Hardware

Is CCTV Surveillance By Amazon Drones The Future?

Posted on by Andy Miller

An Amazon patent from 2015 appears to indicate that Amazon may consider ‘surveillance as a service’ using a swarm of its delivery drones armed with CCTV, as a monetising opportunity in the future.

Patent

The details in the patent foresee customers paying for a tiered service that employs the onboard cameras of Amazon’s delivery drones visiting users’ homes in-between delivery routes and filming irregularities and potentially suspicious activities.  For example, the cameras could potentially be programmed to detect evidence of break-ins and lurkers on/near a property, and the onboard microphones could even be programmed to detect suspicious noises such as breaking glass.

Tiered Service

It is thought that such a service could offer different tiers of service (reflected by different pricing) based upon factors such as frequency of visits e.g. daily or weekly, monitoring type e.g. video or still, and alert type e.g. SMS, email, a call or via app ‘push’ notifications.

Privacy

There are likely to be some obvious privacy concerns with a private company using its drones to film an area where it has a customer. However in doing so, avoiding filming an area where it does not have permission to film would present a challenge.

The Amazon patent suggests a possible remedy in the form defining a “geo-fence” around the area that does have permission to be filmed so that the drone’s surveillance activities can be focused (to an extent).  The patent appears to accept, however, that some filming of the outside area of the fence could occur.

National Surveillance Camera Day

In a world first, last week the UK played host to an awareness-raising National Surveillance Camera Day on 20th June as part of the National Surveillance Camera Strategy. As part of the day’s events, an “doors open” initiative allowed the public to see first-hand how surveillance camera control centres are operated at the premises of signatories to the initiative in the UK e.g. local authorities, police forces, hospitals, and universities.

Drone Research Reveals Negative Perceptions Among The Public

For the most part, people accept that the presence of CCTV surveillance cameras in public areas, operated by local authorities, and the presence of CCTV on business premises are generally for the greater good as a crime-reduction tool.

The same cannot be said for drone-based surveillance.  For example, new research from the PwC has shown that public perception remains a barrier to drone uptake in the UK.  The results of the research showed that less than a third of the public (31%) feel positive about drones, and more than two-thirds are concerned about the use of drones for crime.  In contrast, businesses appear to have a much more positive perception of drone use with 35% of business leaders saying that drones aren’t being adopted in their industry because of negative public perceptions despite the fact 43% of those business people who were surveyed believed that their industry would benefit from drone use.

What Does This Mean For Your Business?

Amazon is a company that has continued to grow and diversify into many different areas in recent years, embracing and pioneering many different technologies along the way, such as parcel delivery drones. It is not unusual for companies, particularly big tech companies to introduce many patents with many new ideas. In that sense, it’s difficult to criticise Amazon for wanting to get maximum (monetising) leverage from its delivery drones from a business perspective.

There remain, however, some serious challenges to the ideas in the drone surveillance patent including privacy concerns, and problems with current negative public perceptions of drones.  This will require education around case-use for drones, and re-assurance around regulation and accountability – this is a public company and could be one of many using the skies to offer the same service once the floodgates are opened.

For some businesses, however, as identified by the PwC and by Amazon’s patent, drones potentially offer some great new business opportunities.  It should also be noted that drones can offer some potentially life-saving opportunities, such as the human kidney for transplant that was delivered by drone, in the first flight of its kind, to a Medical Centre in Baltimore in May this year, thereby getting the organ to the surgeons much faster than by road.

For Drones it seems, there remains many opportunities and challenges to come.

Fire-Prone MacBook Pros Recalled

Posted on by Andy Miller

Apple has announced a recall of some older generation 15-inch MacBook Pro units due to the fire risk posed by a tendency for the battery to overheat.

Repair and Replace Free

Apple is offering a recall and replacement program for units that were sold primarily between September 2015 and February 2017 with the company offering to replace affected batteries, free of charge due to a potential battery fire risk.

Service options for affected customers include finding an Apple Authorized Service Provider (through the online tool), making an appointment at an Apple Retail Store, or contacting Apple Support to arrange mail-in service via the Apple Repair Centre.

