Connect with us

Real Estate Technology

About the Internet of Things: Even teakettles are vulnerable

How vulnerable is a smart home to hackers? If your client’s own any device connected to the Internet of Things – you might want to sit down.

Published

on

fair housing

In today’s technology culture, there’s an app for everything. The Apple iPhone comes with a whole host of apps upon immediate purchase, including iTunes, the iTunes Store, a text messaging app, a camera, alarm, stopwatch, calendar, Face Time, Google Maps, a weather app, and even a Health app that can monitor daily steps, flights climbed, and distance.

bar

Hackable by design

It won’t surprise anyone that we can now control inanimate objects from an app on our smartphones. In fact, there’s a term for it! The Internet of Things is the network of objects that can be controlled remotely, since they are embedded with electronics, sensors, internet capabilities, and more.

What will surprise people is just how vulnerable these items are to hackers. Research by HP Fortify found that objects controlled electronically have at least twenty-five qualities that make them susceptible to exploitation, per device!

Among the long list of vulnerable items are refrigerators, baby monitors, smart locks, and home alarms. They make easy targets for hackers to steal Wi-Fi access, personal information, and control of your device.

Your WiFi password is showing

Even when we just want to stay in and enjoy a nice cup of tea, our information is at risk. In London, a security agent proved that kettles are just one more place for hackers to get information. He mapped out a set of kettles across the city by looking for pots controlled by the iKettle app, then hacked each insecure system for WiFi passwords.

The iKettle app allows users to start boiling water for their kettle just by touching a button on their smart phone. But the convenience gained by boiling water remotely might be outweighed by the vulnerable position of users. Pen Test Partners’ Ken Munro explains, “So I can sit outside of your place with a directional antenna, point it at your house, knock your kettle of access point, it connects to me, I send two commands and it discloses your wireless key in plain text.” Yikes!

Internet of Things: less than 2 hours to crack

When iKettle is configured with the Android app, users are particularly susceptible because passwords remain at the default setting. iOS app users are a bit safer—but it will still only take an hour or two to crack the six digit password.

#InternetOfThings

Hannah is currently a writer and student in Colorado Springs, pursuing her master's degree in Creative Writing at the University of Denver. Before becoming a Staff Writer for the American Genius, Hannah wrote website content and grant applications for a law office in central Minnesota.

Real Estate Technology

IBM’s first commercial quantum computer means the future is HERE

(TECHNOLOGY) IBM announcing they’re selling quantum computing means technology innovation is about to accelerate at a breakneck speed.

Published

on

ibm q-system-one

IBM unveiled the first commercially available quantum computer at CES 2019 last week and our brains are exploding!

Named the IBM Q System One, this is the first approximate quantum computing system available for business enterprises and scientific research. The arrival of a workable quantum computer has been expected for some time, and this announcement proves the future is here. Buckle up.

Quantum computing is vastly more powerful than the classical computing we’re used to in our phones, tablets, and laptops. In short, classical computers use a binary system of 0s and 1s to express information.

Quantum computing uses qubits that are able to be in multiple states at any given time that increases processing power exponentially. Since systems in the natural world are based in quantum mechanics, having computers that can also work compatibly with those systems will make a huge difference in fields like pharmaceuticals, transportation, finances, and artificial intelligence.

IBM Q System One is a 20-quibit system combining both quantum and classical computing components. Although 20-qubits is short of predicted capabilities, it would give companies the means to run complex experiments outside of a research lab.

It has the capacity to upgrade as IBM releases new developments. If other companies are able to use this tech, then it will also speed up the possibilities/need to add improvements. We can expect to see exciting tech news in the coming years.

Previous glimpses of quantum computers in development have shown large and bulky monstrosities tangled in wires and connected to cooling systems. IBM Q System One is designed as one sleek, compact package: a black case hanging from the ceiling of a sealed 9’ x 9’ case of borosilicate glass. Clearly IBM isn’t messing around—anyone having flashbacks to the iPhone announcement of 2007?

Companies will need to work with IBM directly in order to buy their own IBM Q System One. We can only wait and hope for the day when this big boy is more widely available. Seeing as how computers haven’t been around long in the first place, our wait will likely be shorter than you think.

Continue Reading

Real Estate Technology

FCC rule change should make you want to stop text messaging

(TECHNOLOGY) The rules have changed when it comes to text messaging and your privacy is now at risk – time to reconsider your habits.

Published

on

text messaging

Most of us take for granted that we can send and receive text messages with whomever we want, and that these messages are private and secure. But a new rule change prompted by the Federal Communications Commission (FCC) gives your wireless company the right to monitor and even block your text messages.

The rule change is the result of an FCC vote that took place at the end of the year, which reclassified SMS and MMS text messages as “information services” instead of “telecommunication services,” and thus, subject to different rules under the Communications Act.

This change is comparable to the FCC’s earlier reclassification of broadband internet providers as Title I information services, a change that stripped the FCC of its ability to provide oversight to ensure net neutrality.

And indeed, this latest rule-change has brought up similar concerns over neutrality, privacy, and the downside of giving corporations unchecked power over our communications and access to information.

