All posts in “Gadgets”

Smart home makers hoard your data, but won’t say if the police come for it

A decade ago, it was almost inconceivable that nearly every household item could be hooked up to the internet. These days, it’s near impossible to avoid a non-smart home gadget, and they’re vacuuming up a ton of new data that we’d never normally think about.

Thermostats know the temperature of your house, and smart cameras and sensors know when someone’s walking around your home. Smart assistants know what you’re asking for, and smart doorbells know who’s coming and going. And thanks to the cloud, that data is available to you from anywhere – you can check in on your pets from your phone or make sure your robot vacuum cleaned the house.

Because the data is stored or accessible by the smart home tech makers, law enforcement and government agencies have increasingly sought out data from the companies to solve crimes.

And device makers won’t say if your smart home gadgets have been used to spy on you.

For years, tech companies have published transparency reports — a semi-regular disclosure of the number of demands or requests a company gets from the government for user data. Google was first in 2010. Other tech companies followed in the wake of Edward Snowden’s revelations that the government had enlisted tech companies’ aid in spying on their users. Even telcos, implicated in wiretapping and turning over Americans’ phone records, began to publish their figures to try to rebuild their reputations.

As the smart home revolution began to thrive, police saw new opportunities to obtain data where they hadn’t before. Police sought Echo data from Amazon to help solve a murder. Fitbit data was used to charge a 90-year old man with the murder of his stepdaughter. And recently, Nest was compelled to turn over surveillance footage that led to gang members pleading guilty to identity theft.

Yet, Nest — a division of Google — is the only major smart home device maker that has published how many data demands they receive.

As first noted by Forbes last week, Nest’s little-known transparency report doesn’t reveal much — only that it’s turned over user data about 300 times since mid-2015 on over 500 Nest users. Nest also said it hasn’t to date received a secret order for user data on national security grounds, such as in cases of investigating terrorism or espionage. Nest’s transparency report is woefully vague compared to some of the more detailed reports by Apple, Google and Microsoft, which break out their data requests by lawful request, by region, and often by the kind of data that the government demands.

As Forbes said, “a smart home is a surveilled home.” But at what scale?

We asked some of the most well known smart home makers on the market if they plan on releasing a transparency report, or disclose the number of demands they receive for their smart home tech.

For the most part, we received fairly dismal responses.

What the big four tech giants said:

Amazon did not respond to requests for comment when asked if it will break out the number of demands it receives for Echo data, but a spokesperson told me last year that while its reports include Echo data, it would not break out those figures.

Facebook said that its transparency report section will include “any requests related to Portal,” its new hardware screen with a camera and a microphone. Although the device is new, a spokesperson did not comment on if the company will break out the hardware figures separately.

Google pointed us to Nest’s transparency report but did not comment on its own efforts in the hardware space — notably its Google Home products.

And Apple said that there’s no need to break out its smart home figures — such as its HomePod — because there would be nothing to report. The company said user requests made to HomePod are given a random identifier that cannot be tied to a person.

What the smaller but notable smart home players said:

August, a smart lock maker, said it “does not currently have a transparency report and we have never received any National Security Letters or orders for user content or non-content information under the Foreign Intelligence Surveillance Act (FISA),” but did not comment on the number of subpoenas, warrants and court orders it receives. “August does comply with all laws and when faced with a court order or warrant, we always analyze the request before responding,” a spokesperson said.

Roomba maker iRobot said it “has not received any demands from governments for customer data,” but wouldn’t say if it planned to issue a transparency report in the future.

Both Arlo, the former Netgear smart home division, and Signify, formerly Philips Lighting, said that they do not have transparency reports. Arlo didn’t comment on its future plans, and Signify said it has no plans to publish one. 

Ring, a smart doorbell and security device maker, did not answer our questions on why it doesn’t have a transparency report, but said it “will not release user information without a valid and binding legal demand properly served on us” and that Ring “objects to overbroad or otherwise inappropriate demands as a matter of course.” When pressed, a spokesperson said it plans to release a transparency report in the future, but did not say when.

Neither spokespeople for Honeywell or Canary — both of which have smart home security products — did not comment by our deadline.

And, Samsung, a maker of smart sensors, trackers and internet-connected televisions and other appliances, did not respond to a request for comment.

Only Ecobee, a maker of smart switches and sensors, said it plans to publish its first transparency report “at the end of 2018.” A spokesperson confirmed that, “prior to 2018, Ecobee had not been requested nor required to disclose any data to government entities.”

All in all, that paints a fairly dire picture for anyone thinking that when the gadgets in your home aren’t working for you, they could be helping the government.

As helpful and useful smart home gadgets can be, few fully understand the breadth of data that the devices collect — even when we’re not using them. Your smart TV may not have a camera to spy on you, but it knows what you’ve watched and when — which police used to secure a conviction of a sex offender. Even data from when a murder suspect pushed the button on his home alarm key fob can be enough to help convict someone of murder.

Two years ago, former U.S. director of national intelligence James Clapper said that the government was looking at smart home devices as a new foothold for intelligence agencies to conduct surveillance. And it’s only going to become more common as the number of internet-connected devices spread. Gartner said more than 20 billion devices will be connected to the internet by 2020.

