Tag: iot

  • Daring to Imagine Cyberwarfare

    Daring to Imagine Cyberwarfare

    Disclaimer: this article is meant to prevent the hostile use of technology by encouraging transparency and highlighting the major risks that await us during the coming years. I live on a planet where I don’t want to have nuclear weapons and especially not nuclear weapons that can be hacked^.

    Computer viruses and hacking have been around since the dawn of the Internet. But while some time ago the platform was used almost exclusively by academics and the tech-savvy, the Internet is now quickly becoming one of the central technological pillars of our society. Particularly in developed countries, countless vital social systems are now connected to it, ranging from the run-of-the-mill residential heating system to critical infrastructure such as hospitals, public transport and even military.

    In the same time, the skills and tools in the cyber-soldier’s arsenal have greatly increased in potency. Even more importantly, the interest and will to compromise connected systems has increased exponentially in the past decade. Some years ago, the Internet was home to mostly petty crime and the occasional larger security breach. Now-a-days, state actors such as the United States^, North Korea^, and pretty much all major powers and nation-states involved in military conflicts, train and make use of cyber-hacking squads.

    Independent hackers (not aligned with any nation-state or political cause) and hacktivists^ (hackers with a presumably ethical agenda) have also evolved. They’ve become very well organized and armed, sometimes using digital weapons acquired from state agencies. One of the biggest vulnerabilities of cyber-weaponry is that it can be copied and distributed in a matter of seconds.

    In 2017, the NSA was humiliatingly robbed^ by hackers. Immediately after, the agency’s arsenal was distributed and sold^ to organizations across the globe. Some major^ security incidents^ followed. I’m sure that what was made public so far only scratches the surface^ of the damage done. The increasing popularity of ransomware^ will lead to many more such attacks in the future^. After all, it appears like North Korea got itself quite a bit of money using WannaCry^.

    Judging by the trend of the past decade, it sure looks like things will get worse before they get better. As more and more devices come online, the risks will only increase. The cyber-arsenal of the 2020s is beginning to look very scary, especially when considering the exponentially increasing number of targets. Combined with the way technology permeates our lives (and how much of our personal information is in the hands of companies that profit from selling data^), a country could find itself brought to its knees before a single shot was fired.

    Throughout the past few years I’ve been compiling a list of cyber-attack methods ranging from the mundane to the most interesting and devious. Later in the article I’m going to present you with a few scenarios showing how these methods could be used against a nation-state. I do this in the hope that governments will take the necessary steps to protect their citizens (and, in fact, the entire world) from what I consider to be the blitzkrieg of the 21st century.

    Means of Cyberattack

    This list is by no means exhaustive and I aim to regularly maintain it. It’s important to also keep in mind that none of the items on this list is particularly devastating by itself. The power of today’s cyber-attacker lies in mastering the art of combining several attacks to reach the desired result, something that will be covered in the second part of the article.