Serial Number

The eligibility for the program is determined by the serial number product which can be checked on Apple’s website here:

https://support.apple.com/15-inch-macbook-pro-battery-recall

Second Time

This is the second time that this generation of MacBook Pro units has been recalled.  Back in June 2018 and after numerous complaints over two years and even an online petition by a customer, Apple decided to offer free repairs or replacements for the butterfly keyboard on its MacBook and MacBook Pro laptops.  The petition from the time, which attracted over 21,000 signatures, claimed that every one of Apple’s MacBook Pro models, 13in and 15in, were sold with a keyboard that could become defective at any moment because of a design failure.  Apple responded by launching a program which meant that Apple or an Apple Authorised Service Provider could service eligible MacBook and MacBook Pro keyboards, free of charge.

Apple iPad Battery Gas Leak

To make things worse, in August 2018 the leaking of vapours from a damaged iPad battery led to an Amsterdam shop being evacuated and 3 staff being treated for breathing problems caused by the released gas. The fire brigade was called and attended, but there were no reports of any actual flames/fire coming from the affected iPad. Staff had, however, initially reacted to the smoking iPad by putting it in a sand-filled fire bucket. At the time, however, other online reports indicated that similar faults had occurred elsewhere since Apple had started its iPhone battery replacement programme.

Apple Adapter – Fire Risk

In May this year, Apple recalled two different types of plug adapter because of a possible risk of electric shock.  The affected plugs were the two-prong AC wall plug adapter that came with Macs and some iOS devices between 2003 and 2010, and the three prong plug that was included with Apple’s World Travel Adapter Kit.

What Does This Mean For Your Business?

This latest fire-risk recall appears to be part of pattern that could indicate that some Apple products/components/accessories have been released for sale despite having some potentially serious risks, but that the company (perhaps after some time has elapsed and complaints have been made) has made an effort to admit to risks and at least offer repair and replacement programs.

Apple is one of those brands however, that has built a strong reputation for products that are user-friendly, reliable, not prone to the security risks of PCs for example, and for products that look stylish.  As such the company has built a loyal base of fan-like supporters, many of whom are prepared to accept fire and electric shock risk hiccups, and carry on paying premium prices as they perceive the products to be worthy of their generally positive image and relatively high prices.

It is good to note that this product repair and replacement program was offered swiftly, but it is worrying that the same model has been the subject of two such recall programs to date.  Let’s hope it’s the last.

UK National Surveillance Camera Day

Posted on by Andy Miller

In a world first, the UK played host to an awareness-raising National Surveillance Camera Day on 20 June as part of the National Surveillance Camera Strategy.

National Surveillance Camera Day

The National Surveillance Camera Day, which is part of the UK government’s National Surveillance Camera Strategy for England and Wales consisted of events around the country that were designed to raise awareness, inform and lead to a debate about the many different aspects of CCTV camera use (and facial recognition use) in the UK. The Surveillance Camera Commissioner (SCC) wanted the public to take the day as an opportunity to have their say about the future of surveillance cameras with the regulators and service providers listening.

It is hoped that points raised in the debates triggered by the day could help inform policymakers and service providers about how the public feels about surveillance practices and how surveillance camera system use fits with society’s needs and expectations.

One of the key events to mark the day was the “doors open” initiative to allow the public to see first-hand how surveillance camera control centres are operated at the premises of signatories to the initiative e.g. local authorities, police forces, hospitals, and universities.

What / Who Is The SCC?

The Surveillance Camera Commissioner (SCC) for England and Wales is appointed by the Home Secretary as set out in the Protection of Freedoms Act 2012 (PoFA) and it is the Commissioner’s role to ensure surveillance camera systems in public places keep people safe and protect and support them. The current SCC is Tony Porter.

What Is The National Surveillance Camera Strategy?

