QUANTA

Saturday, May 7, 2011

 Robert Vamosi: Gadgets degrade our common sense

Interview: Author of When Gadgets Betray Us discusses our dangerous love affair with tech...

By Shelley Portet, 5 May 2011 12:34

INTERVIEW

In a world where gadgets are growing more sophisticated, human behaviour is changing - and not in a good way.

That is what Robert Vamosi, author of When Gadgets Betray Us argues in his book, which examines the dangers of our growing dependence on technology.

As gadgets develop the ability to multitask seemingly endless functions, Vamosi argues that people are increasingly unable to think for themselves.

"Instead of lifting our heads, looking around and thinking for ourselves," Vamosi writes, some of us no longer see the world as human beings have for thousands of years and simply accept whatever our gadgets show us.

He documents how one woman narrowly missed being hit by a train after she followed sat-nav directions over a railway track. While she got out of her car to open the level-crossing gate, a speeding train drove straight through her vehicle. While this may be an extreme case, Vamosi argues that we are developing a culture of dependence on technology to the detriment of our common sense.

Take the keyless car-locking systems fitted in many modern cars. "With gadgets we believe that a new technology - such as anti-theft circuitry in our cars - somehow trumps all the real-world experience we've gained over the years," Vamosi writes.

"Instead, we should be layering our defences - such as parking in well-lit spaces, using a physical lock on the steering wheel or brake pedal and applying anti-theft technology - adding rather than subtracting security."

Vamosi told silicon.com that people take comfort in the beeping sound of the anti-theft car-locking system and in the flashing light on the dashboard. "We think that security has all been taken care of. But you're never ever going to be able to keep the bad guy out," he said. "You just have to make it really hard for them to get in so they give up and walk away and try somebody else - so layering security is really important."
Convenience can cause vulnerabilities

One of the main reasons we love gadgets is that they make life more convenient and offer an increasing number of features. However, Vamosi believes the integration of features can lead to unintended data sharing.

"When we're attracted by the bling-bling and the gosh-wow of gadgets, we're not really thinking about all the things that might be going on inside it," he told silicon.com.

"I don't think we realise that when we take a photograph now with our mobile phone, we are also...

...recording our location. "When we put that picture up on the internet we are also broadcasting to the world where we were at the time we took that picture."

Vamosi said some people may not mind sharing their location data but he believes most are not even aware they have the choice.

"Privacy ultimately comes down to the person. There are extroverts and they love to share everything that they're doing with everybody and so for them it's not a big deal. For me, I'd like to be able to say, 'Well, no, I'm a little uncomfortable with that and I want to turn it off'."

Vamosi wants to encourage people to ask whether they really need all these gadgets connecting to the internet. "Do I really want my location data or my contact information shared?" he said.
Making it easy for criminals

More complex gadgets also increase the chances of data being stolen as well as being given away. Vamosi argues that the more convenience offered by a gadget, the more vulnerable to hacks it tends to be.

Indeed, Vamosi said to provide consumers with the easy-to-use interfaces and convenient features they demand, the technologies used are becoming more complex than the average consumer can grasp.

"We no longer read the manual before powering on. We demand intuitive interfaces that appear up and running right away, while often masking important security settings," Vamosi told silicon.com.

In When Gadgets Betray Us, Vamosi writes: "Gadget manufacturers that simplify their complex technologies only give us the illusion of control, and this in turn opens the door to greater risk.

"One of the unintended consequences of convenience is complexity. To make things easier, to connect more things, we must introduce complexity," he said.

This complexity leads to greater vulnerability, Vamosi argues, as the more complex a system is, the easier it is for cybercriminals to find a fault they can exploit.

Vamosi argues that the concept of hardware hacking, though relatively new, is a threat we should be taking seriously. He said most of us take the security of our gadgets...

...for granted - we don't realise that the software inside a car key fob can be hacked just like any other software program.

"Gadgets now have chips, they now have memory, they are now programmable, and they are now - potentially - causing problems," Vamosi said.

"Now the bad guys are starting to realise that they can use an infrared remote control for a hotel room TV to access more data about the hotel. They can use these common gadgets in very different ways."

In his book, Vamosi documents how researchers managed to hack into a test car to disable the anti-lock brakes, selectively brake individual wheels on demand and even stop the engine - all while the car was moving.

In this case, cars have become more susceptible to increasingly dangerous hacks due to technological innovations that are meant to make driving simpler and more convenient.

The increasing number of gadgets that are internet-enabled concerns Vamosi in particular, because they remove the need for hackers to have physical access to a device.