    • Worms^ and viruses are the oldest means of cyberattack. Despite the popularity of antivirus programs, these old acquaintances of ours can still wreak havoc long before antivirus makers can issue the required countermeasures. The omnipresence of the Internet has allowed viruses and worms to maintain their feasibility.
    • Spyware^ is commonly perceived as a tool employed by shady organizations in order to acquire user data (with the purpose of monetizing it). It’s much more dangerous than that. I’m unsure if espionage saved more lives than it destroyed, but through the use of spyware, people with little foresight (for example script kiddies^) can gain access to information that can destabilize a fragile geo-political and economic balance. What’s even more dangerous is that influential leaders can be blackmailed using data grabbed by spyware. And this sort of attack has been evolving as of late. Check this one about ultrasound tracking^.
    • Exploits^ are another very old acquaintance in security circles. All software has bugs. Vulnerability scanners^ are a means of automatically and easily discovering ways to deliver attack payloads such as trojan horses^. It became much worse in the past few years because various technology companies started giving remote access “features” to their devices^ – in fact, these “features” have quickly turned into messy back-doors. I suspect governments have played quite a role in motivating device manufacturers to install these back-doors. Perhaps I can entrust a government to spy only for fighting crime, but unfortunately these same tools quickly get into the hands of the same category of people the government is presumably trying to reduce. However, I think that the privacy compromises made in the name of “fighting crime” are causing more damage than they prevent.
    • Social engineering^ and phishing^ are newer additions to the cyber-arsenal. These means of obtaining private information and gaining access to restricted systems have become popular thanks to the Internet, and particularly when millions of less tech-savvy people started using it.
    • And now onto more inventive means of attack. In 2017, students demonstrated that sonic attacks^ can be used to disrupt vehicle steering systems. This is just the tip of the iceberg though.
    • As far back as 2016 (which is ages ago in technology), researchers have proven that a Skype call’s sound^ can be scraped to detect up to 41.89% of the keystrokes somebody presses during the call. The ratio goes up to 91.7% if there is knowledge about the keyboard model being used and the user’s typing behavior. With the advent of machine learning^, I’m quite sure that these numbers can be greatly improved. Given enough data, a program can recognize the model of the keyboard being used after analyzing the sound of a couple of sentences being typed, and then be able to map every sound to the appropriate key. When in doubt, the same program can employ a dictionary of common words and phrases to figure out the gaps.
    • Hacking robots is quickly becoming a serious threat. One of the most famous cyberweapons ever employed was the Stuxnet^ worm, which was responsible back in 2009^ for damaging Iran’s nuclear program. Legal experts have actually concluded that, despite the worm’s “good intentions”, its use was illegal^. Despite my opposition to nuclear weapons, I find it hypocritical when one country forbids another to build them through dehumanizing excuses such as “you are irresponsible warmongers”.
    • Continuing with robot hacking, we’re living in an age when more and more of the technology we use becomes “smart” (read: exploitable). Enter “smart” cars (read: hackable cars^). And this Internet of Things^ thing is gaining momentum despite all the warnings out there^. As internet pioneer Bruce Schneier recently pointed^ out, “it might be that the internet era of fun and games is over, because the internet is now dangerous.”
    • Last but not least, here’s my absolute favorite cyber-attack. Hardware backdoors^! As the Wiki article points out, “China is the world’s largest manufacturer of hardware which gives it unequaled capabilities for hardware backdoors”. A well-hidden back-door^ may never be discovered until too late. This is one of the most effective and most expensive weapons in the cyber-arsenal; only nation-states or large corporations can afford deploying it. And I’m quite sure that almost all of our devices are ridden with such crafty points of entry.

    Cyberwarfare

    So now that the little list of doom is more or less complete, let’s see what attack vectors combinations are likely to be used in a major confrontation where the target is a technologically-developed country. Here, the imagination’s the limit, so I’ll just give a few scary examples to make a point and leave the rest of the inventing to those that have more time (and money) for it.

    • A country can be very easily thrown into chaos by a well-orchestrated cyberattack. Just suppress the invasion alert system^, shut down the power grid^, overload the communication networks^, mess with the self-driving traffic and other robots, disrupt stock markets and, of course, invade with conventional troops that have a better knowledge of the invaded country than the defending army does. Sounds difficult? Not for a nation-state that does its homework. There is so much personal data and so many vulnerabilities out there! A secret agency can work its way into the system by blackmailing the right people and ask them to do seemingly harmless favors at just the right time. Slowly but surely, foreign software is everywhere and plenty of vulnerabilities have been created and exploited.
    • How about taking over an armed outpost with no casualties on the attacking side? It can be done by taking out all the guards, silently and quickly. It’s easy when the attacker knows their patrol routes^ by heart. The article I linked shows how a seemingly harmless app reveals such information because some soldiers use it to track their fitness. Hilarious and dangerous in the same time. Because of the hardware backdoors most likely present in our devices, it’s fairly safe to assume that at least some countries on Earth can probably activate GPS tracking on seemingly harmless mobile devices in case of war. Even if measures are taken to counteract this, we’re talking 21st century technology here: conventional weapons have evolved and, used in conjunction with various surprise elements, can win a war faster than nukes. This is because nukes simply destroy everything, whereas a well-orchestrated attack can result in hostages, hijacked equipment and most importantly, access to secure data systems.
    • One of the most awful attacks I’ve ever read about was when an epileptic journalist was sent into a seizure^ after somebody sent him a strobing image using social media. This led to an arrest. It shows not just what our technology allows, but also how deviously inventive people can be. The attacks combined here are knowing something about somebody and then employing a means of delivery (social media) for sending a dangerous payload (an image causing an epileptic seizure).
    • And we can’t forget meddling into politics. It’s already well-known that Russia interfered^ in the 2016 election over in the USA. And guess what: they still interfere in daily life there^. It’s already turning into a fashion, and probably other countries are taking notes and getting ready to follow suit. Now-a-days not a single shot needs to be fired to push a country over the brink. A clever use of cyber-weapons can give a nation-state a solid advantage in a trade or cultural war. Divide et impera.
    • Some time ago, somebody deactivated Trump’s Twitter account^. Even though hopefully nobody would believe a nuclear war declaration from a Twitter account, such a security breach could be coupled with fake radar signals or other misleading information. A paranoid adversary might be quick to pull the trigger and in the aftermath, there won’t be many winners.
    • As our technology evolves, so will our use of various robots. Self-driving cars, fully automated factories and countless jobs that will soon be given to robots. It’s not hard to imagine the amount of damage that can be done to a country’s infrastructure and population by a well-orchestrated cyberattack.
    • Last but not least, let’s talk machine learning. As I pointed out before, AI is not really intelligent yet^. Many developed countries make use of machine learning for all sorts of things, such as super-fast trading on the stock market. As the years pass, we will see more systems being automated, but not able to discern right from wrong. And what will happen when such systems are hijacked? What would a terrorist do with an AI? This is a door that my imagination doesn’t want to open.