As much as the chances are that the government is spying on you through your internet-connected camera in your living room or your thermostat are slim — it’s naive to think that it can’t.

But the smart home makers wouldn’t want you to know that. At least, most of them.

Buggy software in popular connected storage drives can let hackers read private data

Security researchers have found flaws in four popular connected storage drives that they say could let hackers access a user’s private and sensitive data.

The researchers Paulos Yibelo and Daniel Eshetu said the software running on three of the devices they tested — NetGear Stora, Seagate Home, and Medion LifeCloud — can allow an attacker to remotely read, change and delete data without requiring a password.

Yibelo, who shared the research with TechCrunch this week and posted the findings Friday, said that many other devices may be at risk.

The software, Hipserv, built by tech company Axentra, was largely to blame for three of the four flaws they found. Hipserv is Linux-based, and uses several web technologies — including PHP — to power the web interface. But the researchers found that bugs could let them read files on the drive without any authentication. It also meant they could run any command they wanted as “root” — the built-in user account with the highest level of access — making the data on the device vulnerable to prying eyes or destruction.

We contacted Axentra for comment on Thursday but did not hear back by the time of writing.

Neither Netgear nor Seagate commented by our deadline, but we’ll update if that changes. Lenovo, which now owns Medion, did not respond to a request for comment.

The researchers also reported a separate bug affecting WD My Book Live drives, which can allow an attacker to remotely gain root access.

A spokesperson for WD said that the vulnerability report affects devices originally introduced in 2010 and discontinued in 2014, and “no longer covered under our device software support lifecycle.” WD added: “We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device.”

In all four vulnerabilities, the researchers said that an attacker only needs to know the IP address of an affected drive. That isn’t so difficult in this day and age, thanks to sites like Shodan, a search engine for publicly available devices and databases, and similar search and indexing services.

Depending on where you look, the number of affected devices varies. Shodan puts the number at 311,705, but ZoomEye puts the figure at closer to 1.8 million devices.

Although the researchers described the bugs in moderate detail, they said they have no plans to release any exploit code to prevent attackers taking advantage of the flaws.

Their advice: if you’re running a cloud drive, “make sure to remove your device from the internet.”

Researchers discover a new way to identify 3D printed guns

Researchers at the University at Buffalo have found that 3D printers have fingerprints, essentially slight differences in design that can be used to identify prints. This means investigators can examine the layers of a 3D printed object and pinpoint exactly which machine produced the parts.

“3D printing has many wonderful uses, but it’s also a counterfeiter’s dream. Even more concerning, it has the potential to make firearms more readily available to people who are not allowed to possess them,” said Wenyao Xu, lead author of the study.

The researchers found that tiny wrinkles in each layer of plastic can be used to identify a “printer’s model type, filament, nozzle size and other factors cause slight imperfections in the patterns.” They call their technology PrinTracker.

“Like a fingerprint to a person, these patterns are unique and repeatable. As a result, they can be traced back to the 3D printer,” wrote the researchers.

This process works primarily with FDM printers like the Makerbot which use long spools of filament to deposit layers of plastic onto a build plate. Because the printers used in 3D printed guns are usually more complex and more expensive there could be less variation in the individual layers and, more importantly, the layers might be harder to discern. However, for some simpler plastic parts could exhibit variations.

“3D printers are built to be the same. But there are slight variations in their hardware created during the manufacturing process that lead to unique, inevitable and unchangeable patterns in every object they print,” said Xu.

The 7 great features that will hopefully return to the MacBook Pro

I miss the old MacBook Pro. Remember when the MacBook Pro had a good keyboard? Or an SD Card slot? Or an escape key? I miss the time when the MacBook Pro was 2mm thicker than the current version but had a full-size USB port.

Remember the wonder of MagSafe? Or the glory that was using a MacBook Pro outside because of the matte screen?

Remember when the power adapter for Apple’s laptops had little fold-out tabs to hold the cord? There was also a time that a random brush of the keyboard wouldn’t trigger Siri.

There was a time when Apple made great laptops and there is now.

Yesterday Apple announced an upcoming event where the company will likely release new laptops and iPads. These are some of the features TechCrunch writers hope return to Apple’s notebook computers.

Escape Key

The Touch Bar is clever. I like it most of the time. But I like the escape key more. Right now, on Macs equipped with the TouchBar, the escape key is a temporary button on the TouchBar. It’s positioned off-center, too, which forces users to relearn its location.

It’s silly. The escape key has been with PCs for generations and is critical across applications and use cases. Everyone from causal gamers to coders use the escape key on a regular basis.

Keep the TouchBar, but make it a bit smaller and position it between an escape key and a real power button. Just give me my escape key back. And make Siri optional. I’ve had a TouchBar-equipped MacBook Pro for nearly two years and have yet to find a reason to use Siri.

USB Ports

I’m over living the dongle life. From everything from charging a phone to connecting a camera, standard USB ports need to return to the MacBook Pro. Since we’re dreaming here, I would love to have one per side. The PC industry has been slow to jump on USB-C. Even Apple hasn’t gone all-in and that’s the issue here.

