Tag Archives: CCTV

Why More Attacks Via IoT Are Inevitable

The massive distributed denial of service (DDoS) attack that cut consumers off from their favorite web haunts recently was the loudest warning yet that cyber criminals can be expected to take full advantage of gaping security flaws attendant to the Internet of Things (IoT).

For much of the day, on Friday, Oct. 21, it was not possible for most internet users to consistently access Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit and PayPal.

Using malware, dubbed Mirai, an attacker had assembled a sprawling network of thousands of hacked CCTV video cameras and digital video recorders, then directed this IoT botnet to swamp the marquee web properties with waves of nuisance pings, thus blocking out legitimate visitors.

See also: Insurance and the Internet of Things  

Mirai is designed to take over lightweight BusyBox software widely used to control IoT devices. The source code for Mirai can be found online and is free for anyone to use. ThirdCertainty asked Justin Harvey, security consultant at Gigamon, and John Wu, CEO of security startup Gryphon, to flesh out the wider context and discuss the implications. The text has been edited for clarity and length:

ThirdCertainty: Why do you think these attackers went after BusyBox systems?

Wu: Because Busybox is lightweight; it’s used on most IoT devices that have limited memory and processing. Busybox is a utility with lots of useful commands.

Harvey: BusyBox is very standardized. It is highly used in the field, and it also runs Linux, so the internals are very straightforward and easy to duplicate in testing systems.

3C: How did the attacker locate so many vulnerable devices?

Wu: Standard IP scanning would identify the devices, and then the attacker could use the admin interface to install the malware. These devices had weak default passwords that allowed hackers to install Mirai.

Harvey: Cross mapping manufacturers with types of devices. Then using the website Shodan to get a list of open devices. Once they had the list of devices, they could create a massively parallel script to step through each and determine whether they used the version of the OS they wanted.

3C: How many devices did they need to control to carry out three waves of attacks over the course of 12 hours?

Harvey: 300,000 to 500,000.

 Wu: Probably a few hundred thousand devices. Because it’s distributed, there is no way to simply block all the IP addresses.

3C: Are there a lot of vulnerable devices still out there, ripe for attack?

Harvey: Yes! Shodan specializes in noting which devices are out there and which are open to the world. The devices used in this attack were but a small fraction of open or insecure IoT devices.

Wu: We don’t know exactly how many devices are still out there as sleeper bots. Mirai also is actively recruiting new bots. From what I understand, these IoT devices had open channels, and the users had practiced poor password protection for root access to install additional components.

3C: What do you expect attackers to focus on next?

Wu: I would expect the attacks to get larger and more sophisticated. Mirai also is working in the background to recruit more devices. The next attack may not be as public because they’ve already shown what the botnet network is capable of.

3C: What should individual consumers be most concerned about at this point?

Harvey: Consumers need better education on changing the default access and security controls of their IoT devices. Manufacturers need to take security seriously. Period. Congress needs to step in, conduct some hearings on IoT issues and perhaps regulate these devices.

 Wu: Consumers need to be concerned if their device is one of the devices already compromised or at risk of being compromised. They should contact the manufacturer to ask if a security patch is available. A simple solution would be to take the device offline, if it’s something you can live without.

3C: What is the most important thing company decision-makers need to understand?

Wu: If you are dependent on the internet for your revenue and business, you should be planning alternative communication channels. If DNS is critical to your business, you should look at backups to just one service provider. Let people know that, if email is down, you can still get business done over the phone.

Harvey: Businesses need to understand the implications to running IoT devices within their companies and question the business need for using IoT devices versus the convenience.

See also: How the ‘Internet of Things’ Affects Strategic Planning  

This article originally appeared on ThirdCertainty.

Why Video Will Pervade Insurance

Video footage from dashcams or from cell phones that use driver assistance apps are becoming standard today. Some insurance companies are accepting dashcam footage as part of the claims process or are offering incentives (such as reduced premiums) to those who agree to install a black box or share their video feed.  According to the British Insurers Brokers’ Association (BIBA), there is already a fivefold increase in the involvement of vehicle black box technology during in-vehicle insurance policies.

If we judge by the increase in software companies offering video-based products specifically for the insurance industry, it is safe to say video is proliferating in the customer service and property evaluation aspects of insurance, too.

