Great...
Spyware-on-a-chip....
Ready to be added to anything and everything that runs on electricity...
Amid the enormous bundle of digital-assistant devices and technology Amazon super-hyped this week, one particular component has the potential to change the future of the smart home market. It's hardware that, in theory, would allow any manufacturer to make their products work with the Alexa system. The Alexa Connect Kit is …
Most likely that Amazon chip will have built in wifi, so since they can't count on that from a typical blender etc., so it would be impossible to disable. Even if you don't program it with your SSID/password, it would be constantly trying to connect to something, so it would be only a matter of time before someone figured out a way to hack into it. Attacks against the wifi chips in Android & iOS phones were done a couple years ago, if you can p0wn a phone that takes security seriously you sure as well will be able to p0wn a microwave or blender.
I'm sure nothing bad would happen if someone was able to hack into my microwave and make it turn on and stay on with nothing in it. I'm sure nothing bad would happen if they were able to hack into my oven and do the same. Or cycle my blender on/off repeatedly, turn my refrigerator off, dryer on and so forth.
Unfortunately a lot of idiots are buying into this Alexa nonsense, so a lot more people would think of it as a feature than people like us who would see it as a negative, so appliance makers will probably be lining up to built Amazon's shit into their products.
"I'm sure nothing bad would happen if someone was able to hack into my microwave and make it turn on and stay on with nothing in it."
Well, I CAN attest that there was a thermal fuse in ours that blew after the potato that I'd intended to cook for 6 minutes was about 15 minutes into its conversion to charcoal. (Extra zero on the cook time.) But the oven was really never quite the same even after I replaced the fuse.
> Extra zero on the cook time.
Some microwave ovens provide superb examples of very bad UI design. Some have you press five buttons just to reheat a cup of tea for twenty seconds (and the sequence isn't in an intuitive order, either), when others have a two-knob design (power, time) that works well. Tech publisher Felix Dennis said that one of the joys of being a millionaire (besides the island homes, cocaine and attractive staff) is that every home he owned had the exact same model of microwave oven - so he wouldn't have to learn how to use a new one.
"Some microwave ovens provide superb examples of very bad UI design."
Some? How about most?
I swear there's a secret cabal somewhere, dedicated to ensuring that microwave UIs get progressively worse over the years. The technology itself has barely changed in decades, and yet every time I get a new one it's more difficult to use than the one it replaced. They've come up with *one* good idea in that time (press the start button multiple times to add +1 minute), and destroyed that benefit with several steps back elsewhere.
I used to be able to punch a power level with a dedicated button (one keypress), then key in the time I want and press Go.
Now I have to press power, twist a knob to the power level I want, press power again, twist the stupid fucking knob (GODDAMNIT I HATE THAT KNOB) to the amount of time I want, hopefully not anything over 3 minutes so I don't have to sit there spinning the damned thing, and then press start. And if I want to add time, it's only in increments of a minute - which is easily the difference between lukewarm and charcoal for some foods.
The mega goods corp working with the mega retailer corp? That can only smell like bad news.
I don't think you will be talking to your box of Bold 3, I think you will be having a conversation with it.
All seriousness aside though; a washing machine where you load a cartridge of powder, and it re-orders when it is getting low and calls out an Amazon Maintenance Expert when it feels ill?....
All seriousness aside though; a washing machine where you load a cartridge of powder, and it re-orders when it is getting low and calls out an Amazon Maintenance Expert when it feels ill?.
That 'Expert' will take one look at your machine, take a deep breath and say,
"Sorry Love, we don't carry parts for that device. It is what? 15 months old. It is obsolete now."
Once you have recoiled in horror.
The 'Expert' will say,
"Perhaps we can interest you in one of these lovely new devices?"
"Other people just like you have bought this beauty"
etc
etc
etc
All part of the Bezos grand 'cunning' plan to rule the retail world. Sell crap and lots of it to people who have been brainwashed into believing that Alexa is your friend.
None of that shit is coming into my home and neither are any of the likes of Alexa or Siri.
Yours
Grumpy of Tunbridge Wells.
Be careful! When neither Siri nor Alexa have occupied your home, it could happen that a ragged, homeless and unemployed voice assistant called Cortana tries to sneak in. Best to have some voice assistant mock-up, a kind of scare-assistant in your house to keep those critters away.
I wish there was a way to register my disinterest, other than not buying any of this crap of course.
Sometimes I'm glad I'm old. Not always, there were some advantages to having a properly functioning body.
I know da yoof (proper Dad speak as I understand it) are entitled to enjoy and make use of things my generation don't 'get' (I did when I were a lad, sorry dad), but all this IoT stuff is mostly bunkum and insecure to boot.
Maybe one day it will be okay, but given the mission creep by companies wanting ever more detail about my life I doubt it.
> "America has had this for decades."
No, they really haven't - the Chinese system is in a whole different league (as befits the world's preeminent slave labour camp). From Wikipedia:
"Once implemented the system will manage the rewards, or punishments, of citizens on the basis of their economic and personal behavior. Some types of punishments include: flight ban, exclusion from private schools, slow internet connection, exclusion from high prestige work, exclusion from hotels, and registration on a public blacklist."
"If it has Alexa inside, I won't have it in my house.
Even if they give it away free of charge."
I feel your pain, but next time your telly breaks beyond economic repair, have trying to find a new TV that isn't "smart" and may well have it's own WiFi or one of these Alexa chips inside it. And before you say that you'll never allow it to connect to your network, have a think about the Amazon Kindle "WhispaNet".
"Funny how during a press conference this week announcing the new internet-connected gear, which went on for over an hour, Amazon didn't mention data privacy at all."
