The Geek’s Reading List – Week of July 31st 2015
I have been part of the technology industry for a third of a century now. For 13 years I was an electronics designer and software developer: I designed early generation PCs, mobile phones (including cell phones) and a number of embedded systems which are still in use today. I then became a sell-side research analyst for the next 20 years, where I was ranked the #1 tech analyst in Canada for six consecutive years, named one of the best in the world, and won a number of awards for stock-picking and estimating.
I started writing the Geek’s Reading List about 12 years ago. In addition to the company specific research notes I was publishing almost every day, it was a weekly list of articles I found interesting – usually provocative, new, and counter-consensus. The sorts of things I wasn’t seeing being written anywhere else.
They were not intended, at the time, to be taken as investment advice, nor should they today. That being said, investors need to understand crucial trends and developments in the industries in which they invest. Therefore, I believe these comments may actually help investors with a longer time horizon. Not to mention they might come in handy for consumers, CEOs, IT managers … or just about anybody, come to think of it. Technology isn’t just a niche area of interest to geeks these days: it impacts almost every part of our economy. I guess, in a way, we are all geeks now. Or at least need to act like it some of the time!
Please feel free to pass this newsletter on. Of course, if you find any articles you think should be included please send them on to me. Or feel free to email me to discuss any of these topics in more depth: the sentence or two I write before each topic is usually only a fraction of my highly opinionated views on the subject!
This edition of the Geeks List, and all back issues, can be found at www.thegeeksreadinglist.com.
ps: Sorry about the quality of articles. Its been another very slow news week.
1) This new 3D XPoint memory could last forever
This may be the most significant technology announcement of the past few years, however, the public information on the technology is a masterpiece of saying nothing (Intel press release: http://newsroom.intel.com/community/intel_newsroom/blog/2015/07/28/intel-and-micron-produce-breakthrough-memory-technology presentation video https://youtu.be/VsioS35D-HY). The figures provided are typically prefaced with “up to”, rending the information meaningless as in “my net worth is up to $100 billion”. Even the questions asked during the presentation where banal, suggesting the questioners were planted or too ignorant of memory technology to ask meaningful questions. Most of the write ups I’ve seen appear to be based on speculation, including some which actually contradicted the information provided. It appears the cost (somewhere between DRAM and FLASH – at least a 20:1 range) means that over the near term this device will only be useable in exotic equipment or that a modified PC architecture and OS will be required to exploit it. The good news is, the product is expected to be on the market in 2016, by which time, no doubt, actual useful information will be available. Thanks to my friend Humphrey Brown for bringing this story to my attention.
“Intel and Micron this week unveiled a new type of memory they plan to mass produce that is purportedly 1,000 times faster than NAND flash and has 1,000 times the endurance. One thousand times the endurance would be about one million erase-write cycles, meaning the new memory would last pretty much forever. By comparison, today’s NAND flash lasts for between 3,000 and 10,000 erase-write cycles. With wear-leveling and error correction software, those cycles can be improved upon, but still don’t get anywhere near 100,000 cycles. The new product, 3D XPoint, is essentially a mass storage-class memory that, while slower, is still cheaper to produce than DRAM and vastly faster than NAND. Most importantly, it’s non-volatile. So when the power goes off, the data remains intact — just as it does with NAND flash.”
2) Review: Windows 10 is the best version yet—once the bugs get fixed
The launch of Windows 10 is another big story for the week. As scheduled the company rolled out free upgrades starting a couple days ago (I was amused to see Staples was charging $25 for the upgrade, presumably for clicking the install icon). The OS seems fast and stable and is a marked improvement over the abomination of Windows 8 and even the somewhat fixed Windows 8.1. The upgrade is not without its issues: my HP notebook will no longer awake from sleep mode, a problem which I expect will be corrected in due course. In addition, there are serious privacy concerns (see item 3) which can be mitigated by not using a Microsoft account and adjusting a profligacy of software settings in your favor.
“I’m more conflicted about Windows 10 than I have been about any previous version of Windows. In some ways, the operating system is extremely ambitious; in others, it represents a great loss of ambition. The new release tries to walk an unsteady path between being Microsoft’s most progressive, forward-looking release and simultaneously appealing to Windows’ most conservative users. And it mostly succeeds, making this the best version of Windows yet—once everything’s working. In its current form, the operating system doesn’t feel quite finished, and I’d wait a few weeks before making the leap.”
