All posts in “Internet of Things”

NYC launches partnership network, “The Grid”, to help grow urban tech ecosystem

The New York City Economic Development Corporation (NYCEDC) and CIV:LAB – a nonprofit dedicated to connecting urban tech leaders – have announced the launch of The Grid, a member-based partnership network for New York’s urban tech community. The goal of the network is to link organizations, academia and local tech leaders, in order to promote collaboration and the sharing of knowledge and resources.

In addition to connecting member companies and talent, The Grid will host various events, educational programs, and co-innovation projects, while hopefully improving access to investors as well as pilot program opportunities. The Grid is launching with over 70 member organizations – approved through an application and screening process – across various stages and sectors.

In recent years, the tech and startup scene in New York has notably ballooned – evolving from the Valley’s obscure younger sibling to one of the top cities for talent, entrepreneurship, and venture capital investment. And while the city has seen countless startups, VCs, accelerators, and other entrepreneurial resources set up shop within its borders, getting the right tools in place is only part of the battle.

New York wants to prove its initiatives are more than just “show-and-tell” projects and city officials believe that building a truly sustainable innovation economy is dependent on all its local resources working in conjunction, allowing entrepreneurship to permeate every arm of commerce. With an institutionalized network like The Grid, New York hopes it can further fuse its pockets of innovation into to one well-oiled machine, consistently producing transformative ideas.

“The Grid represents a promising new way for NYCEDC to work across sectors to strengthen collaboration and innovation, first in New York City and hopefully soon in many more cities across the country and around the world,” said NYCEDC President and CEO James Patchett in a statement. “It signals that New York City is leading with  a new approach to technology and startup culture, with a real focus on diversity, inclusion, equity, and community.”

As one of the largest and most industrially diverse cities in the world, New York has naturally placed a heightened focus on the growing sector of “urban tech” – which has been broadly categorized as innovation focused on improving city functionality, equality or ease of living. According to NYCEDC, the urban tech space has seen nearly $80 billion in VC investment since 2016, with nearly 10% going to New York-based beneficiaries.

The launch of The Grid is part of an expansion of NYCEDC’s larger UrbanTech NYC program, which has already helped establish the New York innovation hubs New LabUrban Future Lab, and Company. Alongside the membership network and a new site for UrbanTech NYC, NYCEDC is also launching The Grid Academy, an adjacent academic group with the mission of creating applied R&D partnerships between local academic institutions and corporate sponsors. The expansion of UrbanTech NYC represents the latest of several initiatives NYCEDC is pursuing to develop the broader ecosystem, coming just months after the EDC announced the launch of Cyber NYC, a $30 million investment initiative focused on growing New York’s cybersecurity presence and infrastructure.

The group will be led by a steering committee that will guide decisions related to strategic priorities, funding, events, and communications. Members of the committee include some of The Grid’s largest government and corporate members including the Bronx Cooperative Development Initiative, the Downtown Brooklyn Partnership, Civic Hall, Company, New Lab, Urban Future Lab, Dreamit UrbanTech, URBAN-X, Urban.Us, Accenture, Samsung NEXT, Rentlogic, Smarter Grid Solutions, Civic Consulting USA, and the World Economic Forum.

“Since its early days, innovation has been part of the DNA that is New York City,” said Jeff Merritt, Head of IoT + Smart Cities at World Economic Forum. “Nowhere else in the world can you find an ecosystem that combines as many industries and nationalities. New York’s thriving urban technology community is a natural byproduct of what happens when you allow diversity, entrepreneurship and ambition to collide in one of the greatest cities in the world.” 

The Grid’s first meeting will be held on February 19th at Samsung NEXT’s New York HQ. Membership applications for The Grid are accepted on a rolling basis and can be found here on the UrbanTech NYC website.

Vinli raises $13.5m Series B to expand its vehicle data intelligence platform

Connected car service provider Vinli today announced it closed a $13.5 million Series B financing round. The company says this infusion of capital allows it broaden its mobility services and integrations as it attempts to connect cars around the world.

The funding came from new and existing investors and brings the total amount the company raised to over $20 million.

Based in Dallas, TX, Vinli launched in 2014 in TechCrunch Startup Battlefield as a direct consumer company that allowed owners to add cloud services to automobiles. It was a clever concept, and when it launched four years ago, it was ahead of the curve. Now, in 2019, the focus of the business is different as the company seeks to provide deep data intelligence to auto makers and transportation providers.

“The investment validates our place in the industry. In the last five years, we have seen the industry unfold and evolve into an industry driven by digital services,” said Mark Haidar, CEO of Vinli, in a press release released to TechCrunch. “Companies today need viable data solutions — not only to support the growing number of data sources but to deliver on the multiple service offerings to their end customers. We’re focused on making it easier for large fleets and automakers to access smarter data intelligence. It’s in helping those partners scale and be successful is what we look forward to most at Vinli.”

Now, with the latest round of investment, Vinli is looking to integrate its platform with electric vehicles and turned to an energy company, E.ON, to examine the market. Vinli says it will expand its offerings for electric mobility and fleets of electric vehicles.