The National Surveillance Camera Strategy is the government document, presented by the SCC that outlines the plans for surveillance camera use going forward.  The 27-page document is available online here:  https://www.gov.uk/government/publications/national-surveillance-camera-strategy-for-england-and-wales

Two Related World Firsts

Another related world first that took place on the same day as National Surveillance Camera Day was the launch by the SCC of a “secure by default” list of minimum requirements for manufacturers of video surveillance systems, designed for manufacturers by manufacturers.  The hope is that where manufacturers meet the new “secure by default” minimum requirements, this should ensure that the default settings of a product are as secure as possible, and therefore less likely to be vulnerable to cyber-attacks that could lead to data breaches.

What Does This Mean For Your Business?

Most of us are used to (and often no longer notice) CCTV cameras in use in business premises and public spaces, and we accept that they have a value in protecting us and our businesses in terms of deterring criminals and playing an important role in identifying them, and in providing valuable evidence of crime.

Holding a National Surveillance Camera day highlights the fact that new and emerging technologies e.g. facial recognition and AI are currently causing concern in terms of possible infringements to civil liberties, privacy and security, and an ‘open-day’ style approach could have benefits both ways.  For example, it could serve to reassure the public and at least let them feel that their views and concerns will be listened to, while at the same time giving policy-makers an opportunity to gauge public opinion and gather information that could help guide their strategy and communications.

It is good news that manufacturers are setting themselves minimum security standards for their CCTV systems as part of “secure by default”, as this could have knock-on positive effects in protecting our personal data.

Samsung’s Advice To Virus-Check TVs Causes Customer Concern

Posted on by Andy Miller

Samsung’s recent release of a how-to virus check video coupled with the advice to complete the check “every few weeks” has caused confusion and concern among customers.

Video

At the heart of Samsung’s virus-checking information release was a 19-second video guide that Samsung said had been posted simply to educate and inform customers. The video guide, which was watched more than 200,000 times, was presented to customers via a tweet which it is reported, has since been deleted.

The video showed Samsung TV owners how to access the sub-menu and go to the System Manager to conduct their own “Smart Security Scan”.

Although this feature is already built-in to Samsung TVs, it was the fact that the tweeted video contained the advice that customers would need to carry out the scan themselves every few weeks to prevent malicious software attacks that caused concern that there were known attack attempts or that their QLED TVs were vulnerable in some way.

Misunderstanding

Samsung is since reported to have said that the video was simply for information and was a proactive way to remind and educate customers that the feature existed and how to operate it as a preventative measure and that the video was not sent as a reaction to a specific current threat.

What Are The Risks?

A smart TV is essentially an IoT device, and as such, faces similar potential risks to other IoT devices, although Samsung TVs don’t appear to be at any more of risk than other devices.  In fact, back in 2017, after claims that many zero-day vulnerabilities had been found in Samsung’s smart TV operating system, the company reminded users that its TVs already contained features that allowed them to detect malicious code at platform and application levels.

That said, Samsung’s Smart TVs are likely to have a built-in microphone, an Internet connection with streaming apps, and customers may enter credit card details for buying on-demand video content. All this means that the potential privacy and security risks exist.

What Does This Mean For Your Business?

It appears that security and privacy are very sensitive subjects for consumers and that an attempt to remind customers about a security feature ended up highlighting one of the risks of owning a smart TV, leading to concern and an unnecessary PR gaffe.

In the light of the tweet and video, some security commentators have criticised Samsung for making security checks the responsibility of the customer rather than the company sending out automatic security updates.  Also, the company may be expecting too much of some of its customers to ask them to delve into the perhaps complicated sub-menu to find the virus scan feature, and to do so on a regular basis.

Facial Recognition Glasses For Covert Surveillance

Posted on by Andy Miller

The “iFalcon Face Control” AR glasses that incorporate an 8-megapixel camera in the frame and NNTC facial recognition technology (are due to go on sale next year) are reported to have already been deployed into several security operations.

US / Dubai Manufactured

The facial recognition-enabled smart glasses are made by American company Vuzix and use facial recognition algorithms from Dubai-based company NNTC.  It has been reported that the NNTC facial recognition algorithms rank in the top three for accuracy in the US government’s Face Recognition Vendor Test and can detect up to 15 faces per frame per second, thereby enabling them to identify a specific individual in less than a second.

