Spy on your smart home with this open source research tool

Spy on your smart home with this open source research tool

6:41am, 13th April, 2019
Researchers at have built a web app that lets you (and them) spy on your smart home devices to see what they’re up to. The open source tool, called IoT Inspector, is available for download . (Currently it’s Mac OS only, with a wait list for Windows or Linux.) In a about the effort the researchers write that their aim is to offer a simple tool for consumers to analyze the network traffic of their Internet connected gizmos. The basic idea is to help people see whether devices such as smart speakers or wi-fi enabled robot vacuum cleaners are sharing their data with third parties. (Or indeed how much snitching their gadgets are doing.) Testing the IoT Inspector tool in their lab the researchers say they found a Chromecast device constantly contacting Google’s servers even when not in active use. A Geeni smart bulb was also found to be constantly communicating with the cloud — sending/receiving traffic via a URL (tuyaus.com) that’s operated by a China-based company with a platform which controls IoT devices. There are other ways to track devices like this — such as setting up a wireless hotspot to sniff IoT traffic using a packet analyzer like WireShark. But the level of technical expertise required makes them difficult for plenty of consumers. Whereas the researchers say their web app doesn’t require any special hardware or complicated set-up so it sounds easier than trying to go packet sniffing your devices yourself. (, which got an early look at the tool, describes it as “incredibly easy to install and use”.) One wrinkle: The web app doesn’t work with Safari; requiring either Firefox or Google Chrome (or a Chromium-based browser) to work. The main caveat is that the team at Princeton do want to use the gathered data to feed IoT research — so users of the tool will be contributing to efforts to study smart home devices. The title of their research project is Identifying Privacy, Security, and Performance Risks of Consumer IoT Devices. The listed principle investigators are professor Nick Feamster and PhD student Danny Yuxing Huang at the university’s Computer Science department. The Princeton team says it intends to study privacy and security risks and network performance risks of IoT devices. But they also note they may share the full dataset with other non-Princeton researchers after a standard research ethics approval process. So users of IoT Inspector will be participating in at least one research project. (Though the tool also lets you delete any collected data — per device or per account.) “With IoT Inspector, we are the first in the research community to produce an open-source, anonymized dataset of actual IoT network traffic, where the identity of each device is labelled,” the researchers write. “We hope to invite any academic researchers to collaborate with us — e.g., to analyze the data or to improve the data collection — and advance our knowledge on IoT security, privacy, and other related fields (e.g., network performance).” They have produced an extensive which anyone thinking about running the tool should definitely read before getting involved with a piece of software that’s explicitly designed to spy on your network traffic. (tl;dr, they’re using ARP-spoofing to intercept traffic data — a technique they warn may slow your network, in addition to the risk of their software being buggy.) The dataset that’s being harvesting by the traffic analyzer tool is anonymized and the researchers specify they’re not gathering any public-facing IP addresses or locations. But there are still some privacy risks — such as if you have smart home devices you’ve named using your real name. So, again, do read the FAQ carefully if you want to participate. For each IoT device on a network the tool collects multiple data-points and sends them back to servers at Princeton University — including DNS requests and responses; destination IP addresses and ports; hashed MAC addresses; aggregated traffic statistics; TLS client handshakes; and device manufacturers. The tool has been designed not to track computers, tablets and smartphones by default, given the study focus on smart home gizmos. Users can also manually exclude individual smart devices from being tracked if they’re able to power them down during set up or by specifying their MAC address. Up to 50 smart devices can be tracked on the network where IoT Inspector is running. Anyone with more than 50 devices is asked to contact the researchers to ask for an increase to that limit. The project team has produced a video showing how to install the app on Mac:
Pebblebee, makers of Finder smart tracking device, find a big investor as part of effort to raise $10M

Pebblebee, makers of Finder smart tracking device, find a big investor as part of effort to raise $10M