Vinli’s approaching a largely untapped market. As vehicles become more connected, there are countless data points that can be examined and expanded. With Vinli’s deep background in vehicle intelligence, it’s well suited to continue to grow and provide rich data sets of vehicle information.

Cheap internet of things gadgets betray you even after you toss them in the trash

You may think that the worst you’ll risk by buying a bargain-bin smart bulb or security camera will be a bit of extra trouble setting it up or a lack of settings. But it’s not just while they’re plugged in that these slapdash gadgets are a security risk — even from the garbage can, they can still compromise your network.

Although these so-called internet of things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. They may not need to do much, but they still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.

In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.

All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. After exposing the PCBs, they attached a few leads and in a moment each device would spit out its boot data and be ready to take commands.

The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. One device also exposed its private RSA key, used to create secure connections to whatever servers it connects to (for example to check for updates, upload user data to the cloud, and so on). This information would be available to anyone who grabbed this bulb out of the trash, or stole it from an outdoor fixture, or bought it secondhand.

“Seriously, 90 percent of IoT devices are developed without security in mind. It is just a disaster,” wrote Limited Results in an email. “In my research, I have targeted four different devices : LIFX, XIAOMI, TUYA and WIZ (not published yet, very unkind people). Same devices, same vulnerabilities, and even sometimes exactly same code inside.”

Now, these particular bits of information exposed on these devices aren’t that harmful in and of themselves, although if someone wanted to, they could take advantage of it in several ways. What’s important to note is the utter lack of care that went into these devices — not just their code, but their construction. They really are just basic enclosures around an off-the-shelf wireless board, with no consideration given to safety, security, or longevity. And this type of thing is not by any means limited to smart bulbs.

These devices all proudly assert that they support Alexa, Google Home, or other standards. This may give users a false sense that they are in some way accredited, inspected, or otherwise held to basic standards.

In fact, in addition to all of them having essentially no security at all, one had its (conductive) metal shell insulated from the PCB only by a loose piece of adhesive paper. This kind of thing is an electrical fire or at least a short waiting to happen.

As with any other class of electronics, there’s always a pretty good reason why one is a whole lot cheaper than another. But in the case of a cheap CD player, the worst you’re going to get is skipping or a scratched disc. That’s not the case with a cheap baby monitor, a cheap smart outlet, a cheap internet-connected door lock.

I’m not saying you need to buy the premium version of every smart gadget out there — consumers need to be aware of the risks they are exposing themselves to with the installation of any such device, let alone a poorly made one.

If you want to limit your own risk, a simple step you can take is to have your smart home devices and such isolated on a subnet or guest network. Making sure that the devices and of course your router are password protected, and take common sense measures like changing that password regularly.

Reminder: Smart toys are cute, cuddly, and full of security risks

Today, kids have the chance to interact with their stuffed animals, robots, or dolls in ways their parents were only able to dream of. These toys, usually referred to as “smart” or “connected,” have built-in motion sensors, speakers, and microphones that allow them to analyze what children say and respond within seconds by searching an online database or the internet at large for an appropriate response. They learn children’s preferences and interests over time, so their play can become personalized, which may improve communication skills and has been found to increase concentration for children with intellectual disabilities. But these toys also open up the internet to children as young as three, creating  a new digital frontier that parents and caregivers need to research, understand, and patrol. 

While you might have firm rules about what you share on social media, it’s harder to perceive smart toys as a potential threat, says Sophie Linington, deputy CEO of Parent Zone, a social enterprise that helps families safely navigate the internet. “You get lulled into a false sense of security, thinking, ‘Oh, it’s a cute teddy bear.’ But if it connects to the internet then the same kind of thinking needs to be done before you hand one over as with a tablet or a phone.”

You should be prepared to keep track of any recall notices and security upgrades for the life of the toy.

Smart toys can be hacked into and parents should also be aware that any information they collect may not be private. If a smart toy or game communicates with a child — whether by text or by “speaking” to them — those messages or recordings will be transmitted to an external database so they can be analyzed and responded to, and they will likely be stored so the toy can give the impression of having learned information about its owner. How that data is stored, whether it is encrypted and how secure the passwords that protect it are (if they exist at all) are details companies don’t typically volunteer, and this is such new territory for parents that most may not to think to ask. 

In the last three years, a series of vulnerabilities has been uncovered. CloudPets, furry toys that allowed children to send and receive audio messages, were pulled from sale after security experts found their online storage system wasn’t password-protected, which led to 820,000 records (including children’s names, ages, and voice recordings) being compromised

That followed news that talking doll My Friend Cayla, banned in Germany as an illegal spy apparatus, contained an unsecured Bluetooth device, which meant anyone within range could listen in. In 2015, hackers struck Hong Kong-based company VTech, which makes a range of connected toys, including cameras, and captured the details of over 6.3 million customers, including children’s photos and home addresses. Last summer, the FBI issued a public service announcement about the importance of smart toy security.

