware – Conficker.B affects police body cams in 2015, it threatens not just the reliability of recorded police activity but also serves as a transmission vector to attack other devices.
The bigger picture here is not just personal privacy, but the security of IoT devices. As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby’s crib.
FTC to the Rescue? When it comes to strong-arming manufacturers, government entities like the US Federal Trade Commission (FTC) may be able to help. Maneesha Mithal, associate director of the FTC’s division of privacy and identity protection, was quick to mention several examples where the organization went after at-fault companies. In recent years according to Mithal, the FTC has prosecuted more than 50 cases against companies that did not reasonably secure their networks, products, or services.
The FTC takes action against companies engaged in deceptive or unfair business practices, she explained. That includes IoT manufacturers who fail to take reasonable measures to secure their devices.
In addition to the enforcement action against TRENDnet, the FTC also issued security best practices for IoT manufacturers back in January 2015, urging them to build in security at the design phase rather than bolting it on as an afterthought. These practices could be a “defense-in-depth” strategy to mitigate risks, pushing security patches to connected devices for the duration of the product life cycle, and so on.
As consumers of IoT products it’s our responsibility to learn about the individual security and password settings for the devices we use and secure them to the best of our ability. Just don’t rely on the manufacturer to protect you – they probably won’t.