We anticipate this trend to grow even more in the years to come. This growth will almost certainly culminate in video becoming a standard for the insurance industry. The introduction of video opens a door to some amazing and innovative technological advancements. Video is not only the best channel for conducting communication with millennials, it is also a rich source of critical benchmarking information for unlocking opportunities, innovative customer service and practical applications. We can use video to build efficient workflows and back claims processes with accurate and factual evidence to increase response time and improve performance.

See also: FinTech: Epicenter of Disruption (Part 1)  

Vehicle insurance is a great example of the impact video can have on the insurance industry. Just a superficial look shows there is an infinite amount of information regarding your vehicle that is out there — be it from your own dashcam or cell phone, other call phones, CCTV, traffic cameras or home security cameras. Video is everywhere, and that is not all. There are some really interesting technologies that can analyze driver video footage when combined with real-time data retrieved from the vehicle’s own board computer (such as available via standard OBD2 connectors). These tools can show the average speed the driver is going and profile driving habits, such as keeping a safe distance, observing the speed limit, the times of day the driver is more (or less) active — and more. All this information can be compiled to provide an accurate and personalized analysis of driving and behavior patterns.

By centrally collecting all your video-based information, you gain the ability to combine several technologies that augment video input and provide a better all-around picture. Let’s face it: With the volume of business the insurance industry has, the way you manage your video must be able to perform and grow at the same capacity — while also complying with privacy laws and managing complex content access control policies.

Once video is collected, we also gain the video’s metadata consisting of additional information such as date and time. With this information, we can start augmenting our understanding of the video. We can use GPS to cross reference the driver’s location. Include weather tracking software to assess the impact of external driving conditions and combine this information to calculate the effect these conditions have on the driver’s ability to drive safely. We can use social media to understand specific road conditions for specific times and places, such as using GEO tracing for Twitter to monitor real-time complaints from drivers in a specific location at any given time. With all this information integrated and overlaid on top of video (either recorded or in real-time from the field), insurers are able to significantly increase incident processing accuracy and, over time, construct personalized profiles that can result in reduced policy costs and more efficient claim processing.

For example, insurers can initiate a probation process for new drivers where a certified mobile app is installed on their phones to be mounted on top of the vehicle’s dashboard. The app will record the drivers’ behavior overlaid with car data (such as taken from OBD2 or calculated from the video) and, after a set period of time, calculate insurance plan premiums based on personalized driving habits and issue feedback to the drivers. It would be interesting to see this kind of methodology implemented as a standard for all drivers and use the conclusions collected from all video and other complementary information to create a number-based score for drivers that indicates their objective risk.

See also: Connected Vehicles Can Improve Claims  

Apart from establishing driver ranking, there is so much more out there that can be funneled to help evaluate drivers, driving techniques, road conditions, vehicle performance and incidents. We are already starting to see sprouts of innovation making use of video that can ultimately improve insurance and the driving safety all around, from startups like DrivingBuddy and Nexar that aim to improve driver safety with real-time video feed analysis of driver activity to government and police initiatives aiming to crowd source driving and parking violation reports.

The Next Frontier for Connected Cars

In 2006, UCLA Professor of Urban Planning Donald Shoup compiled the results of 16 surveys carried out between 1927 and 2001 on the time spent looking for a parking space. He reported that the average time spent looking for on-street parking was approximately eight minutes – a figure that has remained relatively unchanged since the 1930s.

This research also demonstrated that, on average, one vehicle in three in traffic is actually searching for somewhere to park. This figure has been confirmed more recently by a study from the San Francisco City Council, which concluded that an estimated one-third of weekday traffic was because of drivers looking for a parking space.

While solving the problem of road congestion via accurate traffic information has been looked at for decades – the RDS TMC protocol was invented in 1988 – and has already reached a good level of sophistication and accuracy, solving the parking problem via connected services is quite a recent topic and is still very much a work in progress.

As a matter of fact, most pure players in this field have been founded quite recently: as an example, JustPark in 2006; Parkopedia, ParkMe, Worldsensing and Anagog in 2009; and Parknav in 2011. The only companies to have emerged earlier are the parking payment companies, PayByPhone and Parkmobile, in 2000 and Pango in 2005.

On-Street and Off-Street

Parking essentially divides in two markets with two very different problems to solve: off-street and on-street. Connected services taking care of off-street parking are now quite advanced. In the three steps of information, booking and payment, the first is largely available (even if real-time data remains partial), but booking and advanced payment are still works in progress. Very few cars on the road today – or navigation apps – are able to find, book and pay seamlessly for a parking space in a garage.