3) Windows 10 Is Spying On You: Here’s How To Stop It
As we noted in item 2, one major criticism of Windows 10 is that it spies on you and, presumably, Microsoft sells your information to whoever wants it. You can reduce this spying through not using a Microsoft account, not using their cloud services, and adjusting security setting accordingly. I would suggest avoiding the new Microsoft browser which does not appear to support adblockers or tracker blockers yet.
“Importantly, you can opt out of what seems to be all this stuff (time will tell) either during installation or afterwards, though Microsoft swaddle it in a combination of dissembling “hey, this stuff’ll really help you get the information you want’ fluff and 45 pages of service agreement documents. I’ll refer you here and here for a detailed breakdown of the really worrying stuff, but the long and short of it is the operating system assigns you a unique advertising ID, which is is tied to the email address you’ve associated with Windows and fed data from a great many facets of your computer usage. Including the contents of messages and calendars, apps and networks, some purchases and whatever you upload to Microsoft’s unreliable OneDrive cloud storage. Using the Cortana search assistant makes the harvest even more aggressive, and of course the OS claims it’s all in the name of a better, more accurate online experience for you.”
4) The New Moto X And Moto G Are Incredibly Cheap Yet Powerful Phones
I continue to believe smartphone pricing is under pressure, a trend which will have profound ramifications for the likes of Apple. Eventually it will be hard to convince people to part with $700 when more advanced features can be found in a phone at half the price. Motorola (now Lenovo) appears to be establishing itself as a cost effective alternative. It is interesting to note they will be making the Nexus 6 (i.e. the next Google phone) which allows speculation that will be attractively priced.
“Motorola has just unveiled its new lineup of smartphones, the Moto G, Moto X Style and Moto X Play. While these phones are mostly updated versions of their previous iterations, Motorola is sticking with its key advantages — price, customization and less bloatware. The Moto G is a 5-inch Android phone that costs $180 without any carrier subsidy. The Moto X Style is an updated Nexus 6-style phablet as Motorola is the maker behind the Nexus 6. And the Moto X Play is a cheaper version of the Moto X Style that you won’t find in the U.S.”
5) Amazon Wants Dedicated Airspace for Delivery Drones
There was a fair bit of news in the drone front this week. Amazon seems to be pushing ahead with its daft idea to offer drone delivery services. One can hope that regulators see the hazard of allowing swarms of flying machines overhead, given the serious hazards associated with the failure of drones. Given that the energy from a falling object is associated with altitude, I’d prefer the things not be allowed over 10 feet off the ground wherever there might be people below.
“Amazon proposes (PDF) that airspace from 200-400 feet off the ground be exclusively reserved for delivery drones. The next 100 feet above that would be a no-fly zone, acting as a buffer between the drones and commercial aircraft. Amazon also says the drones allowed to fly in the 200-400 foot airspace need to be equipped with the following capabilities: Advanced GPS system to pinpoint their location in real-time along with any nearby drones; A reliable Internet connection to maintain communications with that real-time GPS data; Online flight planning to predict and communicate their flight path; The ability to collaborate with other drones to avoid collisions; Sensors to avoid other obstacles such as birds, buildings and cables.”
6) Drones and driverless tractors – is this the future of farming?
Of course, not all drone applications are idiotic and frivolous. This article is more about some of the advanced technologies being used in farming than drones, but drones can be useful for farming as well as other valid industrial applications. Needless to say, agricultural equipment is already extremely dangerous and farms are notable for low population density so my concerns about delivery drones do not apply.
“The N Sensor gives an example of the kind of precision technology available to farmers today. It consists of a cab-mounted tool – imagine a surfboard bolted onto the roof of a tractor – that is equipped with sensors at either end. The sensors gaze outwards, analysing the colour of a growing crop. From this data the N Sensor determines its chlorophyll content and, by an extension of logic, the crop’s nitrogen requirement. The N Sensor then relays the data to a spreader, which, in turn, applies the required dose of fertiliser to a specific part of the field. “People would be surprised at how much of this is going on,” Blacker says. A Defra report from 2012 found that 22% of farmers have GPS steering systems, 20% do soil mapping, 16% variable rate application (using technology like the N Sensor) and 11% yield mapping. Although these numbers might seem low, precision techniques are mostly used by farmers with large acreages who have greater resources to invest in the technology and make it cost effective.”
7) Ky. man arrested after shooting down $1,800 drone hovering over sunbathing daughter
One of the numerous potential misuses of drones is violation of privacy. When this story originally surfaced it was about some dumb redneck who shot down a drone. Turns out the drone may have been spying on the guy’s daughter. What is interesting is that there is a good chance that if the drone operator had been on his property and guy had shot him he probably would not have been charged. Heck, I’d probably shoot down a drone over my property just on principle. Thanks to my friend Duncan Stewart for bringing this story to my attention.
