Kaspersky Lab experts have investigated an experimental cloud infrastructure for advanced bionic prostheses and have identified security issues that could enable a third party to access, manipulate, steal, or delete the private data of device users. The findings were shared with manufacturer Motorica, a Russian start-up that makes bionic upper limb prostheses to assist people with disabilities, allowing them to address the security issues.
The Internet of Things (IoT) is no longer only about connected watches or smart homes, but about highly complex and increasingly automated ecosystems. This includes connected technologies for healthcare. In the future, such technologies could shift away from being purely support devices, to becoming mainstream and used by consumers keen to extend the capabilities of the human body. Therefore, it is critical that manufacturers investigate and address any existing or potential security risks in current products, as well as their supporting infrastructure.
Kaspersky Lab ICS CERT researchers have undertaken a cybersecurity assessment of a test software solution for a digital prosthetic hand, developed by Motorica. The solution itself is a remote cloud system, providing an interface for monitoring the status of registered biomechanical devices. It also gives other developers an existing toolset for analysis of the technical condition of devices like smart wheelchairs, artificial hands and prosthetic feet.
The initial research identified several security issues in the software. These included an insecure HTTP connection, incorrect account operations, and insufficient input validation.
When in use, the prosthetic hand transmits data to the cloud system. Due to these security gaps, an attacker could:
- Gain access to information held in the cloud about all connected accounts, including logins and passwords in plaintext for all the prosthetic devices and their administrators
- Manipulate, add, or delete such information
- Add or delete their own users, including users with administrator rights
“New technologies are bringing us to a new world in terms of bionic assisting devices,” said Ilya Chekh, CEO at Motorica. “It is now of crucial importance for the developers of such technologies to collaborate with cybersecurity solution vendors. That will allow us to make even theoretical cases of attacks on the human body impossible.”
For manufacturers of bionic devices and other smart technologies, Kaspersky Lab recommends the following security measures:
- Review threat models and vulnerability classifications for relevant web-based and IoT technologies, provided by industry experts, such as OWASP IoT Project.
- Introduce secure software development practices based on
a properlifecycle. To evaluate existing software security practices, use a systematic approach like OWASP OpenSAMM.
- Establish a procedure for obtaining information on relevant threats and vulnerabilities to ensure proper and timely response to any incidents.- Regularly update operating systems, application and device software, and security solutions.
Implementcybersecurity solutions designed to analyze network traffic, detect and prevent network attacks – at the boundary of the enterprise network and at the boundary of the OT network.
- Use a security solution with machine learning anomaly detection (MLAD) technology to reveal deviations in IoT device behaviour — for early detection of attack, failure or damage of the device.
Three words transform addresses
From roaming Airbnbs in Mongolia to the positioning of emergency locations, what3words is flipping addressing on its head, writes BRYAN TURNER.
A collective of nomads in Mongolia wanted to offer a taste of their way of living on Airbnb. They had one problem: they regularly pack their houses up and take everything to another location.
This was until Airbnb started accepting what3words as a form of address. The service has mapped the world, including the oceans, into 3 meter x 3 meter blocks. Each of these blocks is represented by three dictionary words.
“Traditional addressing systems are not fit for purpose,” says Lyndsey Duff, South African country manager of what3words, speaking to gadget this week. “Addresses don’t cater to everyone. This represents tens of thousands of people who cannot talk about where they live. This restricts their ability to get e-commerce deliveries, and becomes life-threatening when they need to request emergency services.”
There are numerous examples in South Africa. For instance, just outside Durban, Kennedy Road is represented by one street on Google Maps, but looking at a satellite view reveals many more unmapped houses.
“Not having an address is a massive barrier to economic prosperity,” says Duff. “If you think about FICA and RICA in South Africa, trying to open a bank account or obtaining a SIM card becomes very difficult. Even registering a birth without an address becomes problematic.
“This also opens people up to fraudulent actors and makes their lives a lot more difficult than it needs to be. The UN estimates that four billion people don’t have formal addresses. Four billion people don’t have an accurate, reliable way to talk about where they live.”
Even those who have addresses may sometimes have issues with being found.
“There are 7 Joubert Streets in Johannesburg,” says Duff. “Repeated street names are not only a problem in South Africa, but around the world. There are 14 Church Streets in London, there are 365 Juárez Streets in Mexico City. This makes it really difficult to represent where you are, and makes it very difficult for those who are unfamiliar with the area to find where they need to be.
“Office parks and complexes can be difficult to navigate, especially when you need to get to a specific building and Google Maps only knows the centre of the office park. Someone could tell you, quite confidently ‘I’m in Block C’, but this doesn’t help someone who’s never been there before.”
But aren’t co-ordinates enough?
“Co-ordinates are the best way for one machine to talk to another machine about positioning. But how many people know there are three different types of co-ordinates? Remembering three words is a lot more convenient than remembering 16 digits. It’s also less likely that you’ll swap two numbers around to end up an hour north of Pretoria when you’re supposed to be in Johannesburg CBD.”
