Tech updates increasing vulnerability
When my old car finally quit, the only “special” thing I wanted in my new-to-me car was a CD player. Technology has come a long way in the past ten years, but I still have the car with the CD player. However, I also use a FM transmitter to play my iPhone through the speakers. Newer cars come with a whole host of features aimed at keeping us safer and simplifying our lives through Bluetooth, Wi-Fi, and more, but do the vulnerabilities and risks of these features, outweigh the rewards?
The FBI weighs in
The FBI along with the National Highway Traffic Safety Administration, have issued a safety bulletin addressing concerns that vehicles are being targeted more and more by hackers. While the latest issues of this have been resolved, they do want to make consumers and manufacturers aware of the potential problems. They stated in the bulletin: “The FBI and NHTSA are warning the general public and manufacturers of vehicles, vehicle components, and aftermarket devices to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.”
Where are the vulnerabilities?
You may have heard about one of the more recent issues concerning the testing of the radio module. In August of 2015, a study [PDF] was published regarding researchers testing, targeting, and exploiting this particular device through attacking the vehicle through Wi-Fi and cellular connections. The radio module contained multiple wireless communication and entertainment functions and was connected to two controller area network (CAN) buses in the vehicle. Through their testing, researchers were able to shutdown the engine, disable the brakes and steering, trigger the door locks and turn signals, manipulate the tachometer, radio, HVAC, and GPS.
Vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device – such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi – or within a third-party device connected through a vehicle diagnostic port. In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle. Although vulnerabilities may not always result in an attacker being able to access all parts of the system, the safety risk to consumers could increase significantly if the access involves the ability to manipulate critical vehicle control systems.
Worried? Here’s 5 ways to minimize the chances of being hacked
1. Ensure your vehicle software is up to date: If your manufacturer issues a notification to update, it’s important that you do, but, verify that the update is genuine. Verify any recall or update notices by visiting your car’s manufacturer website. Clicking through emailed links presents the opportunity for hackers to send malicious links. Also, be wary of receiving USB and SD cards via the mail. Hackers could use this method to introduce malicious software into your car. Instead, check on your vehicle’s manufacturer’s website to identify the latest software updates. Use your own USB or SD card where necessary to download and transfer information. You can always check with your dealer or manufacturer before updating.
2. Be careful when making any modifications to vehicle software: Unauthorized updates could create increased vulnerabilities and change the way your car works.
3. Maintain awareness and exercise discretion when connecting third-party devices to your vehicle: Most modern vehicles have a standardized diagnostic port (OBD-II), which provides connectivity to the in-vehicle communication. Keeping these third-party devices secure is critical as a hacker may target them remotely as a way into your other systems. Do not connect any unknown or untrusted devices to the OBD-II port.
4. Be aware of who has physical access to the vehicle: Treat your vehicle the same way you do an unlocked smartphone, or computer: you don’t let people you don’t know touch it. Be cautious of who you leave your vehicle with; it only takes a few moments to upload hacking software.
Improving cyber security
While there are risks with using any technology, you want to be especially mindful of your automotive technology. The last thing anyone wants is to lose control of your vehicle. While the chances of this are minimal, you can decrease them even further by being actively aware of whom you leave your car with, your surroundings, and your technology system.
The rewards of technology outweigh the risks, especially when you consider the increased safety benefits of advanced technology; however, there is always a chance someone will turn this technology to their advantage. The NHTSA is actively working on initiatives to improve cyber security in vehicles.
To increase your security, please, follow the FBI’s tips above, or you can reach out to local law enforcement and the FBI with questions and concerns via the Internet Crime Complaint Center, or file a complaint with them.
The inventor of the internet wants to give back control of your data
(TECH NEWS) Using the internet has given us access to many things, but we’ve also lost control of our data. Can the father of the internet give it back?
Since it was first introduced in 1989, the internet has come a long way, both in good and bad ways. With several communication tools available online, connecting with friends and family on the other side of the world hasn’t been this easy. However, it has taken away something, too — the control over our data.
Our information is everywhere. Once it’s out there, there is very little, if anything, we can do to control how it’s being used or who’s using it. But, the father of the internet, Tim Berners-Lee, wants to reinvent how users take back control of their data.
“We’re on a mission to change the way the web works and the way to basically make the web a better place for all of us,” said Berners-Lee on The Telegraph Live.
In an attempt to “fix the web”, Berners-Lee launched a privacy-focused startup, Inrupt. Using the company’s data storage technology called Solid, the tech company changes how data is stored to give you more control.
“Solid is the new way to connect to people and data. It’s an open-source web-based protocol that re-architects the way data is stored and shared,” said Berners-Lee.
With Solid, you put your personal data together into a personal online data store called a “pod”. Any kind of information can be stored in a pod such as websites visited, travel plans, health records, or credit card purchases.
The pod can be hosted on any Pod Provider, or you can host it yourself. Pods hosted on a Solid Server are fully compartmentalized from other Pods. Each one has its own set of data and access rules, and you decide who to share your data with using Solid’s authentication and authorization systems. And, you can also remove access to anyone at any time.
