All posts in “Gadgets”

Many smart home device makers still won’t say if they give your data to the government

A year ago, we asked some of the most prominent smart home device makers if they have given customer data to governments. The results were mixed.

The big three smart home device makers — Amazon, Facebook and Google (which includes Nest) — all disclosed in their transparency reports if and when governments demand customer data. Apple said it didn’t need a report, as the data it collects was anonymized.

As for the rest, none had published their government data-demand figures.

In the year that’s past, the smart home market has grown rapidly, but the remaining device makers have made little to no progress on disclosing their figures. And in some cases, it got worse.

Smart home and other internet-connected devices may be convenient and accessible, but they collect vast amounts of information on you and your home. Smart locks know when someone enters your house, and smart doorbells can capture their face. Smart TVs know which programs you watch and some smart speakers know what you’re interested in. Many smart devices collect data when they’re not in use — and some collect data points you may not even think about, like your wireless network information, for example — and send them back to the manufacturers, ostensibly to make the gadgets — and your home — smarter.

Because the data is stored in the cloud by the devices manufacturers, law enforcement and government agencies can demand those companies turn over that data to solve crimes.

But as the amount of data collection increases, companies are not being transparent about the data demands they receive. All we have are anecdotal reports — and there are plenty: Police obtained Amazon Echo data to help solve a murder; Fitbit turned over data that was used to charge a man with murder; Samsung helped catch a sex predator who watched child abuse imagery; Nest gave up surveillance footage to help jail gang members; and recent reporting on Amazon-owned Ring shows close links between the smart home device maker and law enforcement.

Here’s what we found.

Smart lock and doorbell maker August gave the exact same statement as last year, that it “does not currently have a transparency report and we have never received any National Security Letters or orders for user content or non-content information under the Foreign Intelligence Surveillance Act (FISA).” But August spokesperson Stephanie Ng would not comment on the number of non-national security requests — subpoenas, warrants and court orders — that the company has received, only that it complies with “all laws” when it receives a legal demand.

Roomba maker iRobot said, as it did last year, that it has “not received” any government demands for data. “iRobot does not plan to issue a transparency report at this time,” but it may consider publishing a report “should iRobot receive a government request for customer data.”

Arlo, a former Netgear smart home division that spun out in 2018, did not respond to a request for comment. Netgear, which still has some smart home technology, said it does “not publicly disclose a transparency report.”

Amazon-owned Ring, whose cooperation with law enforcement has drawn ire from lawmakers and faced questions over its ability to protect users’ privacy, said last year it planned to release a transparency report in the future, but did not say when. This time around, Ring spokesperson Yassi Shahmiri would not comment and stopped responding to repeated follow-up emails.

Honeywell spokesperson Megan McGovern would not comment and referred questions to Resideo, the smart home division Honeywell spun out a year ago. Resideo’s Bruce Anderson did not comment.

And just as last year, Samsung, a maker of smart devices and internet-connected televisions and other appliances, also did not respond to a request for comment.

On the whole, the companies’ responses were largely the same as last year. But smart switch and sensor maker Ecobee, which last year promised to publish a transparency report “at the end of 2018” did not follow through with its promise. When we asked why, Ecobee spokesperson Kristen Johnson did not respond to repeated requests for comment.

Based on the best available data, August, iRobot, Ring and the rest of the smart home device makers have hundreds of millions of users and customers around the world, with the potential to give governments vast troves of data — and users and customers are none the wiser.

Transparency reports may not be perfect, and some are less transparent than others. But if big companies — even after bruising headlines and claims of co-operation with surveillance states — disclose their figures, there’s little excuse for the smaller companies.

This time around, some companies fared better than their rivals. But for anyone mindful of their privacy, you can — and should — expect better.

Apple: Use only our special cloth to clean the $1,000 coating on our $5,000 Pro Display

If you thought the saga of the $7,000 Apple Pro Display XDR couldn’t get any more ridiculous, prepare yourself for the proverbial cherry on top: The company insists that you only use the single special cleaning cloth that comes with the monitor. If you lose it, you’re advised to order another.

Apple, already under fire from longtime users for the ever-increasing price of its products, attracted considerable ire and ridicule when it announced the high-end monitor in June. Of course there are many expensive displays out there — it was more the fact that Apple was selling the display for $5,000, the stand separately for $999, and an optional “nano-texture” coating for an additional grand.

Just wait till you see how much the Mac Pro that goes with it costs.

Technically it’s not actually a “coating” but an extremely small-scale etching of the surface that supposedly produces improved image quality without some of the drawbacks of a full-matte coating. “Typical matte displays have a coating added to their surface that scatters light. However, these coatings lower contrast while producing unwanted haze and sparkle,” the product description reads. Not so with nano-texture.