12:54pm, 2nd April, 2019
The PebbleBee BlackCard is a new credit-card-thin tracking device that can help locate a lost wallet or anything else. (Pebblebee Photo) , the Bellevue, Wash.-based startup that makes a smart tracker to help people find missing keys and more, has found an investor. The company, founded by engineers Daniel Daoura and Nick Pearson-Franks, has landed a “substantial investment” from , a division of the massive Japanese wireless carrier KDDI Corp. The amount, which was not disclosed on Tuesday, contributes to what Daoura called an “ongoing $10 million funding round.” Soracom is a global provider of smart IoT connectivity, offering cloud-native wireless service designed specifically for the needs of connected devices. The company previously invested $5 million in Seattle-based balena.io (). Pebblebee has been making moves toward growing its brand and reach since last fall when it landed the Finder tracking device across the U.S. Daoura told GeekWire that the product sold really well and “proved the market” and they have expanded to Canada and other countries. He said they started entertaining the idea of looking into acquiring capital because growing the consumer brand requires hefty investment. “We got quite a bit of interest from the Bay Area as well as international VCs. Not so much local just because the nature of us being hardware and not software focused,” said Daoura, the startup’s CEO. Where’s the kid?! Pebblebee’s new BlackCard shown being tucked into a child’s jacket. (Pebblebee Photo) In the meantime, as Pebblebee aims to attract even more investors, the company isn’t slowing on development, and is releasing a new product this week called BlackCard. “It’s essentially a wallet tracker; it’s very thin — as thin as two credit cards — and it’s rechargeable,” Daoura said. The BlackCard has a range up to 500 feet — “definitely more than any other tracker out there today” — and will hold a single charge up to five months, and it emits a very loud buzzing sound. The price will be $29.99. BlackCard will launch along with a new and improved Pebblebee website on Wednesday. With eight employees, Daoura credits Pebblebee’s small team for bringing a Kickstarter vision to reality. “Their level of commitment and perseverance has been integral to our success,” he said. Soracom Americas CEO Eugene Kawamoto said in a news release that his company is passionate about identifying and supporting companies like Pebblebee. “Pebblebee’s hardware expertise and impressive patent library are already advancing the state of the art in the crucial asset tracking category,” said Kawamoto, who will take a seat on the Pebblebee board of directors. “By providing both smart connectivity and strategic investments, Soracom helps to accelerate IoT development and create a more connected world.”
Huawei announces smart glasses in partnership with Gentle Monster

Huawei announces smart glasses in partnership with Gentle Monster

10:05am, 26th March, 2019
Huawei is launching connected glasses in partnership with , a Korean sunglasses and optical glasses brand. There won’t be a single model, but a collection of glasses with integrated electronics. Huawei is positioning the glasses as a sort of earbuds replacement, a device that lets you talk on the phone without putting anything in your ears. There’s no button on the device, but you can tap the temple of the glasses to answer a call for instance. The antenna, charging module, dual microphone, chipset, speaker and battery are all integrated in the eyeglass temple. There are two microphones with beam-forming technology to understand what you’re saying even if the device is sitting on your nose. There are stereo speakers positioned right above your ears. The company wants you to hear sound without disturbing your neighbors. Interestingly, there’s no camera on the device. Huawei wants to avoid any privacy debate by skipping the camera altogether. Given that people have no issue with voice assistants and being surrounded by microphones, maybe people won’t be too suspicious. The glasses come in a leather case with USB-C port at the bottom. It features wireless charging as well. Huawei teased the glasses at in Paris, but the glasses won’t be available before July 2019.
Over a quarter of US adults now own a smart speaker, typically an Amazon Echo

Over a quarter of US adults now own a smart speaker, typically an Amazon Echo

3:40pm, 8th March, 2019
U.S. smart speaker owners grew 40 percent over 2018 to now reach 66.4 million — or 26.2 percent of the U.S. adult population — according to released this week, which detailed adoption patterns and device market share. The report also reconfirmed Amazon Echo’s lead, noting the Alexa-powered smart speaker grew to a 61 percent market share by the end of last year — well above Google Home’s 24 percent share. These findings fall roughly in line with other analysts’ reports on smart speaker market share in the U.S. However, because of varying methodology, they don’t all come back with the exact same numbers. For example, in December 2018, the Echo had accounted for nearly 67 percent of all U.S. smart speaker sales in 2018. Meanwhile, , with a 70 percent share of the installed base in the U.S. Though the percentages differ, the overall trend is that Amazon Echo remains the smart speaker to beat. While on the face of things this appears to be great news for Amazon, did note that Google Home has been closing the gap with Echo in recent months. Amazon Echo’s share dropped nearly 11 percent over 2018, while Google Home made up for just over half that decline with a 5.5 percent gain, and “other” devices making up the rest. This latter category, which includes devices like Apple’s HomePod and Sonos One, grew last year to now account for 15 percent of the market. That said, the has Alexa built-in, so it may not be as bad for Amazon as the numbers alone seem to indicate. After all, Amazon is selling its Echo devices at cost or even a loss to snag more market share. The real value over time will be in controlling the ecosystem. The growth in smart speakers is part of a larger trend toward voice computing and smart voice assistants — like Siri, Bixby and Google Assistant — which are often accessed on smartphones. A related report from Juniper Research last month estimated there will be , up from the 2.5 billion in use at the end of 2018. This is due to the increased use of smartphone assistants as well as the smart speaker trend, the firm said. Voicebot’s report also saw how being able to access voice assistance on multiple platforms was helping to boost usage numbers. It found that smart speaker owners used their smartphone’s voice assistant more than those who didn’t have a smart speaker in their home. It seems consumers get used to being able to access their voice assistants across platforms — now that Siri has made the jump to speakers and Alexa to phones, for instance. The full report is available on Voicebot.ai’s website .
Seattle biotech startup Good Therapeutics raises $11M to make smart cancer therapies