    Countermeasures

    Security needs to be taken much more seriously. In 2017, a bunch of big names got together with the purpose of securing the Internet of Things^. At least once in a while, it’s good that corporations seem capable of actually cooperating. Or can they?

    The website of the famed alliance looks deserted^; there are very few resources there and it seems like it hasn’t been updated since its launch in early 2017. Unfortunately, in the age of hyper-consumerism^, such a publicity stunt is probably enough to keep people thinking that these companies actually care about security (they don’t seem to). So, the majority keeps buying insecure devices that can eventually be used against them (and their countries).

    Shortly after writing this article (12 days, to be precise), a new, fancier alliance between tech behemoths launched the Cybersecurity Tech Accord^ with great fanfare. Let’s wait and see if their website^ will still be around in about a year from now…

    I believe the only way for society to protect itself from online threats is to:

    • Use open source software exclusively and thoroughly verify it, line by line.
    • Rely on open source hardware designs or come up with them itself (it’s not so difficult now-a-days – several countries already do this).
    • Build all critical hardware in-house (local factories, local employees).
    • Secure communication endpoints with encrypted routers using multiple layers and fallback endpoints, similar to TOR^ but with additional layers of redundancy (similar to two people having to turn the same key at the same time in order to launch a missile).

    And last but certainly not least, we have… quantum cryptography^. This could be a savior but it remains to be seen if nation-states and corporations will ever allow its use by the general public. China has been making great strides^ when it comes to this technology. Yes, the same China that manufactures most of our electronics. I wonder why they’re so interested in secure communication…

    Version history:

    2018-04-06 – 1.0 – Written.

    [ax_meta fbimgurl=’http://mentatul.com/wp-content/uploads/2018/05/002835-Cyberwarfare-Share.jpg’ lnimgurl=’http://mentatul.com/wp-content/uploads/2018/05/002835-Cyberwarfare-Thumb.jpg’ fbimgw=’1170′ fbimgh=’350′ lnimgw=’250′ lnimgh=’250′ title=’Daring to Imagine Cyberwarfare’ desc=’The skills and tools in the cyber-soldier's arsenal have greatly increased in potency. Even more importantly, the interest and will to compromise connected systems has increased exponentially in the past decade.’]

  • Machine Learning and Our Future

    Machine Learning and Our Future

    Machine Learning is all the rage these days. Be it computer vision, speech recognition, pattern matching or high-speed decisional capabilities, this century is the century of software. Like all technological revolutions, there’s potential for miracles and catastrophes.

    Large corporations have started to realize^ that Machine Learning is a way to prevent smaller competitors^ from threatening them. This is because small companies can’t (yet) afford the huge infrastructure and Big Data investments that ML requires. It’s not surprising then that Microsoft, Google, FaceBook and others have open-sourced ML platforms, trying to attract developers and smaller companies to their ecosystems.

    This post will touch on but a few of the changes we can expect in the coming decades thanks to the upcoming advances in Machine Learning. Looking at our history, we can see how the industrial revolution has supercharged our progress as a species. I believe that the Machine Learning revolution will make the industrial revolution seem like a snail in slow motion. This is both hopeful and scary.

    The purpose of any post in the Futurology^ category is to launch a wild, boundless speculation regarding what the future holds regarding a certain concept. To get things going, here are some of the things I imagine can be accomplished in the near future (coming decades) by Machine Learning. Feel free to submit your own ideas in the comments below. With your approval I may integrate these in the article, giving proper credit.