Unfortunately, the unique nature of the glass necessitates special care when cleaning.

“Use only the dry polishing cloth that comes with your display,” reads the support page How to clean your Apple Pro Display XDR. “Never use any other cloths to clean the nano-texture glass. If you lose the included polishing cloth, you can contact Apple to order a replacement polishing cloth.” (No price is listed, so I’ve asked Apple for more information.)

Obviously if you’re cleaning an expensive screen you don’t want to do it with Windex and wadded-up newspaper. But it’s not clear what differentiates Apple’s cloth from an ordinary microfiber wipe.

Do the nano-scale ridges shred ordinary mortal cloth and get fibers caught in their interstices? Can the nano-texture be damaged by anything of insufficient softness?

Apple seems to be presuming a certain amount of courage on the part of consumers, who must pay a great deal for something that not only provides an uncertain benefit (even Apple admits that the display without the coating is “engineered for extremely low reflectivity”) but seems susceptible to damage from even the lightest mishandling.

No doubt the Pro Display XDR is a beautiful display, and naturally only those who feel it is worth the price will buy one. But no one likes to have to baby their gadgets, and Apple’s devices have also gotten more fragile and less readily repairable. The company’s special cloth may be a small, even silly thing, but it’s part of a large and worrying trend.

Scaled Robotics keeps an autonomous eye on busy construction sites

Buildings under construction are a maze of half-completed structures, gantries, stacked materials, and busy workers — tracking what’s going on can be a nightmare. Scaled Robotics has designed a robot that can navigate this chaos and produce 3D progress maps in minutes, precise enough to detect that a beam is just a centimeter or two off.

Bottlenecks in construction aren’t limited to manpower and materials. Understanding exactly what’s been done and what needs doing is a critical part of completing a project in good time, but it’s the kind of painstaking work that requires special training and equipment. Or, as Scaled Robotics showed today at TC Disrupt Berlin 2019, specially trained equipment.

The team has created a robot that trundles autonomously around construction sites, using a 360-degree camera and custom lidar system to systematically document its surroundings. An object recognition system allows it to tell the difference between a constructed wall and a piece of sheet rock leaned against it, between a staircase and temporary stairs for electric work, and so on.

By comparing this to a source CAD model of the building, it can paint a very precise picture of the progress being made. They’ve built a special computer vision model that’s suited to the task of sorting obstructions from the constructions and identifying everything in between.

[embedded content]

All this information goes into a software backend where the supervisors can check things like which pieces are in place on which floor, whether they have been placed within the required tolerances, or if there are safety issues like too much detritus on the ground in work areas. But it’s not all about making the suits happy.

“It’s not just about getting management to buy in, you need the guy who’s going to use it every day to buy in. So we’ve made a conscious effort to fit seamlessly into what they do, and they love that aspect of it,” explained co-founder Bharath Sankaran. “You don’t need a computer scientist in the room. Issues get flagged in the morning, and that’s a coffee conversation – here’s the problem, bam, let’s go take a look at it.”

Scaled Robotics

The robot can make its rounds faster than a couple humans with measuring tapes and clipboards, certainly, but also someone equipped with a stationary laser ranging device that they carry from room to room. An advantage of simultaneous location and ranging (SLAM) tech is that it measures from multiple points of view over time, building a highly accurate and rich model of the environment.

The data is assembled automatically but the robot can be either autonomous or manually controlled — in developing it, they’ve brought the weight down from about 70 kilograms to 20, meaning it can be carried easily from floor to floor if necessary (or take the elevator); and simple joystick controls mean anyone can drive it.

A trio of pilot projects concluded this year and have resulted in paid pilots next year, which is of course a promising development.

Interestingly, the team found that construction companies were using outdated information and often more or less assumed they had done everything in the meantime correctly.

“Right now decisions are being made on data that’s maybe a month old,” said co-founder Stuart Maggs. “We can probably cover 2000 square meters in 40 minutes. One of the first times we took data on a site, they were completely convinced everything they’d done was perfect. We put the data in front of them and they found out there was a structural wall just missing, and it had been missing for 4 weeks.”

The company uses a service-based business model, providing the robot and software on a monthly basis, with prices rising with square footage. That saves the construction company the trouble of actually buying, certifying, and maintaining an unfamiliar new robotic system.

Scaled Robotics

But the founders emphasized that tracking progress is only the first hint of what can be done with this kind of accurate, timely data.

“The big picture version of where this is going is that this is the visual wiki for everything related to your construction site. You just click and you see everything that’s relevant,” said Sankaran. “Then you can provide other ancillary products, like health and safety stuff, where is storage space on site, predicting whether the project is on schedule.”