Seattle biotech startup Good Therapeutics raises $11M to make smart cancer therapies

3:19pm, 19th February, 2019
, a new Seattle biotech startup that aims to develop protein drugs that act only when needed, raised $11 million in an equity round seeking twice that amount, . The secretive startup is trying to “make safer, more effective drugs that act only when and where they are needed, limiting systemic toxicity without reducing therapeutic efficacy,” according to its website. Good said it is developing an algorithm that will design proteins for cancer therapies. Good Therapeutics CEO John Mulligan. (Good Therapeutics Photo) Founder and CEO confirmed the $11 million round but declined to comment on what it means for the company when contacted by GeekWire. Mulligan, who earned his doctorate in biology from Stanford University, previously worked as a consultant for Microsoft on , according to his LinkedIn. He also founded Glycostasis, a company that designed a protein to regulate insulin levels, and co-founded Cambrian Genomics, which created a way to laser print DNA. Good’s offices are in Seattle’s Fremont neighborhood, according to the filing. The company listed the following directors: , managing director of life science venture capital firm RiverVest Venture Partners. , an investment director at Roche Venture Fund, the investment arm of pharmaceutical giant Roche. , an investment director at Roche Venture Fund. , managing director of Portland-based VC firm 3×5 Partners.
Industrial augmented reality smart headwear maker RealWear raises another $5M

Industrial augmented reality smart headwear maker RealWear raises another $5M

1:16pm, 19th February, 2019
(RealWear Photo) Vancouver, Wash.-based startup has raised another $5 million in a round led by Columbia Ventures Corporation to expand its global sales arm and invest in development of its industrial augmented reality headwear. Wearing his signature product, the HMT-1, Andy Lowery is co-founder and CEO of RealWear. (Andy Lowery Photo) Founded in 2016, RealWear sells a voice-controlled augmented reality device worn by industrial workers that provides remote video calling, document navigation, guided workflow, mobile forms and data visualization. It has two versions of the device priced at $2,000 and $5,000. The company has shipped more than 10,000 units to 800 customers globally in the past 18 months. It recently with China’s State Grid, the largest utility in the world. Other customers include Colgate-Palmolive, Volkswagen, Toyota, and others. “We essentially are the tip of the spear of a connected worker program for industry,” RealWear CEO Andy Lowery told GeekWire . “We are able to free a worker’s hands for the work by providing a wearable Android computer that is fully voice-controlled, even in extremely noisy environments. They can pull up documents, connect to other experts, and facilitate learning and problem solving in situ, meaning right there and then.” RealMax also invested in the new round, as did other strategic backers, advisors, employees, friends and family. Total funding to date in the 91-person company is $30 million. RealWear is ranked No. 98 on the , our index of Pacific Northwest startups. reported this week that funding in U.S.-based construction technology startups rose to nearly $3.1 billion last year, up from $731 million in 2017. Related:
Audio startup that uses ‘bending wave technology’ raises $6M, looks to ride smart speaker wave

Audio startup that uses ‘bending wave technology’ raises $6M, looks to ride smart speaker wave

6:22pm, 12th February, 2019
Tectonic Audio Labs CEO Craig Hubbell. (Tectonic Audio Labs Photo) Seattle-area startup has raised $6 million to further develop its audio technology used in smart speakers, TVs, cars, and other products. WestRiver Group and Delafield Hambrecht led the Series B round. Founded in 2011, Tectonic uses to provide more immersive sound across varying environments. The company’s product uses composite panel tech instead of pistonic vibrations from a traditional cone diaphragm design. Its customers across North America work in a wide spectrum of industries — Tectonic is used inside the ballroom at Treasure Island in Las Vegas; at the lobby and bar at the W Bellevue; and inside . Tectonic aims to ride the growth of the smart speaker market, which is to reach nearly $40 billion worldwide by 2025. CIRP last week an installed smart speaker base of 66 million units in the U.S., up from 36 million a year ago. “We believe the market will continue to shift toward audio products that provide higher voice intelligibility and full range, natural sound,” said , Tectonic’s CEO who joined in November after a 16-year career at PlayNetwork. “We expect that our products will be used in a broad range of consumer products across several industries that want to make voice interaction and audio playback more enjoyable for consumers.” Tectonic employs 25 people.
DARPA wants smart bandages for wounded warriors