To date, only 50 pairs of the facial recognition-enabled glasses have been produced, all of which have been sold to security and law enforcement and are, according to NNTC, being used as part of security operations in the United Arab Emirates capital Abu Dhabi.

The iFalcon Glasses Won’t Need An Internet Connection

The iFalcon Face Control glasses that are due to go on sale next year will come with a portable base station.  This will mean that they will have a portable connection to a stored a database of targets, thereby giving the user greater mobility as they won’t need an Internet connection for the software to function.

Similar Used In China

Facial recognition glasses have already been used by police forces in China last year in order to keep blacklisted people e.g. certain journalists, political dissidents, and human rights activists away from the annual gathering of China’s National People’s Congress.

Other Deployments

Known use of facial recognition for law enforcement already happens in the US through its incorporation with body cameras and CCTV cameras, and in the UK it has been used in deliberately overt trials and deployments e.g. a two-day trial in Romford, London by the Metropolitan Police in December 2018 using use vehicle-mounted cameras, at the Champions League final at the Millennium Stadium in Cardiff 2017, and at the Notting Hill Carnival in 2016 and 2017.

Criticism and Problems

The use of facial recognition technology at events and trials in the UK has, however, come under fire over several issues including poor levels of accuracy, a lack of transparency in how it is used, the possible infringement of privacy and data security rights e.g. what happens to images, and value for money in terms of deployment costs versus arrests.

This led to ICO head Elizabeth Dunham launching a formal investigation into how police forces use facial recognition technology (FRT) in the UK.

Data security and privacy are such thorny subjects for agencies, organisations and businesses alike that even though using facial recognition to help organise photos has been a standard feature across the social media industry, Microsoft is now issuing an update to its Windows 10 Photos app that prompts users to perform the almost impossible task of confirming that all appropriate consents from the people in the user’s photos and videos have been obtained in order to use facial recognition to find photos of friends and loved ones.  This move shifts the burden of responsibility away from Microsoft to the user.

What Does This Mean For Your Business?

The covert and mobile nature of these new glasses not only seems to be somewhat dystopian and ‘big brother’ but could, in theory, provide a way for users to simply get around existing data protection and privacy laws e.g. GDPR.

As a society, we are to an extent, used to being under surveillance by CCTV systems, which most people recognise as having real value in helping to deter criminal activity, locate and catch perpetrators, and provide evidence for arrests and trials. The covert use of facial recognition glasses is, however, another step further on from this and from the deliberately overt and public trials of facial recognition in the UK to date.  As such, to be used in the UK, it will require faith to be put in the authorities that it is used responsibly, and that its accuracy is proven, and that rights groups are able to access facts, figures, and information about the technology, where and how it is used, and the results.  Presumably, the ICO may also have questions about the use of such glasses.

If there is no public transparency about their use, this could also result in suspicion, campaigning against their use and a possible backlash.

Mastercard’s AI-Based Digital Wellness Could Make Online Purchasing Easier and Safer

Posted on by Andy Miller

Mastercard has announced the introduction of its Digital Wellness program which utilises AI-based click-to-pay technology and new standards in order to provide an easier and safer online shopping experience.

The Program

The Mastercard Digital Wellness program provides tips and resources that are designed to help businesses (especially small and independent businesses) protect themselves from cyber-attacks and data breaches. The program includes Secure Remote Commerce, Mastercard’s Cyber Readiness Institute (a collective of business leaders), and The Global Cyber Alliance which provides SMBs with free cyber-security tools.

New Click-To-Pay Checkout System

Coming out of the Digital Wellness Program is Mastercard’s new click-to-pay checkout system which is enabled by Mastercard’s deployment of EMVCo’s (Europay, Mastercard, Visa) specification. The standards that make up EMVCO’s specification provide a foundation that enables the processing of e-commerce transactions in a consistent, streamlined fashion over a variety of digital channels and devices, including smartphones, tablets, PCs and other connected devices.