“At the moment, what you’re seeing is about looking at one moment in time and diagnosing it as quickly as possible,” said Maggs. “But it will also be about tracking that over time: We can find patterns within that construction process. That data feeds that back into their processes, so it goes from a reactive workflow to a proactive one.”

“As the product evolves you start unwrapping, like an onion, the different layers of functionality,” said Sankaran.

The company has come this far on $1 million of seed funding, but is hot on the track of more. Perhaps more importantly, its partnerships with construction giant PERI and Autodesk, which has helped push digital construction tools, may make it a familiar presence at building sites around the world soon.

‘Plundervolt’ attack breaches chip security with a shock to the system

Today’s devices have been secured against innumerable software attacks, but a new exploit called Plundervolt uses distinctly physical means to compromise a chip’s security. By fiddling with the actual amount of electricity being fed to the chip, an attacker can trick it into giving up its innermost secrets.

It should be noted at the outset that while this is not a flaw on the scale of Meltdown or Spectre, it is a powerful and unique one and may lead to changes in how chips are designed.

There are two important things to know in order to understand how Plundervolt works.

The first is simply that chips these days have very precise and complex rules as to how much power they draw at any given time. They don’t just run at full power 24/7; that would drain your battery and produce a lot of heat. So part of designing an efficient chip is making sure that for a given task, the processor is given exactly the amount of power it needs — no more, no less.

The second is that Intel’s chips, like many others now, have what’s called a secure enclave, a special quarantined area of the chip where important things like cryptographic processes take place. The enclave (here called SGX) is inaccessible to normal processes, so even if the computer is thoroughly hacked, the attacker can’t access the data inside.

The creators of Plundervolt were intrigued by recent work by curious security researchers who had, through reverse engineering, discovered the hidden channels by which Intel chips manage their own power.

Hidden, but not inaccessible, it turns out. If you have control over the operating system, which many attacks exist to provide, you can get at these “Model-Specific Registers,” which control chip voltage, and can tweak them to your heart’s content.

Modern processors are so carefully tuned, however, that such tweak will generally just cause the chip to malfunction. The trick is to tweak it just enough to cause the exact kind of malfunction you expect. And because the entire process takes place within the chip itself, protections against outside influence are ineffective.

The Plundervolt attack does just this, using the hidden registers to very slightly change the voltage going to the chip at the exact moment that the secure enclave is executing an important task. By doing so they can induce predictable faults inside SGX, and by means of these carefully controlled failures cause it and related processes to expose privileged information. It can even be performed remotely, though of course full access to the OS is a prerequisite.

In a way it’s a very primitive attack, essentially giving the chip a whack at the right time to make it spit out something good, like it’s a gumball machine. But of course it’s actually quite sophisticated, since the whack is an electrical manipulation on the scale of millivolts, which needs to be applied at exactly the right microsecond.

The researchers explain that this can be mitigated by Intel, but only through updates at the BIOS and microcode level — the kind of thing that many users will never bother to go through with. Fortunately for important systems there will be a way to verify that the exploit has been patched when establishing a trusted connection with another device.

Intel, for its part, downplayed the seriousness of the attack. “We are aware of publications by various academic researchers that have come up with some interesting names for this class of issues, including “VoltJockey” and “Plundervolt,” it wrote in a blog post acknowledging the existence of the exploit. “We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible.”

Plundervolt is one of a variety of attacks that have emerged recently taking advantage of the ways that computing hardware has evolved over the last few years. Increased efficiency usually means increased complexity, which means increased surface area for non-traditional attacks like this.

The researchers who discovered and documented Plundervolt hail from the UK’s University of Birmingham, Graz University of Technology in Austria, and KU Leuven in Belgium. They are presenting their paper at IEEE S&P 2020.

Google Assistant gets a customized alarm, based on weather and time

Alarm clocks were one of the most obvious implementations since the introduction of the smart screen. Devices like Lenovo’s Smart Clock and the Amazon Echo Show 5 have demonstrated some interesting features in the bedside display form factor, and Google has worked with the former to refine the experience.

This morning, the company introduced a handful of features to refine the experience. “Impromptu” is an interesting new addition to the portfolio that constructs a customized alarm based on a series of factors, including weather and time of day.

Here’s what a 50-degree, early-morning wake-up sounds like:

Not a bad thing to wake up to. A little Gershwin-esque, perhaps. 

Per a blog post that went up this morning, the alarm ringtone is based on the company’s open-source project, Magenta. Google AI describes it thusly:

Magenta was started by researchers and engineers from the Google Brain team, but many others have contributed significantly to the project. We develop new deep learning and reinforcement learning algorithms for generating songs, images, drawings, and other materials. But it’s also an exploration in building smart tools and interfaces that allow artists and musicians to extend their processes using these models. We use TensorFlow and release our models and tools in open source on our GitHub.

The new feature rolls out today.