_____
A World-wide anti-tech backlash / revolution can't come soon enough:
_____
GDPR 'belittling_contempt' - Net Results: Many US tech firms still dismissive of GDPR - The US attitude has always been dismissive towards EU privacy and data protections. I’ve sat through countless sessions at events in the US where EU protections that were supposed to be observed already under the former principles of Safe Harbour data transfer, and later its current replacement Privacy Shield, were discussed with, at best, mild annoyance and too often, belittling contempt.
This is is why I’ve always doubted that many US organisations took either seriously. And I know from talking to individuals who know the position at first hand, that, in practice, many haven’t. - Silicon Valley companies, in particular, are grossly underestimating their GDPR obligations. “Companies that think they can just block EU IP addresses and avoid the GDPR are kidding themselves. There are plenty of legitimate reasons for an EU user’s IP address to appear as if it is from outside the EU. As soon as that happens, the company likely has GDPR obligations.” -
_____
https://www.irishtimes.com/business/net-results-many-us-tech-firms-still-dismissive-of-gdpr-1.3489504
https://www.bloomberg.com/view/articles/2018-09-21/amazon-s-alexa-soon-all-home-appliances-will-be-listening-in
------------------------------
"Amazon probably wanted its latest new product presentation to be exciting. Instead, it scared me."
"The products Amazon is rolling out are all based on its Alexa voice-assistant technology. They include new smart speakers, a subwoofer, a gadget to put Alexa in cars, a voice-activated microwave and even an Alexa-enabled wall clock. If you installed them all, you would essentially be bugging all of your private spaces. Privacy wasn’t mentioned even once during the presentation, which took place just a few months after an Amazon Echo recorded its owners’ private conversation and sent it to a random phone contact; it misinterpreted words in the conversation as a succession of commands."
"What really worries me is that in the near future, I won’t be able to buy an appliance that won’t eavesdrop on me and send the information to an outside server at Amazon, Google or some other company."
------------------------------
"Most consumers who willingly give up their privacy for the convenience of voice recognition don’t even realize the technology can work without opening up one’s home to round-the-clock eavesdropping, whether malicious or accidental. A small French company called Snips has been working for years on private-by-design voice recognition. Voice commands are processed on the end user’s device, making the data transfer unnecessary. The underlying artificial intelligence is trained without central servers"
------------------------------
"U.S. giants don’t bother with the creative safety precautions because they’re interested in vacuuming up as much customer data as possible, and they figure consumers will snap up their gadgets anyway, thanks mainly to their next-to-unlimited marketing resources."
*That* might be useful -- a simple hardware solution providing self-contained voice-recognition and parsing, allowing all sorts of gadgets to accept input from a microphone as easily as a keyboard, without the risks of spaffing your entire life to a faceless corporate.
But this is the Alexa Connect Kit and reading right to left it is perfectly clear -- you have to do the hard work, to borg your device, to Mr Bezos' bank account.
we all develop interest and skills in maintaining things that work. Also vintage cars that do not talk to anything (or you). Given coffee disasters of Something for the Weekend this week where working networks were required for the simplest purchase, imagine the chaos a backhoe could cause. Perhaps the Amish have a point.
I did a little test recently. I setup a an OpenWiFi network that was totally air gapped from my home network which is really locked down. It wasn't connected to the outside world but looked as if it was.
I left it running for a couple of days and then looked at the logs.
Was there zero traffic? was there heck. Several IoT devices from next door but one had connected to it within minutes and were phoning home, or trying to every few seconds.
They were oblivious to the way their gadgets operated and really just didn't care.
IoT secure? Think again.
So what sort of safety interlocks would be required with devices like microwaves and other things capable of generating fire if abused?
Would Amazon be able to keep its firmware updated?
How would it connect into a home network? How would you pair a device to your network?
What sort of network access would it have to other devices in the house?
All this smart home crap.. I reckon router manufacturers are going to have to step up their game and start offering WiFi router APs with more granular permissions - "this device class may contact cloud X, and speak with other devices of type Y in the home, but is blocked from Z"...
I dunno.. the whole "smart home" thing requiring armies of servers in remote data centres, with all the associated electrical consumption seems counter intuitive. The only real benefit is the real time data acquisition the businesses can get from consumers through the pages-long clickwrap agreements.
"So what sort of safety interlocks would be required with devices like microwaves and other things capable of generating fire if abused?"
All your waking ours will be spent monitoring your network connection for rogue devices and sleep or work time will require shutting off the house power switch to protect it while you can't. Progress, eh?
Amazon do a simple little deal with Google & Apple and smartphone begin providing an always-on silent network for these PoS to phone home. After all they don't need to know what happening in your home when all the phones are telling then you're somewhere else.
Find the Alexa chips (they will be very small) and then apply a hot soldering iron for about a minute.
What a great way to ensure I never buy one of your products.
They may be acceptable to the dumb masses but I will never allow one of these spy devices in my home. A colleague got an Alexa for Xmas last year and brought it into the office, strangely it died before it could record any of my voice. He was warned.
What's so amazing about a small cheap chip or module incorporating wifi/bluetooth, a simple low power processor, some DSPs, maybe a Neural Net accelerator, I/Os for microphones and speaker, SPI/I2C/UART to connect to the rest of the system, some standalone firmware to provides a high level interface, and code samples on how to use that high level interface?
It's a twin core, 32 bit micro-controller on a chip with built in RAM, flash ROM, WiFi and Bluetooth. It's cheap ($4 on a module or $2.80 for the chip alone) and can run the Alexa SDK. All Amazon need to do is produce their own native stack for it and the job's done.