To be clear, there’s no evidence that information from a smart toy has been used to target any child, either online or in real life. But keeping children safe will be more of a challenge as the market continues to expand—digital forecasters Juniper Research predict it will be worth $18 billion by 2023

Linington recommends reading independent reviews, particularly relating to a toy’s security protections. If you decide to buy one, before giving it to a child, take it out of the box, change any default passwords, and disable those features that aren’t necessary to its use (perhaps a camera or GPS tracker). You should also be prepared to keep track of any recall notices and security upgrades for the life of the toy.

“Is privacy going to become a luxury feature? That would be a really bad outcome,”

Since 2017, the Mozilla Foundation has published Privacy Not Included, an annual guide to internet-connected gadgets. It calls for products to meet five minimum security standards: encrypted communications, automatic security updates, the requirement for strong passwords, a point of contact for reporting security issues, and an easy-to-understand privacy policy that spells out what user data is being collected and shared. Of the 70 products it examined in 2018, 32 made the grade, but only five of the 18 connected toys and gaming systems they tested did, including the Harry Potter Kano Coding Kit and the Nintendo Switch.

Ashley Boyd, Mozilla’s vice president of advocacy and one of the creators of the guide, says that in several cases the issue wasn’t a confirmed vulnerability but a lack of information, which makes it impossible for customers to make an informed choice. When information is provided, it is too often difficult to interpret. Boyd is also concerned that the most expensive products are usually the ones with the best security. “Is privacy going to become a luxury feature? That would be a really bad outcome,” she says.

A new feature of the guide is a “creep-o-meter,” which lets readers select from a series of increasingly distressed emoji to represent how intrusive they find a specific product. It’s a simple way to send a message to manufacturers, something Boyd thinks we could do more of by, for example, using online customer service systems to ask about security features. 

Ultimately, though, she’d like to see companies be more proactive about safety and data protection. Alexandra Ross, founder of The Privacy Guru and Director of Global Privacy and Data Security Counsel at Autodesk says things are slowly moving in the right direction. The introduction of General Data Protection Regulation (GDPR) legislation in Europe earlier this year and coverage of high-profile breaches have brought the issue to the fore. “Changes will continue to happen as toy companies realize that to meet customer expectations, they need to build privacy and security into their products.”

In the meantime, Ross doesn’t think customers should be deterred. “There is value to some of these smart toys. There’s educational value, there’s certainly social value and some of them are very entertaining.” The risks involved can often be mitigated, as long as consumers do their research and know what precautions to take. “Unfortunately at this stage parents are taking on risks they’re not aware of,” says Boyd. “That’s the gap we’re trying to close.”

Read more great stories from Small Humans:

Wrest control from a snooping smart speaker with this teachable “parasite”

What do you get when you put one Internet connected device on top of another? A little more control than you otherwise would in the case of Alias the “teachable ‘parasite’” — an IoT project smart speaker topper made by two designers, Bjørn Karmann and Tore Knudsen.

The Raspberry Pi-powered, fungus-inspired blob’s mission is to whisper sweet nonsense into Alexa’s (or Google Home’s) always-on ear so it can’t accidentally snoop on your home.

[embedded content]

Project Alias from Bjørn Karmann on Vimeo.

Alias will only stop feeding noise into its host’s speakers when it hears its own wake command — which can be whatever you like.

The middleman IoT device has its own local neural network, allowing its owner to christen it with a name (or sound) of their choosing via a training interface in a companion app.

The open source TensorFlow library was used for building the name training component.

So instead of having to say “Alexa” or “Ok Google” to talk to a commercial smart speaker — and thus being stuck parroting a big tech brand name in your own home, not to mention being saddled with a device that’s always vulnerable to vocal pranks (and worse: accidental wiretapping) — you get to control what the wake word is, thereby taking back a modicum of control over a natively privacy-hostile technology.

This means you could rename Alexa “Bezosallseeingeye”, or refer to your Google Home as “Carelesswhispers”. Whatever floats your boat.

Once Alias hears its custom wake command it will stop feeding noise into the host speaker — enabling the underlying smart assistant to hear and respond to commands as normal.

“We looked at how cordyceps fungus and viruses can appropriate and control insects to fulfill their own agendas and were inspired to create our own parasite for smart home systems,” explain Karmann and Knudsen in a write up of the project. “Therefore we started Project Alias to demonstrate how maker-culture can be used to redefine our relationship with smart home technologies, by delegating more power from the designers to the end users of the products.”

Alias offers a glimpse of a richly creative custom future for IoT, as the means of producing custom but still powerful connected technology products becomes more affordable and accessible.

And so also perhaps a partial answer to IoT’s privacy problem, for those who don’t want to abstain entirely. (Albeit, on the security front, more custom and controllable IoT does increase the hackable surface area — so that’s another element to bear in mind; more custom controls for greater privacy does not necessarily mesh with robust device security.)

If you’re hankering after your own Alexa disrupting blob-topper, the pair have uploaded a build guide to Instructables and put the source code on GitHub. So fill yer boots.

Project Alias is of course not a solution to the underlying tracking problem of smart assistants — which harvest insights gleaned from voice commands to further flesh out interest profiles of users, including for ad targeting purposes.

That would require either proper privacy regulation or, er, a new kind of software virus that infiltrates the host system and prevents it from accessing user data. And — unlike this creative physical IoT add-on –that kind of tech would not be at all legal.