“A Kentucky man shot down an $1,800 drone hovering over his sunbathing daughter and was then arrested and charged with first degree criminal mischief and first-degree wanton endangerment. “My daughter comes in and says, ‘Dad, there’s a drone out here flying,’ ” William H. Merideth, 47, told a local Fox News affiliate reported Tuesday. The Bullitt County father shot at the drone, which crashed in a field near his yard Sunday night. The owner of the drone claims he was only trying to take pictures of a friend’s house, the station reported.”
8) The battery revolution that will let us all be power brokers
This is the second Tesla reference I’ve seen which seems to be dialing back expectations of “miraculous battery breakthroughs”. When Tesla announced “Ludicrous Mode” (http://www.teslamotors.com/blog/three-dog-day), Musk stated “On average, we expect to increase pack capacity by roughly 5% per year” and now this fawning and highly speculative article cites a 30% reduction in production cost (5.4% CAGR) over 5 years. Of course, that is production cost, which is a small component of the cost of a full up battery pack so there is little reason to suspect any revolution is afoot.
“Tesla has no plans to stop there. Lithium-ion batteries are so important to the company that it has taken manufacturing into its own hands, building a “Gigafactory” just outside Reno, Nevada. By 2020, the company plans to produce as many lithium-ion batteries annually as the entire world produced in 2013 – enough for a fleet of 500,000 electric cars – and with a 30 per cent reduction in production cost per battery.”
9) London’s new hybrid Routemaster buses have major battery issues
As I have repeatedly commented, lithium ion batteries (actually all rechargeable batteries) get used up with every charge and we can expect the proud owners of Teslas will follow the angry owners of Nissan Leafs in due course. A battery electric bus sounds like a grand idea, provided you forget everything you know about batteries. Unless EVs occasionally driven by the wealthy for a couple hours a day, electric buses are expected to be on the road for a shift. This means the batteries are actually used and, as a consequence of the inherent weakness of current rechargeable battery technology, get used up real quick. Thanks to my friend Duncan Stewart for this item.
“London’s new Routemaster bus has major battery issues. The bus, thanks to its “green” diesel-electric hybrid powertrain, is meant to be “the most environmentally friendly bus of its type”—according to Transport for London, anyway. Out of the 500 new Routemasters currently on the roads, however, 80 of them are running in diesel-only mode because of failed batteries, pumping out lots of pollution. TfL admitted to the BBC that, in total, 200 of the buses will soon have their batteries replaced. The new Routemaster, which pays homage to the iconic double-decker Routemaster that operated in London from the ’50s all the way through to 2005, was meant to be the next big thing for London’s public transport network. The bus, which is colloquially known as a Borisbus or Borismaster, was introduced because of a campaign pledge during Boris Johnson’s campaign to become Mayor of London. In practice, however, since they were first introduced in 2012, the new bus has been plagued with issues.”
10) GitHub Raises $250M Series B Round To Take Risks
I have two articles showing how absolutely loopy startup valuations have become. For those who are not aware, GitHub is a repository for open source projects. This allows open source developers to provide a consistent download environment as well as whatever other community related functions they might have. GitHub has increased in profile since the debacle of SourceForge, which used to do the same thing until it started becoming a hotbed for malware distribution. The concept itself is not a novel one, nor is the implementation particularly complex. There are no barriers to entry: once GitHub’s corporate overlords decide to monetize their efforts with the same sort of things which doom all similar projects, people will just move on. Of course, the financial backers could care less whether GitHub is viable: the hope is that the IPO gravy train stay around long enough to dump it on an unsuspecting public.
“GitHub, the software development collaboration and version control service based on the popular open source Git tool, today announced that it has raised a $250 million funding round led by Sequoia Capital. Andreessen Horowitz, Thrive Capital and Institutional Venture Partners also participated in this round. The company, which was founded back in 2008, has now taken a total of $350 million in outside funding. While the company isn’t talking about its valuation, the WSJ reports that it’s currently hovering around $2 billion. GitHub’s 2012 Series A round was led by Andreessen Horowitz. At the time, the company’s valuation was said to be around $750 million. As GitHub CEO and co-founder Chris Wanstrath told me shortly after the new round was announced, the company plans to use this new round to accelerate growth and expand its sales and engineering team (as most companies do when they raise). He also stressed, though, that the round isn’t just meant for that. “The round is not just to accelerate, but also to allow us to think bigger and take larger risks,” Wanstrath said.”