This means that the click-to-pay checkout system can be used for all kinds of online shopping, across multiple devices, and across cards, and can replace old key-entry checkout systems.

Tokenization and NuData

The click-to-pay checkout system incorporates tokenization and NuData, which represent Mastercard’s AI and machine learning tech. NuData can prevent fraud by (for example) monitoring website traffic changes, analysing changes in browsers and web surfing speeds, and verifying all the user data that makes a user unique (such as an individual’s scroll speed on their device).

The inclusion of AI technology means greater security and no need for customers to enter passwords when they pay.

The Advantages

The key advantages of the click-to-pay checkout system from the Digital Wellness Program are that:

  • It tackles the problem that customers feel unease when it comes to paying for things online because of the added security.
  • It’s fast and easy – the instant click-to-pay with no need for passwords tackles the reluctance of online shoppers to create a new user account.
  • Merchants who adopt the system have a system from a known and trusted provider that could give them a better chance of preventing fraud.

These factors mean that the system could make customers more likely to feel comfortable shopping for things on smaller websites or with unknown retailers.

What Does This Mean For Your Business?

For Mastercard, this is a way of selling its services to the huge market of smaller and independent businesses.

For merchants, it’s a way for them to leverage the latest AI tech to protect themselves and their customers from fraud, and tackle popular known barriers to purchases from smaller retailers online i.e. worries about security and the unwillingness to take the time to set up a new user account when they want to buy something.

For customers, the system should provide a safe and fast purchasing experience which can only reflect well on the merchant.  It remains to be seen, however, how many merchants take up the new system and what the cost versus benefit implications will be.

SurveyMonkey Goes to Ireland

Posted on by Andy Miller

California-based online survey software company SurveyMonkey has opened a datacentre in Dublin with a view to attracting enterprise customers in the EMEA region.

SurveyMonkey

SurveyMonkey, which was established in Portland by Ryan and Chris Finley, has more than 750 employees globally and is estimated to have more than 600,000 paying users across more than 300,000 organisational domains.  190 countries and territories use the SurveyMonkey platform which is a cloud-based, online survey tool that is offered for free, or SaaS.

The company now has offices in San Mateo, Portland, Seattle, Dublin, Ottawa, and Sydney.  The Irish office was opened in 2014 and currently has around 50 employees.  SurveyMonkey went public in 2018.

Why A Datacentre In Dublin?

There are several good reasons for the move to Dublin coupled with a focus on wooing EMEA enterprise customers, such as:

  • 16% of SurveyMonkey’s revenue during the first quarter of 2019 came from sales to the enterprise sector.
  • More than one-third of SurveyMonkey’s business revenue comes from outside the US, with the majority in Europe.
  • There is a huge opportunity for growth that’s offered by companies where SurveyMonkey has been adopted (as the free version) through back-door ‘shadow IT’, and where those enterprises can be encouraged to legitimately adopt the use of the software as company-wide deployments by being reassured that the data they collect is stored in a European data centre (Dublin). This has been termed a ‘land and expand’ strategy.
  • Dublin is ranked as one of the best places to work in Ireland and offers many benefits to tech companies and start-ups.

Phased Approach

SurveyMonkey’s strategy, of which the Dublin datacentre is a part, is a phased one with the first phase being to acquire new customers, and phase two focusing on migrating customers who already have a lot of data stored in their SurveyMonkey accounts.

In addition to expanding across Europe, SurveyMonkey will also be looking at making customers aware of the other services that it offers.

What Does This Mean For Your Business?

SurveyMonkey knows that the Europe /  EMEA region already delivers plenty of revenue and that there’s a great opportunity to expand further. Placing a datacentre in Europe may be very attractive to (and reduce risk for) enterprise customers who must be very careful about where their data is stored (refer GDPR) and who always want to reduce complexity about data storage.

This story also shows how the ‘shadow IT’ use of software has provided a way in and can be part of a successful strategy for growth and expansion.