This issue becomes even more serious when gadgets such as implantable medical devices, like pacemakers and cardiac defibrillators, are linked to the internet.

"When it comes to pacemakers it can be really scary. I don't need to understand the code. I can just throw gibberish at it and cause a denial-of-service attack because it is not doing what it is supposed to be doing, which in this case could be life-threatening," Vamosi said.
Changing role of the CIO

Gadget hacks can have serious implications for corporate security, but Vamosi argues that businesses should not try to restrict the use of new devices by their workforce.

The age of the corporate firewall and perimeter security is becoming increasingly irrelevant anyway, said Vamosi, who writes that with employees able to instant-message and email sensitive information, "corporate firewalls are already as porous as Swiss cheese".

With the advent of tablet devices and the increased sophistication of smartphones, Vamosi believes businesses need to rethink the entire concept of data security.

He gives the example of Google, which decided to allow workers to use their smartphones and tablets at work and run whatever operating system they want. Unable to protect the network from every new gadget, the then CIO Douglas Merrill took a different approach.

Rather than securing a firewall, Google...

... protects the data through access rights, and protects the gadgets themselves with security software.

"This radical rethinking of security has yet to take off," Vamosi writes. "But I think it will be more common in the coming decade."
Hardware manufacturers in denial

Despite the new threats posed by gadgets to individuals and businesses, hardware manufacturers are still reluctant to engage with what Vamosi terms the research community - that is, hackers with a social conscience - to discover the flaws in their devices.

"I don't think the hardware manufacturers have teams of security people yet and so they are unable to respond when a researcher comes forward and says, 'I've found these flaws with your device'. Often they will just say, 'Go away. We're not talking about it, we can't handle this'.

"I would like them to start a dialogue and recognise that, yes, some of their gadgets can be hacked into and they can be part of the solution."

Vamosi points to the software industry as proof that attitudes towards hackers can change.

"Ten years ago in the software industry, when someone would point out a flaw in a Microsoft product, there was a period of time when Microsoft would just say, 'No, it's not a big issue. Don't worry about it'," he said.

The situation is now markedly different with companies such as Microsoft operating formal structures for engaging with hackers, according to Vamosi.

"However, it's very expensive to recall a piece of hardware - it's not the same as pushing out a software update.

"Putting the security on the chip itself, so they're not layering it on as software on top of something, is one way manufacturers can get on top of this situation," Vamosi said.

Hardware manufacturers often play down the significance of vulnerabilities by arguing they would be too expensive and time-consuming for common criminals to exploit, but Vamosi disagrees.

"Organised criminals do all the hard work. They have the infrastructure to invest in the research and development needed to make that initial crack. Once they figure out...

...the algorithm for an expensive car, they are able to pass it on to the street-level thugs who actually do the stealing," he said.

"So the argument that it requires too many resources falls apart because a committed organisation of any kind could pull off these kinds of things. Certainly, if a researcher from a university in a lab somewhere can pull it off, I think a criminal could pull it off as well."
Feeling paranoid?

Glancing at your smartphone worrying what private data it might give away next? Vamosi has some words of comfort.

"We do not yet live in a world where the government can tell where you are at any given moment and flash adverts in your face like the film Minority Report," Vamosi said.

"I think it's more like the end of Indiana Jones where you've got this vast warehouse of data and they're taking the Ark to be in some row in some queue way back in the far corner where it will probably get lost," he added

"We have mountains and mountains of data but we are not yet at a point where we can data-mine it very specifically to you. We can data-mine it to groups of populations but coming down to you specifically? I'm not yet paranoid about that."

Still not convinced? Vamosi also offers some words of advice to anyone who might want to make their smartphone more secure.

"Go and look at the configuration settings and turn off wi-fi - in most cases you won't need it if you've got a cellular signal," advises Vermosi.

"By having wi-fi turned on, you don't have a firewall on your iPhone, so when you go into a public wi-fi situation you are open to a man-in-the-middle attack or someone eavesdropping on your transactions."

"Turn off Bluetooth as well because chances are you don't need to be associating with another gadget. Also, go into the camera and turn off the location data because you don't need to put location data with your photographs."

"Those types of configuration changes will go a long way to keeping your device or gadget safe," adds Vermosi.

So no need to throw your iPhone off a cliff - just yet.

Source: http://goo.gl/g5GN2

Source and/or and/or more resources and/or read more: http://goo.gl/JujXk ─ Publisher and/or Author and/or Managing Editor:__Andres Agostini ─ @Futuretronium at Twitter! Futuretronium Book at http://goo.gl/JujXk