Inrupt was introduced back in November 2020, and the Solid technology is already being used by some large companies like the BBC and the National Health Service (NHS) in Britain.
The company’s business model is based on charging licensing fees for its commercial software, which uses Solid open-source technology. According to The New York Times, Inrupt has raised about $20 million in venture funding.
Getting data back into a user’s hands is very good. But, is it something that will quickly be adopted by everyone, including the tech giants?
Well, users will finally gain control of how they share their data. According to Berners-Lee, Solid will provide a “generic back-end store that works with all apps without modification.” This means developers don’t have to worry about creating back-ends for different apps.
And companies, what will they get out of it? According to Inrupt CEO & Co-founder John Bruce, over the years, he found that a lot of companies were “spending a great deal of time and money collecting and protecting user data.” So, “by moving the point of control of data from the organization to the user everybody wants.” (i.e. money is saved)
“This is just the beginning of how we turn the red web right side up, restore some of its original values, like how we empower everyone to participate in and benefit from a web that serves us all,” said the internet inventor. “The future of the web is a lot bigger than its past.”
This web extension protects your sensitive information while screensharing
(TECH NEWS) If you’ve ever had to share your screen, you know that sometimes, your sensitive information still slips. But this extension helps by blurring your info for you.
In the time of video calls, video gatherings, and video everything, at one point or another, we will eventually need to share our screen and/or record video. When it’s time to present, there is one thing we don’t want to display to others — sensitive information.
While we can all take a good deal of precautions to make sure we don’t overshare, there is no guarantee we won’t miss something. After all, we’re human. The good thing about these modern times is that there is always someone trying to think of how to make our first world video problems go away.
Sanskar Tiwari, a software developer and educator at YouTube, found it time-consuming having to edit videos to blur over things such as API keys, account emails, passwords, etc. Plus, having to wait for videos to render made the process even longer.
To solve his problem, he created a new web extension named Blurweb. According to the website, the extension helps “people doing live screen sharing or recording video to make sure their sensitive information is secure.”
The extension does this by giving you the option to blur out things like inputs, links, email addresses, and images.
So, how does it work?
- Once you have the extension, you can go on any webpage and turn it on by clicking on the extension icon.
- When the extension is on, a tab with a Turn Off/On, Clear All, and Close option tab pops up.
- With the extension on, you can select any element on the page, and the tool will automatically blur it out.
- Once the sensitive information you want saved is blurred, you can record or share your screen without having to worry that you’re accidently displaying that information.
If you want to remove the “blur” from your elements, you can select “Clear All” and everything will go back to normal. You can also quickly toggle the tool on and off and close it once you’re finished.
Since Blurweb.app runs as an extension on the web browser, it can work on any website and even works offline. If you’d like to check it out, you preview it on their website here.
Star Citizen: A cautionary tale of Kickstarter and crowdfunding
(TECH NEWS) Why is the most funded game in history still in development and has no clear release date? Why crowdfunding as a concept cannot be seen as reliable from a backer’s perspective.
Kickstarter – at its core – is a brilliant idea (and I wish I’d thought of it first). Creating a funding platform to literally allow anyone to bring an idea to fruition by asking for – essentially – seed capital and investors en masse via crowdfunding is truly appealing in every sense of the word. Originally a stronghold of new inventions, gadgets, and apparel, it quickly spread into the entertainment industry as well, with hobbyist game developers, auteur filmmakers, and first time writers given the chance to use crowdfunding to breathe life into their creations.
Star Citizen first appeared on the Kickstarter platform way back in 2012 and was hailed as the next great space simulation game. The campaign was started by Chris Roberts – one of the grand masters of the genre – who created the legendary Wing Commander series while working at Origin Systems. While these might be unfamiliar to non-gamers, anyone who played computer and console games in the 80s and 90s would recognize each name as a juggernaut of the industry.
Without going into specifics, this is the equivalent of Steven Spielberg asking for money to make Montana Miles, a new franchise centered around an ace paleontologist and all around tough guy roughneck adventurer who maybe had a run in or two with certain historical societies while pursuing artifacts from an ancient and forgotten world.
Ol’ Steve is definitely gonna get backers. To really set this up, imagine he asked for money in the late 80s. That’s the kind of perfect storm situation we’d have here.
Star Citizen managed to bring in over $2.1 million from nearly 35,000 backers at its inception, and the fervor and excitement was high. This was due to the pedigree of those involved in the project and the fact that a massive space sim had not seen release in several years (the video game industry – like many others – goes through cycles, with certain properties and genres fading into and out of popularity). Fans eagerly donated, and it reached its original $500K goal quickly, with 9 people contributing $10,000 each and another 19 pledging $5,000.
Since then, additional crowdfunding was conducted by giving fans the option to buy ships and other digital goods to be used in-game, bringing the total to $339 million in the past 10 years (accounting for pre-production and other planning that was done prior to the Kickstarter campaign).