Google AR Glasses Enterprise Edition For Workers

Posted on by Andy Miller

Six years on from the launch of the first Google glasses, Google has announced the introduction of Google Glass 2 Enterprise Edition, glasses incorporating a wraparound camera and AR and designed to help workers by providing instant hands-free access to key information.

Improved

Following on from the original introduction of Google’s ‘Glass’, followed by the last Enterprise Edition back in 2017 which suffered from poor take-up due to an apparent lack of applications, Glass 2 Enterprise Edition is an upgraded version with a clearer target market, and a marketplace more educated to its benefits.

Who?

Google’s shorthand definition of its target market for Google 2 is those working in manufacturing, field service and healthcare, primarily because it has development experience, success stories, and easy to transmit benefits in these areas.  For example, Google has worked with several partners in the marketplace to develop Glass 2 and to help hone the glasses and give them maximum value in Enterprise settings in the target markets and beyond.  For example, Google has worked with partners including AGCO, Deutsche Post DHL Group, Sutter Health, and H.B. Fuller.

What and How?

Glass 2 is essentially a hands-free, wearable device for “smarter and faster” hands-on work that provides the information that an employee needs in the periphery of their line of sight.  This means that workers, all of whom have limited time and resources, only one pair of hands, and need to be in one particular place to complete their work can get immediate, safe access to expert advice around the world.

In this way, Google Glass can:

  • Help improve efficiency and client relationships e.g. health care professionals don’t have to spend as much time in front of a computer screen and can spend more time in front of their patients. For example, the technology reportedly saves (on average) two hours of doctors’ time per day.
  • Help reduce processing and training time e.g. in manufacturing and field servicing.  For example, DHL is reported to have seen a 15% jump in operational efficiency in item picking because employees can use Google Glass (2) to receive real-time item picking instructions while on the warehouse floor.

Upgrades

The upgrades in Glass 2 compared to the last Enterprise Edition include:

  • A more powerful multicore CPU (central processing unit) and a new artificial intelligence engine to improve performance and support for vision.
  • Glass-compatible safety frames to help in different types of demanding work environments.
  • Improved camera performance and quality.
  • The inclusion of an SB-C port that supports faster charging and increased overall battery life.
  • The fact that it’s built on Android, so it’s easier to deploy, develop and improve.

Price

The price tag for Glass 2 is reported to be $999.

Criticism

Google’s Glass products have suffered criticism in the past over concerns about privacy, functionality and safety e.g. possibly reducing peripheral vision while driving.

What Does This Mean For Your Business?

Wearables and AR are both finding many value-adding real-world applications in multiple industries, and with Google’s Glass 2 being a combination of the two it has the huge potential that it always had, but this time with some technical improvements, a clearer marketing focus, and some real business world success stories to help back it up and provide the social proof and ROI information that businesses may be looking for.  The high price tag could, therefore, be offset by the potential efficiency savings, and added employee and customer benefits that could result from enterprise adoption of Glass 2.

Microbe Grown Headphones Offer Hope In Fight Against Plastic Waste

Posted on by Andy Miller

Finnish design house Aivan has shown how its ‘Korvaa’ headphones can be made from natural, microbe-grown, biodegradable materials, thereby offering hope in reducing the amount of plastic waste that goes to landfill or litters the natural world.

Natural Prototype

Although the headphones don’t actually work, the concept that has been created shows how a mixture of fungus, bioplastics, and other natural materials could provide an eco-friendly and equally as functional replacement for the kinds of non-biodegradable toxic plastics and materials that in a throwaway society would end up polluting the environment long into the future.

Design house Avia worked with scientists from VTT Technical Research Centre of Finland and Aalto University, to show how a three-dimensional object that’s familiar to consumers and contains a variety of materials could be made from natural and biodegradable materials.

Made of What?

Aivan’s concept for headphones shows how the main structure for the crown and cup shell can be made from a 3D-printed bioplastic that is a by-product of yeast processing lactic acid.