DARPA wants smart bandages for wounded warriors

4:05pm, 12th February, 2019
Nowhere is prompt and effective medical treatment more important than on the battlefield, where injuries are severe and conditions dangerous. thinks that outcomes can be improved by the use of intelligent bandages and other systems that predict and automatically react to the patient’s needs. Ordinary cuts and scrapes just need a bit of shelter and time and your amazing immune system takes care of things. But soldiers not only receive far graver wounds, but under complex conditions that are not just a barrier to healing but unpredictably so. DARPA’s Bioelectronics for Tissue Regeneration program, or BETR, will help fund new treatments and devices that “closely track the progress of the wound and then stimulate healing processes in real time to optimize tissue repair and regeneration.” “Wounds are living environments and the conditions change quickly as cells and tissues communicate and attempt to repair,” said Paul Sheehan, BETR program manager, . “An ideal treatment would sense, process, and respond to these changes in the wound state and intervene to correct and speed recovery. For example, we anticipate interventions that modulate immune response, recruit necessary cell types to the wound, or direct how stem cells differentiate to expedite healing.” It’s not hard to imagine what these interventions might comprise. Smart watches are capable of monitoring several vital signs already, and in fact have alerted users to such things as heart-rate irregularities. A smart bandage would use any signal it can collect — “optical, biochemical, bioelectronic, or mechanical” — to monitor the patient and either recommend or automatically adjust treatment. A simple example might be a wound that the bandage detects from certain chemical signals is becoming infected with a given kind of bacteria. It can then administer the correct antibiotic in the correct dose and stop when necessary rather than wait for a prescription. Or if the bandage detects shearing force and then an increase in heart rate, it’s likely the patient has been moved and is in pain — out come the painkillers. Of course, all this information would be relayed to the caregiver. This system may require some degree of artificial intelligence, although of course it would have to be pretty limited. But biological signals can be noisy and machine learning is a powerful tool for sorting through that kind of data. BETR is a four-year program, during which DARPA hopes that it can spur innovation in the space and create a “closed-loop, adaptive system” that improves outcomes significantly. There’s a further ask to have a system that addresses osseointegration surgery for prosthetics fitting — a sad necessity for many serious injuries incurred during combat. One hopes that the technology will trickle down, of course, but let’s not get ahead of ourselves. It’s all largely theoretical for now, though it seems more than possible that the pieces could come together well ahead of the deadline.
Google makes it easier for cheap phones and smart devices to encrypt your data

Google makes it easier for cheap phones and smart devices to encrypt your data

9:20pm, 7th February, 2019
Encryption is an important part of the whole securing-your-data package, but it’s easy to underestimate the amount of complexity it adds to any service or device. One part of that is the amount of processing encryption takes — an amount that could be impractical on small or low-end devices. wants to change that with a highly efficient new method called Adiantum. Here’s the problem. While encryption is in a way just transforming one block of data reversibly into another, that process is actually pretty complicated. Math needs to be done, data read and written and reread and rewritten and confirmed and hashed. For a text message that’s not so hard. But if you have to do the same thing as you store or retrieve megabyte after megabyte of data, for instance with images or video, that extra computation adds up quick. Lots of modern smartphones and other gadgets are equipped with a special chip that performs some of the most common encryption algorithms and processes (namely AES), just like we have GPUs to handle graphics calculations in games and such. But what about older phones, or cheaper ones, or tiny smart home gadgets that don’t have room for that kind of thing on their boards? Just like they can’t run the latest games, they might not be able to efficiently run the latest cryptographic processes. They can still encrypt things, of course, but it might take too long for certain apps to work, or drain the battery. Google, clearly interested in keeping cheap phones competitive, is tackling this problem by creating a special encryption method just for low-power phones. They call it Adiantum, and it will be optionally part of Android distributions going forward. , but the gist is this. Instead of using AES it relies on a cipher called ChaCha. This cipher method is highly optimized for basic binary operations, which any processor can execute quickly, though of course it will be outstripped by specialized hardware and drivers. It’s well documented and already in use lots of places — this isn’t some no-name bargain bin code. As they show, it performs way better on earlier chipsets like the Cortex A7. The Adiantum process doesn’t increase or decrease the size of the payload (for instance by padding it or by appending some header or footer data), meaning the same number of bytes come in as go out. That’s nice when you’re a file system and don’t want to have to set aside too many special blocks for encryption metadata and the like. Naturally new encryption techniques are viewed with some skepticism by security professionals, for whom the greatest pleasure in life is to prove one is compromised or unreliable. Adiantum’s engineers say they have “high confidence in its security,” with the assumption (currently reasonable) that its component “primitives” ChaCha and AES are themselves secure. We’ll soon see! In the meantime don’t expect any instant gains, but future low-power devices may offer better security without having to use more expensive components — you won’t have to do a thing, either. Oh, and in case you were wondering: Adiantum is named after the genus of the maidenhair fern, which in the Victorian language of flowers (floriography) represents sincerity and discretion.