Backing up for a second, consider that I just said 10 years. Which doesn’t sound too bad until you consider that the game is still not out and has no projected release date. If you go to their website, you can be directed to their Pledge Store to purchase ships and other items for a game that isn’t even done, and last released new public material way back in 2015. A side project meant to appease and entice backers – Squadron 42 – just announced its own delay.
And the developers have more or less given no reassurance or updated timelines. The prevailing theory is that this is the result of feature creep, but even this has sparked a number of heated discussions and angry denial from the developers.
Understandably, gamers are angry, and are (perhaps justifiably) lashing out (I won’t link to Reddit or any other forums, but it’s easy to sniff these out). There’s even a (hilarious) Imgur repository of broken promises and failed deliverables against a backdrop of developer feel-good rhetoric. At least one lawsuit has been filed.
Let me take a moment here to say that the gaming industry is no stranger to delays, and has also seen games be released in broken states. The biggest recent example is Sony pulling Cyberpunk 2077 from its digital storefront and offering refunds. Cyberpunk 2077 is the biggest and most anticipated game at the moment, but has been delayed countless times, suffered numerous glitches, crashes, is otherwise unplayable on console platforms (both the Playstation 4 and Xbox One), and been called a disaster.
Let’s not even go into talking about the legacy of delayed games, which stretches from Daikatana, Duke Nukem Forever, No Man’s Sky (though it should be noted that Hello Games has worked tirelessly to rectify the game’s original dismal state against its many, many promises)… The list goes on.
But we’re getting a little off course here by looking at traditionally funded games (even if there are dozens of problems there too). In terms of pure Kickstarter-funded debacles? There’s lots of examples, including DoubleFine’s Broken Age (famous for being the first major game to be crowdfunded and a story in and of itself), SpaceVenture (now over seven years late), and whatever it was that Yogscast game was trying to do (relevant because this was one of the biggest Youtube groups at the time). What about when backers paid for the Oculus Rift, only to have it purchased
outright by Facebook before it was even released to backers?
There’s too many fascinating and infuriating rabbit holes to go through.
So let’s talk about Kickstarter directly for a bit, because if we’re going to play the blame game (hah!), then we certainly need to consider their participation. As it stands, Kickstarter continues to operate with almost no oversight, and has remained a silent and invisible actor throughout these failures. In effect, they are a neutral third party.
Even worse, Kickstarter themselves say that a creator is under zero obligation to complete their project, and relies heavily on the fact that each and every crowdfunding campaign functions in a benefit of the doubt construct. If a creator reaches funding and is never heard from again, Kickstarter maintains that not only will they not pursue any kind of legal action, but doubles down on blaming the investing audience by stating that they knew the risks upfront. Put bluntly: Kickstarter has a very convenient excuse that “art works by different rules.”
In almost all instances, this has resulted in incomplete and abandoned projects, often fueled by lies, deception, and fraud. And yet, Kickstarter has dodged any and all liability, and it’s unlikely that backers can easily exercise any kind of legal action. A similar situation would be taking a contractor to court over an unfinished job, but having no way to actually enforce restitution even under a favorable judgement.
This doesn’t even take into account that there’s a chance of a rogue backer voicing so much dissatisfaction that they sue a company into bankruptcy. Sure, this sounds like reasonable punishment, is entirely legal, and conceivably is well within the rights of that person. But even so, does the blame lie with an inexperienced creator, impossibly high standards set by a (debatably unreasonable) customer, or with Kickstarter being an enabler?
The lofty goals of Kickstarter set against this backdrop of numerous pitfalls suddenly tarnishes its efficacy and integrity, exacerbated by a laundry list of what ifs and potentialities. There’s simply too many legal issues to navigate when it comes to crowdfunding.
Real quick, I want to mention a few other things – similar crowdfunding platforms such as Indiegogo have the same issues, GoFundMe is not without its own controversies, and Valve’s digital marketplace Steam gives developers the same loophole via its Early Access program by allowing them to keep a game in a forever-limbo state.
So I guess the lesson here is that all of these crowdfunding platforms should be treated with a similar attitude you might have when playing the lottery. At the least, try to vet the creator beforehand, as there are certainly viable companies that have run successful campaigns in the past. I encourage you to read user comments on a campaign’s page, research the company in question (have they put out successful products previously?), and be financially ready to lose the money you might put into a shiny new hypothetical.
Business Marketing1 week ago
Free shipping is everywhere… how can small businesses keep up?
Business Marketing1 week ago
Why you must nix MLM experience from your resume
Business Marketing1 week ago
How many hours of the work week are actually efficient?
Opinion Editorials1 week ago
The truth about unemployment from someone who’s been through it
Tech News1 week ago
Star Citizen: A cautionary tale of Kickstarter and crowdfunding
Opinion Editorials1 day ago
Ways to socialize safely during quarantine
Business Finance3 days ago
Is the convenience of payment apps worth the risk of fraud?
Opinion Editorials2 weeks ago
5 insights into building a culture with your remote teams