The FCC and its chairman, Ajit Pai, are celebrating the change as a positive step towards reducing SPAM and robotexting.

Pai told CNET, “we shouldn’t allow unwanted messages to plague wireless messaging services in the same way that unwanted robocalls flood voice services.”

When the FCC reclassified broadband carriers, critics argued that this threatened net neutrality by giving ISPs the ability to block content and create paid “fast lanes.”

These concerns are echoed in regards to the text messaging rule change.

In a letter to Pai ahead of the vote, Democratic senators wrote that wireless carriers would be able to force customers “to pay for more expensive short code system or enterprise text messaging to reach their audience.” Democrats also say that the rule change gives wireless providers the power to curb free speech by censoring or blocking “legal text messages if they believe that the content is controversial.” For example, in 2007, Verizon blocked NARAL Pro Choice America from sending messages to its supporters.

As only three percent of text messages are classified as SPAM, critics of the rule change feel that the sacrificing free speech and messaging neutrality for the sake of reducing unwanted messages is too high a price to pay.

Senator Markey of Massachussetts condemned the decision, saying that the FCC was failing in its “obligation to promote competition and freedom of speech over telecommunication networks.”

Iphone users texting one another using iMessage will be unaffected, as iMessage does not use SMS or MMS.

All other text messages are potentially subject to the rule change. Gizmodo recommends using the Signal app, which encrypts messages and isn’t subject to the same rules as wireless providers.

Continue Reading

Real Estate Technology

Hackers target associations – how to protect your brokerage, yourself

(TECHNOLOGY) Hackers are increasingly targeting associations, and while they set their own policies to protect themselves, here’s how to do the same for you and your company.

Published

on

associations hackers

It all seemed so routine. For officials of both the Henderson (TX) and Boulder Valley(CO) public school districts, the email that they received from an existing construction vendor asking them to update their automated payments to new bank information was nothing seemingly out of the ordinary.

Only when vendors began to inquire about the status of payments that the districts had sent did the districts come to realize that the routine change had made themselves the victims of a scam known as a BEC, or a Business Email Compromise.

In each case, the losses ran into the hundreds of thousands of dollars before being discovered. Henderson ISD lost approximately $610,000 to the hackers and Boulder Valley Public Schools lost approximately $870,000. The fiscal hit was accompanied by reviews of and changes to their operating procedures to ensure that such a loss wouldn’t happen again in the future.

While the districts tied their losses to public transparency, with information about the vendors and the scope of work that each was involved with available on their websites, government officials said that such schemes are typically quite sophisticated and ongoing long before any request for money, in order to establish a level of trust with their victims.

Secret Service Agent Bill Mack, speaking to the Tyler Morning Telegraph, noted that “[w]e’ve seen an uptick in the number of cases…Contact is often made long before the request for money. Criminals will use a compromised network to gather information about the target. Then, appearing to be a legitimate representative of the vendor, they will often request a simple change in account numbers.

With FBI estimates as to the annual cost of cybercrime reaching over $2 billion dollars annually, and those losses only partially recovered through either the efforts of law enforcement or insurance, it’s important to recognize the fact that as scammers and hackers expand beyond the tired trope of the 419/Nigerian Prince, they’re now targeting new avenues, such as governmental entities and private associations (perhaps even your local real estate board/association).

While professional associations have been the targets of hackers since at least 2010, according to Ed Schipul, they’re coming under increasing levels of attack.

As a professional member of an organization, we depend on their advice, counsel, and information about upcoming trends and events. We rely on the communication that we receive from them to be timely, accurate, and most importantly, not be harmful to us, professionally or personally.

Assuming that the associations themselves are taking steps to protect their cybersecurity, how do we, as members protect ourselves from hackers?

The Federal Deposit Insurance Corporation (FDIC) has tips on staying safe from hackers in an ever-connected world:

• Be suspicious if someone contacts you unexpectedly online and asks for your personal information.
• Only open emails that look like they are from people or organizations you know, and even then, be cautious if they look questionable.
• Be especially wary of emails or websites that have typos or other obvious mistakes.
• Verify the validity of a suspicious-looking email or a pop-up box before providing personal information.
• Don’t immediately open email attachments or click on links in unsolicited or suspicious-looking emails.
• Install good anti-virus software that periodically runs to search for and remove malware.
• Be diligent about using spam (junk mail) filters provided by your email provider.
• Don’t visit untrusted websites and don’t believe everything you read.
• Criminals might create fake websites and pop-ups with enticing messages intended to draw you in and download malware.

In the case of officials at the districts, one measure that was implemented in each is worth remembering in a click-and-send era; they promised to have their respective staffs pick up the phone and call the vendor when any type of banking information was requested, to verify the request before providing information.

When dealing with our associations, if we receive an email or other outreach that seems out of character for them, it’s a good reminder to call and ask them if they’d intended to send it out before we take electronic action.

Continue Reading
Advertisement

Our Parnters

Get The Daily Intel
in your inbox

Subscribe and get news and EXCLUSIVE content to your email inbox!

Emerging Stories

Get The Real Daily
in your inbox

subscribe and get news and EXCLUSIVE content to your email inbox