Tech Friday


  • The promise and peril of biometrics:
    • "Biometrics is the technical term for body measurements and calculations. It refers to metrics related to human characteristics"- Wikipedia
    • The most common biometric data include fingerprint, voice, retinas or irises, DNA sequences, and facial feature
    • Biometric identification and authentication are increasing for a variety of purposes including credentials to login in to digital systems
    • Biometric technologies are increasingly accurate, Apple's iPhone X projects 30,000 infrared dots onto a user’s face to authenticate a user
    • Compared to common authentication methods, biometric technologies offer many advantages.
    • But there are some downsides to this technology and privacy and security experts are raising concerns
    • Unlike passwords biometric data can't be changed
    • There is concerns regarding how sensitive information is captured, stored, processed, transmitted, and accessed
    • There are several instances of biometric data being breached
    • Joseph Atick, a scientist who helped build the technology, has called for special safeguards, and more societal sensitivity to privacy considerations
    • Atick said that there are legitimate uses for biometric technology, but there must also be checks and balances
    • Microsoft President Brad Smith recently said "For the first time, the world is on the threshold of technology that would give a government the ability to follow anyone anywhere, and everyone everywhere. It could know exactly where you are going, where you have been and where you were yesterday as well. And this has profound potential ramifications for even just the fundamental civil liberties on which democratic societies rely. Before we wake up and find that the year 2024 looks like the book “1984,” let’s figure out what kind of world we want to create, and what are the safeguards and what are the limitations of both companies and governments for the use of this technology."
    • Since this technology is still in it's infancy, I'd recommend caution using it
  • Millions of text messages exposed in an open database:
    • A database containing millions of SMS (text) messages has been discovered online
    • Security researchers Noam Rotem and Ran Locar found the exposed database during internet scanning
    • TrueDialog owns the database and is a service used to send mass text messages
    • They are one of several providers that left text messages unsecured and available for anyone to read and/or use
    • TrueDialog claims one of the advantages it offers is that recipients can respond providing a "true dialogue"
    • The database contained years of text messages that number in the tens of millions
    • Content in the database included university finance applications, discount codes and job alerts, among other things as well as other information like phone numbers
    • Also included were sensitive content like multi-factor authentication (MFA) codes and other security related information which could have allowed hackers to access accounts
    • In a recent story, TechCrunch said "Many of the messages we reviewed contained codes to access online medical services to obtain, and password reset and login codes for sites including Facebook and Google accounts"
    • After being told of the issue, TrueDialog took the database offline
    • TechCrunch reported that TrueDialog’s CEO John Wright would not acknowledge the breach nor return requests for comment
    • This is another illustration of why text messages are not a secure communication mechanism especially for multi-factor authentication
    • You should use an MFA app like Authy for MFA
  • The MSP tried Boston Dynamics’ robot dog "Spot":
    • Boston Dynamic's dog-like "Spot" robot has found a new use supporting police
    • Spot is a “general purpose” robot with an open API as well as a360-degree, low-light camera, and an arm
    • While the use of robotic technology is not new for police, Spot is much more advanced than most previous robots and is customizable
    • The Massachusetts State Police (MSP) are the first agency to use the robot
    • The MSP bomb squad borrowed spot from Boston Dynamics for a three month trial this year. MSP said Spot was used in two incidents and for testing
    • Privacy and civil liberties experts have raised concerns about the use of robots
    • Documents obtained by the ACLU don't detail the robot's exact use. A MSP spokesman said Spot was used as a "mobile remote observation device" to provide officers with images of suspicious devices or potentially hazardous locations
    • "Robot technology is a valuable tool for law enforcement because of its ability to provide situational awareness of potentially dangerous environments" - MSP spokesman David Procopio
    • Michael Perry, Boston Dynamics vice president, said the company wants Spot to have lots of different uses and can can see police using Spot for situations too dangerous for humans
    • "Right now, our primary interest is sending the robot into situations where you want to collect information in an environment where it's too dangerous to send a person, but not actually physically interacting with the space" - Perry
    • Boston Dynamics doesn’t want Spot weaponized. Perry said the lease agreements prohibit the robots from being using in ways that could "physically harm or intimidate people"
    • "So upfront, we're very clear with our customers that we don't want the robot being used in a way that can physically harm somebody" - Perry
    • The MSP said that they did not weaponize any of its robots, including Spot
    • Thor Eells, executive director of the National Tactical Officers Association, said additional information about how these robots are implemented is needed and that he understands concerns about how robots could infringe on people’s privacy or civil liberties
    • Eells did point out that police would need a warrant to send a robot into someone's home
    • Learn more about Spot here:https://www.bostondynamics.com/spot