Episode 12 – Online with Taxis, Bricks and Mortar

00:00 Start
00:10 Intro Show Topics
00:48 Intro Participants John Breslin @johnbreslin, Fergal Gallagher @gallagherfergal, Andrii Degeler @schlema, Jack Harty ie.linkedin.com/pub/jack-harty/15/92b/1b9
01:13 Acknowledgement FlirtFM
01:40 News Section
02:00 Internet of Things Gartner Hype Cycle http://www.gartner.com/newsroom/id/2819918
04:03 Nest https://nest.com
04:42 SmartThings http://www.smartthings.com
05:05 Acquired by Samsung http://www.forbes.com/sites/aarontilley/2014/08/14/samsung-smartthings-acquisition-2/
08:40 The “Hill” from Gartner http://www.gartner.com/newsroom/id/2819918
11:30 colaboratory https://colaboratory.jupyter.org/welcome/
12:27 Aylien http://aylien.com
16:48 NVivo http://www.qsrinternational.com
18:33 Uber https://www.uber.com versus Lyft https://www.lyft.com
25:32 Snapchat valued at $10BN http://techcrunch.com/2014/08/26/snapchat-raising-a-new-round-at-a-10b-valuation/
29:28 Amazon buys Twitch http://www.pbs.org/newshour/rundown/recent-amazon-acquisition-twitch-boasts-audience-rivaling-primetime-television/
30:00 Twitch TV http://www.twitch.tv
32:40 comsCore report http://www.comscore.com/Insights/Presentations-and-Whitepapers/2014/The-US-Mobile-App-Report
37:48 Intro for Jack Harty
38:40 Tech Finance
39-20 Amazon SEC reports http://finance.yahoo.com/q/sec?s=amzn+SEC+Filings
54:25 Lessons for Irish firms
56:20 Kenny’s Bookshop – Galway http://www.kennys.ie
59:25 Parcel Motel http://www.parcelmotel.com
01:02:32 Cool Tech
01:02:42 PressForward http://pressforward.org
01:04:34 COOLEST Cooler https://www.kickstarter.com/projects/ryangrepper/coolest-cooler-21st-century-cooler-thats-actually
01:07:07 Lytro Illum https://www.lytro.com
01:08:20 HTC Evo 3D http://www.engadget.com/2011/06/15/htc-evo-3d-review/
01:10:34 Upcoming Events
01:10:40 Hardware Hackathon Dublin September 12th to 14th http://hwhackathon.com
01:12:06 End

Nest Thermostat Hacking and Google Glass Password Spying at Black Hat 2014


Image from Wikimedia Commons.

This month saw the Black Hat security conference return to Las Vegas for its 17th instalment. Alan Byrne was on hand to give us an overview of some of the most interesting talks he attended during the two-day event. Part one of his report is below.

Nest, a Smart Spy in Your Home

The Nest is a smart thermostat device manufactured by Google [following their $3B acquisition of the Nest company in January 2014]. The programmable thermostat learns what temperatures you like at certain times of the day, and automatically turns on and off your heating to your subconscious satisfaction. It is connected to your home Wi-Fi network allowing you to configure your heating system over the Internet. However, researchers at Black Hat 2014 demonstrated that, should a malicious person get USB access to the Nest device, it can be turned into a much more sinister, spying tool.

When the Nest’s physical button is held down for 10 seconds, the device reboots. But for a split second, it is available to receive new instructions on how to boot. The team created a custom tool that, when directly connected to the Nest, reworked the Nest’s software giving them total, remote control. Although physical access is required for this attack, it is not difficult to think of a number of scenarios in which this could occur. Once a Nest has been compromised, it could, for example, “phone home” to let the attacker know what times you are out of the house at work. Or, when you are away on an extended vacation.

Furthermore, the researchers explained how they could use the Nest as a network “sniffer” to tunnel all the user’s internet traffic through the Nest. This means that the attacker could read a user’s login details, credit card numbers, etc. Even without any exploit, the researchers noted the excessive data logging and communication that the Nest does, raising concerns over user privacy. Does a thermostat really need to contact Google (an advertising company) that much? Nest users are unable to opt out of this data collection.

The full paper is available here.

The State of Incident Response by Bruce Schneier

Bruce Schneier gave a very interesting talk in which he outlined some current trends in cybersecurity, theories from economics and psychology that affect cybersecurity, and he explained a systems theory from the US Air Force that can be used for effective incident response.

Bruce highlighted that with the rise of cloud computing, users have less and less control over their data. It is the vendor that has all the control: this includes devices and operating systems we use to access our data which are locked down, for example iOS.

He warned that cyberattacks are getting more sophisticated. The skill of attackers is getting higher, and their focus is getting stronger.

Finally, Bruce noted the increased cyber-investment from governments and what this might spell for the future of the cybersecurity industry. Will businesses be forced by law to implement cybersecurity measures? Will we see government-managed defence in the future to secure the likes of water reservoirs and electricity power plants? Bruce foretold that the days of letting the industry take care of incident response may soon come to an end as government requirements for data safety are coming.

My Google Glass Can See Your Passwords

Almost every “smart” consumer device today includes a camera – from smart watches to smart TVs, glasses, phones and MP3 players. Researchers at Black Hat demonstrated how these cameras can spy on people tapping and inputting credentials such as passcodes or passwords into phone and tablet keyboards.

By tracking fingertip movements, it was possible to identify the touched points on the victim’s screen and map its location to a reference image of the soft keyboard for that phone. The researchers have had a 90% success rate, up to 9 feet from a victim with this method.

What can be done about this? Well, Apple’s fingerprint technology makes this exploit redundant. But, for the majority of device users out there, combatting this attack will mean installing a keyboard app that does not use a fixed “qwerty” layout, but varies they location of the keys on every unlock attempt.

The full paper is available here.

We will publish part two of Alan Byrne’s report from the Black Hat 2014 conference next week.