Your Information or Theirs?

The concept of allowing a company you purchase from to share your information with other companies has become very commonplace in our modern society.  Information like your name, email address, phone number(s), and even physical or mailing address are common pieces of information that will get shared by companies and you usually agree to it without even knowing you’re doing it.  Buried within most “Terms of Service” agreements will be some sort of clause that allows the company to share your data with other vendors or even to sell your data for their own profit.

What most of us do not realize is that the definition of that information is evolving almost as fast as technology.  The most recent and surprising example of this type of data sharing comes from the company iRobot, the makers of the popular Roomba vacuum.  According to an article by Hacker News, Roombas being manufactured since 2015 not only vacuum but also map your entire house as they do.  iRobot is apparently planning on selling and/or sharing this data with third-parties.

iRobot CEO Colin Angle stated, “there’s an entire ecosystem of things and services that the smart home can deliver once you have a rich map of the home that the user has allowed to be shared.”

Angle also mentioned that he is planning to push the company toward a broader vision of the smart home, and in the near future iRobot could sell your floor data with the business like Apple, Amazon, Microsoft, and Google.  He does add the caveat that it wouldn’t be without the user’s consent.

While I see the vision of the company and the positive aspects of sharing the data between devices inside a single home or building, the idea of data that specific about my life and my home simply scares me.  I have to ask myself, as should these companies, where do we stop or how much is too much?  I also worry about whether or not they will actually inform or request separate permission from their customers before they do this or if they just rely on their existing Terms of Service agreement.

Another, larger question on my mind deals with where will it go from here.  What new types of information will start to be gathered and sold by all of these new Internet of Things (IoT) devices we keep adding to our lives.  At what point is our privacy just not going to matter anymore? Honestly, it’s not technology or progress that is to blame, but rather the lack of forethought and the lack of care about people that I feel causes these issues.

My advice, as usual, is pay attention and be careful.  Be as aware as you can of the technology you use and the companies that make it.  Protect your data and your privacy at all costs.  If you have any doubts or questions, you can always contact us here at Cyber Watchtower and we will be glad to help in any way we can.

Austin Bynum
Chief Watchman
Cyber Watchtower

Austin Bynum has spent the last 18 years working in IT and network security.  His passion is to ensure everyone stays safe online and digitally.  His belief is that everyone has the right to be safe online without having to be their own expert.

Is “Biohacking” our future?

The term “biohacking” has developed several definitions over the past several years.  It has, however, increasingly come to refer to implanting of devices into one’s body in order to interface with technology.  e.g. the implanting of microchips for payment and other services.

From my perspective, I really dislike this term, especially because many people in the technology arena are advocates of this practice.  To me, it seems silly to take a word that typically has a negative connotation to people, like “hack”, and apply it to something you see as positive.

Regardless of the terminology, the real question lies in whether or not we should go down this path at all.  The debates range from technological advancement and the natural progression of technology to moral questions and even apocalyptic omens.  I’m not sure where you might fall in this, but for me, it is somewhere in the middle.

If you read my blogs at all, by now you should know that I love technology and have built my career around protecting people from the misuse of technology and trying to make to productive to increase the efficiency of our lives.  While I do understand that there is a natural progression to anything, including technology, I do think we forget to ask ourselves if the next step is really one we should take.

According to a recent article from Hacker News, “Marketing solution provider Three Square Market (32M) has announced that it had partnered with Swedish biohacking firm BioHax International for offering implanted microchips to all their employees on 1st August, according to the company’s website.  I encourage you to read this article and truly develop your own opinion on the subject as I think we will start to see this trending more and more.

As an IT professional, I totally see the benefits and security of this type of access control and monitoring.  They refer in the article to things such as door and computer access as well as vending machine purchases.  This is, in many ways, an IT Director’s dream.  One of the first positives that I see is that we essentially are eliminating the need for passwords on our computers if the access is controlled via these devices.  We, therefore, take the human element out of the equation of computer access which will always make IT people happy.  Or will it?  Let’s think about the new security concerns and other questions that will arise.

Security and other concerns:

  • How do you handle these devices once the employee has moved on from the company?  Do they keep it or do you have to have it removed?  What is the expense either way?
  • The devices use RFID to communicate.  How easy are these devices and/or their frequencies to copy, manipulate, or duplicate?
  • What are the long term health implications of these devices inside the body?
  • Are there other health concerns such as pace makers, defibrillators, etc?
  • Can the device or frequency be tracked off-premise or even via GPS?

These questions make up just a few of the concerns that will inevitably arise.  As with the case of introducing any new technology, we introduce an entirely new set of concerns and avenues for security breaches, many of which we are unable to see until we have implemented said technology.  Many times, it is near impossible to foresee all of the new issues and attack vectors that will arise from new technology implementation.

The hardest part for me is that I am such an advocate of new technology and where advancements are taking humanity.  I appreciate them and usually “geek out” over them initially.  However, I find myself having an ever-increasing reticence with things like biohacking and biometrics.  On the surface, they seem to just provide convenience and more peace of mind.  I contend, however, that many of these new technologies, especially authentication technologies, should be carefully examined and tested before implementation.  If there is one thing history has taught us, it is that if someone wants into something bad enough, they will get in.

Some food for thought for us all I suppose . . .

Stay connected.  Stay safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

Austin Bynum has spent the last 18 years working in IT and network security.  His passion is to ensure everyone stays safe online and digitally.  His belief is that everyone has the right to be safe online without having to be their own expert.

Who are you?

Even after all I have seen I am still amazed at how oblivious and trusting people can be.  Don’t get me wrong, I very much appreciate people trusting me, especially when it works in my favor.

Recently I was back in my home town which is a rather small place.  I need to set up a new PO Box for myself so I went to the local Post Office and filled out the application.  It is a relatively easy process but does require two forms of ID, one with a picture and one without.  I used my driver’s license and my car insurance.  The person working the counter did not know me but did know my mother.  I mentioned that and all of a sudden, I did not need to actually show my forms of ID.  I did list them on the application, but the person behind the counter did not even look at them.

I’m not complaining and I understand how small towns work.  I lived in one for a very long time.  I was still very shocked that my IDs were not even given a quick glance.

You may be asking, “Why is the Cyber Security guy blogging about this?”  The reason is simple.  Regardless of all that we do to protect ourselves online, people still miss the ever so simple, low-tech things that malicious people do to steal identities and get away with a crime.  Opening a PO Box in someone else’s name is one of the first things someone can do to establish a new and/or fake identity.

In this case, I know that the person at the Post Office was trying to be helpful and speed things along for my sake.  I know that it was done out of kindness and not apathy or anything like that.  What is disconcerting is the complacency that rampant in our society regardless of everything in the news.

My advice to those of you who work in any field where it may be part of your job to verify ID is to please do so.  I’m begging you from the perspective of a security professional, a consumer, and just a member of society.  Don’t make it easy for the bad guys to steal someone else’s identity.

My advice to everyone is to be careful.  Always be on the lookout for these types of situations.  I’m the kind of person who is thankful for the clerk at the department store who actually looks at my ID, then looks at me, then verifies the ID matches the credit card I am trying to use.  Why? Simple! I appreciate someone looking out for my wellbeing especially when it doesn’t take long to do.

So the next time you call customer support to someplace and they ask you questions to verify your identity, don’t get frustrated.  Be glad they have such procedures in place for your protection.  Also, if you are reading this and you are like me, spread the word to your friends and family.  Let’s all work together to help take the easy things away from those criminals and other malicious people out there who don’t care about our well being.

As always, stay connected but stay protected.

Austin Bynum
Chief Watchman
Cyber Watchtower