    • Speech recognition is already quite advanced. In the coming decade, most day-to-day electronic devices will understand what humans speak. Additionally, these devices will form an interconnected sensorial mesh via the Internet of Things. Privacy will obviously be a major concern.
    • Without any prior technical knowledge, people will soon be able to talk to the robots that are about to enter our daily lives, both indoors^ and outdoors^. Countless jobs will be transformed or outright eliminated. Companies will jump at the opportunity of cutting costs. While some of this will have beneficial effects on some (company stakeholders for example), society might be negatively impacted as there will be plenty of those that cannot find a new job in a world that is increasingly robotized. Hopefully at least a part of the next generation of superrich few will empathize with the disadvantaged many.
    • Advanced algorithms are already able to take better (and much faster) decisions than humans in some fields (for example management of traffic, energy and bandwidth). This capability will expand to more and more areas. This development should not be confused with True Artificial Intelligence^, but will still mean that yet more jobs will be given to automated systems. Here’s for example how Google used machine learning to save a massive 15%^ in data center costs.
    • Companies that own data infrastructure will become dangerously powerful. Just look at how FaceBook allowed^ Russia to interfere^ in one of the most influential electoral contests in the world. Given the narrow difference between the candidates, it is quite possible that Russia’s influence (of which only a small part will ever be uncovered) will have been a decisive factor.
    • Governmental oversight could prevent a lack of balance in society, but strong lobbying from powerful corporations will continue to corrupt the purpose of government (in most countries, our representatives have long ceased representing us, if they even ever did).
    • The influence of ML throughout the economy means that society will have to find ways to protect those that are at risk of being crushed under the weight of the coming changes. In a way reminiscent of the industrial revolution, entire job sectors will become obsolete overnight, except that this time around the changes will come even faster and affect more people. Fortunately, we are also wiser and richer than a century ago so we are well positioned to find constructive solutions.
    • We may enter a period where creatives (artists) will again be in high demand. At least until True A.I. is upon us, machines still can’t create art. No matter how advanced an algorithm may be, the art it creates will still be a soulless mixture of unoriginal and random.
    • We run the risk of falling under total surveillance, aka Super Big Brother. This is much worse than what George Orwell could have even imagined when he wrote his 1984 novel. Super Big Brother doesn’t need humans to listen-in to conversations. It simply records everything (this is already being done, as the Snowden leaks proved). Then, somebody (like an oppressive authority that seeks to exterminate dissent) asks it to find certain information in text, audio or video recordings. If we now think that we have little privacy left, Super Big Brother will make things exponentially worse. Update 2018-04-30: check how China is using facial recognition in Guiyang^.
    • However, all is not so bleak. If good people act, there is another invention that will shackle Super Big Brother. That invention is open surveillance. All systems used for surveillance shall be based on open source software. All people being surveilled will be able to access their information and know why it was recorded (you were in a public space, you were suspected of a crime, etc.).
    • Government will put privacy back in the hands of the people. Because government has to be the people. And because lies and secrets never truly saved the world (although perhaps they helped in postponing major conflicts without, however, fixing the underlying problems). It will be openness and communication that will be proven to be the only way forward if we are to survive.

    The Futurology Disclaimer: I do not claim that my ideas are original. I’m sure these suggestions are just scratching the surface of what can be achieved, but hopefully they’ve scratched enough to get somebody inspired to come up with more. I’m also sure many of these ideas are already being worked on by several organizations. If any of the ideas listed by anybody on this page are original and will benefit any organization, I expect credit to be given where it’s due.

    Version history:

    2017-11-23 – 1.0 – Written.

    2018-04-30 – 1.1 – Added link about Guiyang use of facial recognition.

    [ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2017/11/02534-MachineLearningAndOurFuture-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’Machine Learning and Our Future’ desc=’Like all technological revolutions, there's potential for miracles and catastrophes.’]

  • Kitchen 3.0

    Kitchen 3.0

    The age of interconnected devices and gadgets is slowly dawning. This category of communications-capable electronics has been labeled “the Internet of Things” – somewhat of a misnomer now-a-days when it is obvious that the security threat of any machine reachable from the Internet is enormous. Perhaps quantum cryptography will one day address this issue. Until then, home owners will probably be safer by using offline “smart home controllers” with manually-upgradeable firmware in what will be an Intranet of Things.

    Irrespective of the name, this new wave of electronics is still barely in its infancy. Any company worth its salt has to prepare for how business will change in the coming decades. And there’s nothing more disruptive than what is basically the rise of the first mainstream generation of highly task-optimized robots. Indeed, a smart refrigerator is basically a robot focused on a certain task.

    While the first robots accessible to everybody will still function very much like our current appliances, their smarts will open up a myriad opportunities for ground-breaking innovation. Because the kitchen contains a large amount of appliances, let’s explore how all these can be interconnected in order to provide an evolutionary leap when compared to today’s emerging Kitchen 2.0 where we do have smart devices but they are working by themselves rather than in cooperation.