11) Caller ID App Truecaller Is Raising $100M At A $1B Valuation
This is the second article showing idiotic valuations startups are attracting. Aps, by their nature are not complex things, and there is little in Truecaller’s operation which seems even remotely challenging to replicate. I know my phone shows me who is calling, and though I get the occasional call from auto-dialers counter measures are fairly simple (ignore any calls with blocked ID, block such numbers if they call more than once). So, long story short, there is minimal value add to this application, no real barriers to entry, and – as we have come to expect – to evident sustainable business model (except, of course, the ubiquitous advertising). The funds and bankers know all that and don’t care: provided the IPO pipeline remains full, they’ll cash out and let pension plans takes the hit. Failing that, Facebook, Google, or some other large company will buy them out – after all, better to give your shareholder’s money to the shareholders of a startup than to them as a dividend. Party like its 1999!
“Communications apps that strike a chord with users across different markets are hot property these days, and it looks like another one of them may soon enter the so-called unicorn club. TechCrunch has learned that Truecaller — a caller ID app that now has 150 million users — is looking to raise around $100 million at a $1 billion valuation. We’re hearing that Truecaller has hired Morgan Stanley to lead the process, and there are term sheets out. The round is likely to have previous and new investors. To date, True Software, maker of Truecaller, has raised around $80 million. Previous investors include Atomico, Kleiner Perkins Caufield & Byers, Sequoia Capital, Access Partners and Open Ocean.”
12) Chinese researchers make breakthrough in SLA 3D printing, soon be able to 3D print porcelain teeth in minutes
If you have ever had a cap placed on a tooth you know it can entail multiple visits to the dentist. Besides the mechanical work, the dentist has to send out to have the actual cap made, meaning you walk around with a temporary one for a couple weeks. If this machine can be commercialized, the dentist would take an impression (probably a 3D scan) of your existing tooth, prep you, either take an impression or 3D scan of the “stump”, print out the replacement tooth, and install it in a single visit.
“Yesterday, scientists from the Guangzhou Nansha Additive Manufacturing Technology Research Institute have unveiled a new SLA 3D printing technique that can be used to create detailed porcelain (and other ceramic) objects quickly. The research team over at the Nansha Additive Manufacturing Technology Research Institute in Guangzhou spent over a year developing this new 3D printer, and is currently in the debugging stage. While the unveiling is expected to take place in the very near future, it has already been leaked to reporters that the 3D printing speed is several times faster than comparable machines, while this 3D printer is also capable of working with a very large variety of materials, including ceramics, metal filler materials and more. Among its possible applications is a the fantastic medical solution of 3D printed porcelain teeth.”
13) Stop paying for e-books (and start stealing them)
This might be controversial, but I am sympathetic to the message. E-books are significantly cheaper to produce (after all there is no physical book) include severe restrictions on use compared to paper books, and yet prices remain high, sometimes costing more than the paper version of the book. This article focuses on DRM, which is responsible for the restrictions, but the pricing issue alone is reason to pirate. I’ve always thought it was a pity there was no “mea culpa” clearing house where e-book pirates could pay the authors to assuage their conscience. In most cases the pirate is OK with the creator getting paid.
“Walk into almost anybody’s house in America, and you will find a library. Whether it’s an Ikea bookshelf containing textbooks and a few second-hand novels or an entire room of floor-to-ceiling shelves, the presence of books in our homes has come to be a cornerstone of our democracy. Individually, our books record our own personal intellectual heritages and offer a means to share them with each other, as well as to pass them down to future generations. Collectively, our books are a bulwark of a free society. But this bulwark is rapidly being destroyed by digital rights management (DRM) software. It’s clear that the physical book is on its way out, to be replaced by e-books. While some will bemoan the gradual demise of the physical bookself, a far more troubling implication of this transition is that because of DRM we will lose control of and access to our books, individually and collectively. Currently, the vast majority of books available for purchase on the three major e-book stores (Kindle, iBooks, Nook) are encumbered with DRM encryption.”
14) Sri Lanka Becomes First Country to Get Universal Internet With Project Google Loon
This item got considerable attention, with all examples I found having a similarly misleading title. Presumably, having the headline match the contents doesn’t garner as much attention. In fact, Sri Lanka is not the first country to get “Universal Internet”, they are the first country to sign a Memorandum of Understanding (MoU) with Google to allow Google to deploy it scheme to deliver broadband. Whether such a scheme will, in fact, work, remains to be seen. If, as, and when, the system is deployed and happens to work for more than a few days straight, then we’ll see what happens.