Think about it: If a person buys a MacBook Pro and iPhone, that person cannot connect their iPhone to their new MacBook Pro without buying an adapter or cable. Same goes for an iPad. If a person wants to buy a new iPad and new MacBook Pro, the two products cannot connect out of the box.

Apple launched the USB-C equipped MacBook Pro in 2016. It’s 2018. For a company that understands ecosystems, Apple has done a poor job ensuring all of its products are compatible out of the box. The first USB-C Apple Watch cable was released today.

SD Card Slot

The MacBook Pro is billed as a laptop for the mobile professional yet it doesn’t allow some mobile professionals to connect their gear without adapters.

The SD Card is the overwhelming standard of photographers and videographers — a key audience for the MacBook Pro — and yet these folks now have to use adapters to connect their gear. Until the latest MacBook Pro redesign, there was a built-in SD Card reader, and Apple should (but won’t) build one into the next version.

External battery level indicator

A few generations ago, the MacBook and MacBook Pro had tiny button on the side that, when pressed, illuminated little lights to give the user an approximation of the remaining battery life. It was lovely.

You know the drill: You’re running out the door and need to know if you should bring your large power adapter. You don’t need to know exactly how much time until your laptop dies. You need an idea. And that’s what these lights provided. With just a press of a button, the user would know if the laptop would last 20 minutes or 2 hours.

Clever Power Adapter

For generations, Apple laptop chargers had little tabs that folded out and gave the owner a place to wrap the cable. It’s a simple and effective design. Steve Jobs is even listed on the 2001 patent. Those tabs disappeared when Apple went USB-C in 2016.

The latest charger is the same shape as the previous version but lacks the tabs, forcing owners to store the USB-C cable apart from the charging block. It’s a little thing but little things was what made Apple products delightful.

MagSafe

The elimination of MagSafe is nearly too painful to talk about. It was magical. Now it’s dead.

Here’s how it worked: The power cable was magnetic. Instead of sticking into the laptop, it connected to the side of it. If someone tripped over the cable, the cable would harmlessly disconnect from the laptop.

When Apple first launched MagSafe, the company loudly proclaimed they did so because customers kept breaking the connectors that plugged into the laptop. You know, like what’s in the current MacBook.

A good keyboard

I could forego all of the above if Apple could fix the keyboard in the latest MacBook Pro. It’s terrible.

Our Natasha Lomas said it best in her excellent piece called “An ode to Apple’s awful MacBook keyboard,”

The redesigned mechanism has resulted in keys that not only feel different when pressed vs the prior MacBook keyboard — which was more spongy for sure but that meant keys were at reduced risk of generating accidental strikes vs their barely there trigger-sensitive replacements (which feel like they have a 40% smaller margin for keystrike error) — but have also turned out to be fail prone, as particles of dust can find their way in between the keys, as dust is wont to do, and mess with the smooth functioning of key presses — requiring an official Apple repair.

Yes, just a bit of dust! Move over ‘the princess and the pea’: Apple and the dust mote is here! ‘Just use it in a vacuum’ shouldn’t be an acceptable usability requirement for a very expensive laptop.

Seriously. The keyboard is the worst part of the latest generation of the MacBook.

Alternatives

For the first time in 15 years I’m considering switching back to a Windows laptop. Microsoft’s Surface Book is not without flaws, but it’s a solid machine in my limited experience. I would be willing to try the less-powerful Surface Laptop 2, too. They’re just missing one thing: iMessage.

The space pen became the space pen 50 years ago

Everyone knows about the space pen. NASA spent millions on R&D to create the ultimate pen that would work in zero gravity and the result was this incredible machine. Well, no. In fact it was made by a pen manufacturer in 1966 — but it wasn’t until October of 1968 that it went into orbit and fulfilled its space pen destiny.

The pen was created by pen maker (naturally) Paul Fisher, who used $1 million of his own money to create the AG-7 anti-gravity pen. As you may or may not know, the innovation was a pressurized ink cartridge and gel ink that would deploy reliably regardless of orientation, temperature or indeed the presence of gravity.

He sent it to NASA, which was of course the only organization reliably worried about making things work in microgravity, and they loved it. In fact, the Russians started using it shortly afterwards, as well.

Walt Cunningham, Wally Schirra and Donn Eisele took the pens aboard with them for the Apollo 7 mission, which launched on October 11, 1968, and they served them well over the next 11 days in orbit.

A 50th anniversary edition of the pen is now available to people who have a lot of money and love gold stuff. It’s $500, a limited edition of 500, and made of “gold titanium nitride plated brass,” and it comes with a case and commemorative plaque with a quote from Cunningham:

“Fifty years ago, I flew with the first flown Space Pen on Apollo 7. I relied on it then, and it’s still the only pen I rely on here on Earth.”

Okay, that’s pretty cool. Presumably astronauts get a lifetime supply of these things, though.

Here’s to the Fisher space pen, an example of American ingenuity and simple, reliable good design that’s persisted in use and pop culture for half a century.