    The purpose behind any post in this Futurology^ category is to launch a wild, boundless speculation regarding what the future holds regarding a certain concept. To get things going, here are some of the things I imagine we’ll find in the kitchens of the near future (coming decades). Feel free to submit your own ideas in the comments below. With your approval I may integrate these in the article, giving proper credit.

    • Among its kitchen brethren, the refrigerator is going to see some of the largest changes to the way it operates. First of all, it will be able to manage its own contents and automatically order things its owners usually consume. Secondly, it will become smaller due to the increased efficiency in food delivery.
    • The way goods arrive in our household will fundamentally change, paving the way for new companies to establish themselves or creating new opportunities for profit for existing companies, such as Walmart which, 7 months after this article was published, has started experimenting with deliveries directly to the refrigerator^. Almost all perishable goods will be delivered by robots, most likely by self-driving trucks. We can’t exclude aerial drones that land packages on the rooftop of buildings. However, this is far less energy efficient and current experiments with this technology are either marketing gimmicks or attempts to create a segment for very fast but also very expensive shipping.
    • After delivery, a property’s own small transport robots will take the goods and store them in a Central Refrigerator. From there, the products will be distributed upon request to individual household refrigerators.
    • There will be no need for a refrigerator to have more than a day’s quantity of milk because more milk will be just 1 to 5 minutes away. Apartment buildings will have a Central Refrigerator somewhere in the basement, so quite close to family refrigerators. Product delivery will be slightly longer for areas with villas (due to the Central Refrigerator being located in a separate building somewhere close by).
    • All food orders will go to the Central Refrigerator. This will, in turn, bulk orders together and get the best offers from various warehouses in the area. Such a system will also save power due to having more efficient storage and much less heat leakage – the main door of this large refrigerator will almost never open because small delivery robots will go in and out through isolating access hatches.
    • Cooking a meal will often be as easy as pressing a button. People will be able to download recipe-programs for their kitchen. A recipe will therefore consist of a list of items that the refrigerator has to order and a set of instructions for various kitchen appliances. Some ingredients such as flour, sugar, oil, will be available to purchase in packages with the exact dosage required for the recipe, reducing waste and making it easier for Kitchen 3.0 to prepare the recipe.
    • Kitchen appliances will be integrated in one single block inside which ingredients can be transported from one section to another using various robotic arms. I’ll call this the Kitchen Block. Products that don’t require refrigeration will be brought from a larger storage compartment, either inside the home or a common storage location used by more families.
    • Baking a cake for example will consist of the mixer requesting items from various storage locations. The mixer will also be able to assign tasks to other sections of the Kitchen Block, such as asking the oven to toast some nuts before sending the cake batter to it.
    • All appliances will therefore be a part of a single unit, able to give instructions to each other. This will be done using preferably open source protocols and open standards, which is probably the only way for the manufacturers of various robots to be able to allow these machines to work with each other.
    • There will still be plenty of room for people to cook by themselves if they so wish, but more and more citizens will become recipe downloaders and/or developers. Creating a recipe program will probably not be so difficult, since in the coming decades computers will be operable using natural language. This transition is already taking place.
    • Despite the recipes being programs, they will be human-readable, making it very hard for an attacker to hack Kitchen 3.0. Combined with a strict security policy based on user approval and only minimal communication with the Central Refrigerator and similar “Master” robots, Kitchen 3.0 has good security prospects.
    • On the topic of Master robots, does every home really need something as complex as a Kitchen Block? Perhaps it should belong together with the Central Refrigerator, serving more than one household. This way, costs will be kept down and cooking will be more efficient. Then, Kitchen 3.0 could be split into a central section and a trimmed down “thin client” located inside each family’s home.

    The Futurology Disclaimer: I do not claim that my ideas are original. I’m sure these suggestions are just scratching the surface of what can be achieved, but hopefully they’ve scratched enough to get anybody inspired to come up with more. I’m also sure many of these ideas are already being worked on by several organizations. If any of the ideas listed by anybody on this page are original and will benefit any organization, I expect credit to be given where it’s due.

    Version history:

    2017-02-16 – 1.0 – Written.
    2017-09-23 – 1.0.1 – Added a link about Walmart experimenting with deliveries directly to the refrigerator.
    [ax_meta lnimgurl=’http://mentatul.com/wp-content/uploads/2017/04/01904-Kitchen30-Thumb.jpg’ lnimgw=’250′ lnimgh=’250′ title=’Kitchen 3.0′ desc=’While the first robots accessible to everybody will still function very much like our current appliances, their smarts will open up a myriad opportunities for ground-breaking innovation.’]