“Telecom companies across the world are trying to bridge the Internet gap among the people of all the countries. We recently saw how Google Inc along with ISPs, such as Cox and Century Link, partnered with the White House to provide minimal cost internet service to more than 275,000 low-income households of the United States of America. In the latest development, Google and The Government of Sri Lanka had signed a MoU to launch the PoGoogle Loon project in the island nation to provide high-speed Internet to its citizens throughout the country. With this project, Sri Lanka will become world’s first country to have Internet access across the entire nation with the government support. It seems Sri Lanka is heeding to the advice of US President Mr. Barack Obama who just recently said the Internet is not a luxury, it is a necessity.”
15) Report: Spain’s Google Tax A Disaster For Newspapers, Internet Innovation
The best laid plans of mice, men, and newspapers are oft’ torn asunder. It seemed like a great idea: make companies pay for the privilege of directing traffic to your website. After all, it beats the heck out out of paying companies to direct people to your website, which is, more or less the intent of Internet advertising. And what better way to do that than to pass a law demanding compensation for this affront? Who knew that, rather than paying to refer traffic to Spanish newspapers, search engine companies were simply going to delete them from their search results?
“Call it one of the most egregious examples of unintended consequences. The effort of the Spanish newspaper association and Spanish government to get Google to subsidize Spanish news publishers with a mandatory link tax (under the guise of copyright fees) is a massive disaster — for publishers, for the Spanish internet and for innovation in the country. Here’s the history: the Spanish Newspaper Publishers Association successfully convinced Spanish lawmakers in late 2014 to pass a strict “anti-piracy” law, which mandated compensation for the appearance of newspaper publishers’ content on news aggregation sites as of January 1, 2015. It was effectively directed at Google but applied broadly to all news/content aggregators. In response, Google shuttered Google News in Spain, though it has continued to present Spanish news sites on its main search engine results page (SERP) and in other ways. The Spanish publishers then tried unsuccessfully to get the government to force Google to keep Google News alive in Spain (to collect the tax).”
16) Qualcomm, NCTA continue to battle over FCC regulation of LTE-U, LAA
I recently had discussions with a local wireless Internet operator who was deploying LTE based services in my area. While we tend to associate LTE (4G Wireless) with licensed mobile operators, the spread spectrum technology can be used on any appropriate RF band. LTE radios are produced in vast numbers for the smartphone market so this is a boon to purveyors of rural broadband since all the gear is much cheaper than it otherwise would be. I was not aware there is a move to put LTE into the unlicensed bands currently used by WiFi and other technologies such as wireless phones and baby monitors. Whenever a new use for an unlicensed band arises, conflicts inevitably emerge. While the article addressed the concerned with use of unlicenses spectrum for LTE, it is not clear why unlicensed LTE would be used rather than WiFi, since the throughput of WiFi is already pretty high, and power limits associated with unlicensed spectrum would limit coverage.
“Representatives from Qualcomm and T-Mobile US argued this week that the FCC should not step in to regulate LTE Unlicensed (LTE-U) and related technologies. At a CTIA-organized briefing for reports on Monday, Qualcomm and T-Mobile officials argued that LTE-U can coexist happily with Wi-Fi and that opponents of the technology had not marshalled sound technical reasons for opposing it. Meanwhile, the National Cable & Telecommunications Association, speaking for many cable companies that have their own Wi-Fi networks, hit back hard against Qualcomm. In an FCC filing made public on Wednesday, NCTA said that Qualcomm has not engaged in meaningful collaboration with the unlicensed community, and that its proposals thus far on LTE-U/Wi-Fi coexistence are not fair or equitable.”
17) Despite recent claims, the EmDrive remains long on speculation, short on proof
There was a lot of press coverage of the “EmDrive” over the past week. Mainstream media even referred to it as similar to Star Trek’s impulse drive (which it is not: impulse drive is fusion powered ion drive and nothing like this). Long story short, a number of researchers claim they have replicated results of a gizmo which purportedly produces thrust without throwing anything in the opposite direction. According to the basic rules of physics, this is impossible. Of course, physics is occasionally shown wrong, but not usually at a fundamental level. The challenge at this juncture is that the thrust associated with the EmDrive is typically on the order of the measurement error of the apparatus doing the test, the observed effect is most likely an unexpected – but explainable through traditional physics – artifact of the measurement protocol.