The padded earpieces can be made from the ‘hydrophobi’ protein which acts like foam because it has bubbles produced by a fungus and reinforced with plant cellulose. The padding can be covered with a fungus-derived mycelium that provides an alternative leathery and flexible material.  A mesh, made from synthetic spider silk can then be placed over the top of the speakers in the headphones

Synthetic Biology

The Korvaa prototype headphones, which took 6 months to develop and used materials which had to be grown rather than simply made in a chemical process are an example of synthetic biology/synbio which is a technology and discipline that fuses engineering with biology to fabricate materials, produce energy and treat illness.

On Display

The Korvaa team’s headphones will be displayed at Fiskars Village Art & Design Biennale 2019 (19 May to 19 September), and at Helsinki Design Week 2019 from 5-15 September 2019.

Others

There are companies already marketing eco-friendlier and more sustainable tech and music hardware products such as House of Marley speakers made from natural materials (alongside recycled metals and plastic), as well as ‘LSTN’ and ‘Thinksound’, both of which use wood in their headphones.

What Does This Mean For Your Business?

Even though the Korvaa headphones don’t work, they do show how microbially grown materials can have a real-life, value-adding application in terms of providing the same functionality as plastic counterparts, but without the long-term environmental risk.  Also, with more research and development, these types of new materials with improved properties could replace plastics in the future, thereby helping to tackle a major environmental issue.  This may of course take time, and there are likely to be cost and other implications for producing goods of this kind.  Nevertheless, it is likely that today’s consumer will find biodegradable goods of this kind an attractive option if they provide equivalent benefits and performance to the existing options, at a price that isn’t prohibitive.

Serious Security Flaws Discovered In Popular GPS Tracker

Posted on by Andy Miller

Researchers at UK cyber-security company, Fidus Information Security, say that they have found security flaws in a popular Chinese-manufactured white-label location tracker that could be serious enough to warrant a recall.

Which Tracker?

The GPS tracker which is used as a panic alarm for elderly patients, to monitor children, and to track vehicles is white label manufactured but rebranded and sold by several different companies which reportedly include Pebbell (by HoIP Telecom), OwnFone Footprint and SureSafeGo. The tracker uses a SIM card to connect to the 2G/GPRS network.  According to Fidus at least 10,000+ of these trackers are currently used in the UK

What’s The Problem?

According to the researchers, simply sending the device a text message with a keyword can trick the tracker into revealing its real-time location. Also, other commands tried by the researchers can allow anyone to call the device and remotely listen in to its in-built microphone without the user knowing, and even remotely stop the signal from the tracker, thereby making the device effectively useless.  On its blog, Fidus lists several other things that its researchers were able to do to the device including change or completely remove all emergency contacts, disable the motion alarm, disable fall detection and remove any device PIN which had been set.

All these scenarios could pose significant risks to the (mainly vulnerable) users of the trackers.

According to Fidus, one of the main reasons why the device has so many security flaws is that it doesn’t appear that the manufacturers, nor the companies reselling the devices, have conducted any security testing or penetration testing of the device.

PIN Problem

The research by Fidus also uncovered the fact that even though the manufacturers built in PIN functionality to help lock the devices down, the PIN, by default, is disabled and users need to read the manual to find out about it, and when enabled, the PIN is required as a prefix to any commands to be accepted by the device, except for REBOOT or RESET functionality.  The problem with this is that the RESET functionality is the thing that really could provide any malicious user with the ability to gain remote control of the device.  This is because is the RESET command that wipes all stored contacts and emergency contacts, restores the device to factory defaults and means that a PIN is no longer needed.

What Does This Mean For Your Business?

What is particularly disturbing about this story is that the tracking devices are used for some of the most vulnerable members of society.  Even though they have been marketed as a way to make a person safer, the cruel irony is that it appears that if they are taken over by a malicious attacker, they could put a person at greater risk.

This story also illustrates the importance of security penetration testing in discovering and plugging security loopholes in devices before making them widely available.  This is another example of an IoT/smart device that has security loopholes related to default settings, and with an ever-growing number of IoT devices out there, many of them perhaps not tested as well as they could be, many buyers are unknowingly at risk from hackers.f