Who’s going to use it?
what3words began operations in South Africa in 2017, and is now accepted across a number of platforms, including the iStore, for deliveries. It is also used by the Automobile Association of South Africa to help locate its members needing roadside assistance. Zulzi now allows customers to get groceries delivered within one hour to their what3words address, and The Platter’s Wine Guide has listed the 3-word address for over 700 wineries in its 2019 guide.
Mercedes Benz has even integrated what3words into its navigation system to assist drivers in getting to unmapped roads.
Download the what3words app for free for both iOS and Android, or by browser, and check your exact address even while offline.
Robots will be cobots, not competitors
Modern efficiency technologies in the workplace are often the source of stress and anxiety as they have now reached a level where they are able to take over some of the work previously done by people. This leads to a natural fear that jobs and livelihood are at risk.
One of the more topical of these technologies is robotic process automation (RPA). It is often positioned as the holy grail of internal optimisation and is a prime candidate for entrenching these job risk fears.
The RPA rhetoric is all about how it, and similar technologies can improve the bottom line by reducing headcount and doing tasks faster than people. IT departments then bring these technologies in and impose them on workers, exacerbating this fear that robots will take our jobs.
But there is another way to approach the optimisation challenge.
This same technology can be introduced to individual employees, and they can be taught how to train their own personal robot or collaborate with a and one, this allows them to choose what gets automated.
This changes the rhetoric from “The robots are coming to take our jobs” to “My time is so valued that the organisation has hired me a personal assistant”. I like to term this use of the technology ‘co-bots’.
Programming the co-bot is easy as RPA robots can often be taught by a simple “drag-and-drop” process and employees don’t have to be coders.
These automation processes are very good at repetitive tasks where there is a clear and predictable outcome, a type of work often dreaded by knowledge workers.
Recently, a team at Dimension Data needed to move 8000 video files from one place to another. This mundane task required that files were individually downloaded and then uploaded elsewhere. It would have taken a human a month and a half of full-time work, but it took half an hour to program a bot to carry out this process.
As employers, we need to consider how much of our workforce is doing mundane repetitive work.
Travel recons, leave recons, bonus calculations are not core to the employee’s job and not core to the business either. They are more likely to leave a knowledge worker feeling frustrated rather than fulfilled.
Outsourcing this type of work to co-bots, could help alleviate this frustration, while at the same time, freeing up the individual’s time focus on strategic, creative and valuable tasks.
The increasing use of co-bots in the workplace does lead to some interesting scenarios, as they work alongside humans and become more independent.
Recently, Dimension Data rolled out a bot to assist with client contract renewals. The bot was required to run a report in our ERP solution, reformat the report, and upload it back into our sales pipeline management tool.
In order to access these platforms, the bot required a standard user account for the platforms, which meant it needed an active directory account. Our active directory account is linked to our HR system which meant a new employee record needed to be created in our HR system – effectively creating a new employee.
As expected, the bot performed wonderfully, but it was also automatically enrolled in our induction programme, causing some consternation when it didn’t arrive on the scheduled day.
There can also be cultural challenges with RPA co-bots, in that they are not programmed to manage social nuances, but rather to carry out work efficiently. The same system ran into trouble because some of the people dealing with it via email didn’t know it was a bot and found it to be quite abrupt and impersonal. For example, “How are you today?” was met with silence.
I like to compare a co-bot in the workplace to an intern or a fresh graduate. They are enthusiastic, with endless energy, and will take on all the mundane tasks. However, you shouldn’t leave them unmonitored for too long, as they will probably break something due to inexperience.
Very often, business leaders build robotic business use cases on where they see value rather than where the individual employee could see value.
Automation take-up can suffer when too few people are involved in the rollout and when employees sense it is being imposed upon them. But by involving every business unit and function in the process, with each one able to define their own journeys, more employees will embrace it as it makes their own lives easier.
In a recent Gartner study of companies using artificial intelligence and robotics, 16 percent of companies reported job decreases, while a surprising 26 percent reported an increase in jobs as a result of their efforts.
The advent of the motor car is a good parallel to this. Henry Ford’s model T car put a lot of farriers and street cleaners out of business, but instead, now we have mechanics, panel beaters, auto electricians and car washers.
While it is true that these disruptive technologies could take over several tasks currently assigned to unskilled labour, for me, that simply highlights our responsibility as companies to encourage the continuous personal development of our people.
By giving employees an automation tool and encouraging them to find uses for it, we can start them on a journey to find their niche in this new digital economy.
As unskilled vacancies are replaced by skilled vacancies, It is up to us as a society to ensure our people are making the same transition and are able to fill the new roles required of them .
It’s a daunting future, but an exciting one, with the potential to positively impact all of us.