“A new report from German researchers has made waves by claiming to validate the performance of the controversial EmDrive, but many articles on the topic have vastly oversold the results. Let’s see if we can find some clarity here. To begin with, the EmDrive is what’s known as a resonant cavity thruster. It relies on a magnetron to produce microwaves and is designed to produce thrust towards the narrow end of the cavity. The problem with the EmDrive (and with all reactionless drives) is that they seem to violate the law of conservation of momentum. That law says that the total linear momentum of a closed system remains constant, regardless of other changes within the system. This is the origin of the phrase “For every action, there is an equal and opposite reaction.” When you take the “reaction” out of one end of the system, it’s difficult to explain how an “opposite” reaction actually gets started.”
18) Google Sees Long, Expensive Road Ahead For Quantum Computing
This article looks at some of the issues associated with quantum computing. Strangely, it seems bullish on the D-Wave system but very little information is provided as to why that should be the case. Indeed, as with the Em-Drive (Item 17), one rarely gets breakthroughs when one cannot, in fact, explain why the breakthrough occurred. Furthermore, extrapolations based upon an uncertain model of operation are probably unreliable. All in, the article suggests that even if quantum computing meets its promise the challenge will be in developing classical computers powerful enough to digest the results.
“The joke going around ISC 2015 was that no one really understands what quantum computing is and isn’t, and it was so refreshing to see that in the very first slide of the first presentation, Yoshi Yamamoto, a professor at Stanford University and a fellow at NTT in Japan, showed even he was unsure of the nature of the quantum effects used to do calculations in the D-Wave machine employed by Google in its research in conjunction with NASA Ames.”
19) Brain-controlled prosthesis nearly as good as one-finger typing
This is a bit of an update on direct brain control. Apparently the technology has advanced to the point where speed and precision are sufficient to almost match “single finger typing” as the title suggests. While this, in itself, is quite an accomplishment, one can imagine than within a few years it will exceed two finger typing, and within a decade exceed touch typing. Although I doubt we’ll be replacing our keyboards with brain interfaces in 2025, the technology could provide a substantial improvement to the quality of life of severely disabled people.
“Brain-controlled prostheses currently work with access to a sample of only a few hundred neurons, but need to estimate motor commands that involve millions of neurons. So tiny errors in the sample – neurons that fire too fast or too slow – reduce the precision and speed of thought-controlled keypads. Now an interdisciplinary team led by Stanford electrical engineer Krishna Shenoy has developed a technique to make brain-controlled prostheses more precise. In essence the prostheses analyze the neuron sample and make dozens of corrective adjustments to the estimate of the brain’s electrical pattern – all in the blink of an eye. Shenoy’s team tested a brain-controlled cursor meant to operate a virtual keyboard. The system is intended for people with paralysis and amyotrophic lateral sclerosis (ALS), also called Lou Gehrig’s disease. ALS degrades one’s ability to move. The thought-controlled keypad would allow a person with paralysis or ALS to run an electronic wheelchair and use a computer or tablet. “Brain-controlled prostheses will lead to a substantial improvement in quality of life,” Shenoy said. “The speed and accuracy demonstrated in this prosthesis results from years of basic neuroscience research and from combining these scientific discoveries with the principled design of mathematical control algorithms.””
20) Pair of Bugs Open Honeywell Home Controllers Up to Easy Hacks
This is a minor example of some of the issues associated with Internet of Things (IoT). Security is hard enough that companies like Google and Microsoft have problems with it so you can’t expect a consumer products company, no matter how well intentioned, to do any better. Not only that, but many such products are, in fact, developed by consultants and ODMs (Original Design Manufacturers). It might be a minor point that somebody can fiddle with your thermostat, but I would hazard a similar situation exists with IoT locks and control systems. So, before you rush out and buy a fancy gizmo you can control over an app, always remember it was probably made by somebody who had no interest in, let alone knowledge of, security.
“What this means is that when the system asks a user for a username and password, she can simply ignore the request and access the restricted resources. Rupp, a German researcher who has disclosed vulnerabilities in other devices recently, including wind turbines, said via email that exploiting the vulnerability is exceedingly simple. “It is really [easy] (in my opinion), the attacker with a low skill would be able to exploit this vulnerability remotely,” Rupp said. He added that a quick search of Shodan revealed a few hundred vulnerable Tuxedo Touch devices, but he estimates there are probably many more. “Shodan detects about 500 devices, of which about 450 are located in America. I think it is possible to detect about 1000 devices with a more thorough search,” he said.”