The on-street parking problem is, by nature, more difficult to solve because detecting free parking bays in real time, at scale is complex and requires many sources of information. There are very different approaches to create this data.

Leveraging Traffic Probe Data for Parking

One is to make sense of the existing probe data currently used for real-time traffic. For example, Garmin is using this data to calculate the inflow and outflow of cars for each road segment in large cities and estimate availability (read here). The company has partnered with Parkopedia to include off-street parking information in their data model.

The GPS company launched this service in their mobile app during the third quarter in six German cities and is now adding cities in more countries: London, Amsterdam, Vienna and a few others coming in the U.S.

graph1

Inertial Data From Smartphones

Detecting parking and “unparking” events through inertial sensor data from drivers’ smartphones is another approach used by Anagog, which built a software development kit now embedded in several million apps (watch here). Through a signal processing algorithm, the company detects out of gyroscope, accelerometer and location data (GPS, etc.) parking events that are fed to a big data cloud that is now nearing 1 billion historical parking events.

Data From Car Sensors

Car makers such as Volkswagen (read here) or General Motors are also looking at producing data using car sensors.

In the case of Volkswagen, a pilot launched by the company uses the existing ultrasonic proximity sensors (used for parking) to assess the availability of free parking spaces on the side of the road when the car drives along a street. The data is uploaded in real-time and matched against map data to eliminate false positive (parking space for disabled people, etc.).

Parking Meters

Using data from on-street parking meters is another opportunity to get real-time, on-street parking information. Because a significant number of these meters are connected to the cloud, it is possible to build predictive data based on historical trends. Parkeon, a worldwide leader in parking meters, is among the companies enabling that opportunity and rendering this data through a mobile app, Path To Park (read more here), which is now available throughout France and in a number of cities in the U.S. and Germany.

Street-Based Sensor Infrastructures

Lastly, companies such as Worldsensing are placing sensors on each parking bay in the street, which obviously provides the most accurate data, but at a cost. Worldsensing, based in Barcelona, just closed a series B round of funding (for an undisclosed amount). Its largest deployment to date was in Moscow, where the company covered 13,000 spots. The next stage of the deployment will include more than 50,000 sensors.

Image processing is also a technology that could be used to sense free parking bays in streets. Data from fixed CCTV (used for security or traffic monitoring), smartphone apps, connected dash cams or even cars could be used for that purpose.

Obviously, the best information will come from the aggregation of these data streams (historical and real-time). Inrix, which announced in June that it will supply on-street parking data to BMW, combines data from cities, mobile payment companies, real-time parking data, connected car-sharing services and Inrix’s database of real-time vehicle GPS data (read here).

Parknav, a start-up based in the U.S. is also using a very diverse set of data (car-sharing, telecom, fleet, crowd-sourcing), including POI data (bars, schools, etc.) to infer probabilities about parking availability.

Accurate information about free on-street parking bays is a complex matter that will take many more years to solve, but the opportunities are huge for the whole car industry and beyond. The first opportunity is the time saved for drivers and the alleviation of stress and frustration. Once this first opportunity will be realized for drivers, its overall social impact will be big: less traffic, less pollution, less money spent on fuel.

Unused Parking Inventory

The last market opportunity in smart parking is to further eliminate barriers between the offer and the demand, between people circling in streets and empty parking bays, in enabling yield management of underused private parking inventory.

Residential buildings, companies, hotels, schools, hospital or churches have parking spaces that are empty or partially used during workdays, nights and weekends, vacations, etc. Companies like JustPark (UK) or Zenpark (France) are targeting this segment using connected technologies to unlock the value of this inventory and grow the total parking spots available.

On Jan. 28 in Brussels, the ConnecteDriver conference, in partnership with consulting firm Inov360, will gather the brightest minds and the most innovative companies to discuss the fascinating topic of smart parking:

– Hans-Hendrick Puvogel, COO at Parkopedia
– Anthony Eskinazi, head of product and co-founder, JustPark
– William Rosenfeld, CEO, ZenPark
– Bertrand Barthelemy, president of Parkeon
– Ruth Portas, sales manager, Worldsensing
– Ofer Tziperman, CEO, Anagog
– Martin Treiblmayr, product manager, Garmin
– Vincent Pilloy, co-founder and CEO, Inov360
– Parknow (speaker name to be confirmed)