A Backdoor into Your Network

MINOLTA DIGITAL CAMERAA friend of mine just got hacked. He operates a CPA firm and somebody broke into his server. They deleted a bunch of records and made a mess of things. He has no idea of who did this or why. Maybe it was somebody who is mad at him or somebody who was hoping to destroy their own records to avoid an IRS audit. Or perhaps it was somebody hoping to grab matching social security numbers and addresses.

But he knows how they did it. He has an old telephone key system at his office, and that key system has a phone connected into his old data server. This always provided him a path to call into the server remotely to get access to files. But he hasn’t used that connection for years and forgot all about it. And of course, his password on the old server connection was something very easy to crack.

And this prompts me to warn all of my clients to think about what sort of old equipment and networks you are operating. It’s very likely that some of you still have connections into servers in your central office or headend that can be accessed by telephone. And certainly you have customers who have this situation.

It’s mandatory these days to build firewalls and other protections around our servers. These sorts of protections will keep out most hackers from your network. But I know that many of you still have backdoors that bypass such protection. These are backdoors that you use from time to time, or maybe, like my friend, they are something you have completely forgotten about.

And while we are talking about old connections, telephone back doors are not the only thing to worry about. In the telecom industry we installed a lot of gear over the years that was connected via serial ports. You probably remember those ‘ancient’ 9-pin plugs that was used to provide access to routers and various pieces of telecom gear, mostly on customer CPE. Just as there are still plenty of older phone connections into routers, there are still plenty of these serial port connections still running.

A security professional at Rapid7 ran a scan last year on the Internet and within a few days had found over 100,000 devices that were still connected to a network using serial ports. And these networks are connected to the world. The devices he found were on all sort of devices like traffic lights, fuel pumps, telecom gear, heating and cooling systems – the kind of systems that a hacker could wreak serious havoc with. And he thinks the 100,000 devices he found are just the tip of the iceberg.

Hacking serial ports is really easy to do. Just like my friend’s phone line connection, it is likely that devices connected by serial ports are not protected behind firewalls and are open to easy access.

So it is time to take a look around your network, including at your customers’ sites and take a critical look at how things are connected. It might be time to finally get rid of back door phone lines, serial ports or any other older technology that is not secure enough. We all have the philosophy in this industry that if it ain’t broke don’t fix it. But as my friend found out, that is really not good enough reason to not take a look at your network from time to time. It was very lucky for my friend that he had a backup of his data and didn’t lose a lot of tax records. But he did expose his client’s information to somebody unknown and so there is no telling what that might mean.

The IoT of Home Medical Care

Medical_Software_Logo,_by_Harry_GouvasIf you read my blog much you will know that I talk a lot about the Internet of Things, and that I often mention how the IoT is going to transform medicine. The reason for this is personal, not just to me, but to the whole generation of baby boomers. We are now 60ish and, while that is not yet old, we all can look into the future in a decade or two and see ourselves as old.

I think the biggest fear that a lot of us have is losing control of our lives and ending up in an institution. Many institutions are dehumanizing and even the best run ones are a far cry from staying in your own home. And so, to me, the part if the IoT that probably interests me the most is the technologies that are going to let people stay in their homes as long as possible. I don’t know about you, but if I had one wish to make with a genie it would be to live to a ripe old age with good health and then die in my own bed.

While the IoT is a relatively new thing, there has already been a lot of thought and research put into using technology to take care of the elderly. Let’s take a look at where some of this early research is headed.

Smart Motion Detectors. One brilliant idea is to install smart motion detectors around the home. Motion detectors can tell a lot about a person without being as intrusive as surveillance cameras. Motion detectors coupled with good software can learn an elderly person’s habits and can then send out an alert or an alarm if something seems amiss. This system ought to be able to tell if somebody has fallen or if they are unconscious and not moving and alert a caregiver if they won’t respond. At first this might create some false alarms when somebody is napping hard, but over time the system will get to know the patient and will know the difference between napping and a real trouble.

This does raise the issue of privacy. Most of the technologies on the horizon are going to compromise some privacy. It’s going to be up to each person to determine how much privacy they will trade for getting to stay in their own home, and I think for most people they will choose the monitoring over the alternative.

Health Monitors. I wrote recently about the Qualcomm Foundations$10 million XPrize to create a tricorder like the one in Star Trek. There are going to be small unobtrusive devices that can keep tabs on temperature, blood pressure, blood sugar and a number of other statistics that can let the patient be monitored for general health. This kind of monitoring is going to alert the health system that there is a problem before the patient even realizes it. This is taking preventative care to the next level.

Smart House. There are a lot of devises that can be incorporated into the smart house that can help the elderly. Probably the most useful will be the ability to talk to your house and tell it what you need. This means that everything from a call to 911 to making a room warmer are just a voice command away. But there are many other things a smart house can do. It can do things like remind a person when it’s time to take medication. It can remind the elderly to turn off the stove or to lock doors.

Robots. And finally, let’s not forget robots. There should be robots in a few years that can do a lot of the mundane tasks around the house like cleaning, taking out the trash, watering the plants, etc. that can be a real benefit to the elderly person living alone. And if it can play a mean hand of gin rummy, all the better!

Personal Privacy on the Internet

Monitor_padlockBecause of the NSA spying revelations and the constant news that the big web companies are building a profile of everybody in the country, privacy is a hot topic. It should be fairly obvious to anybody who uses the Internet that whatever you do on-line can be seen by somebody else. But this doesn’t mean that you don’t have some rights. So I started digging around to see just what rights we have as Internet users, and conversely what rights we don’t have. Here is what I found.

Your Personal Data is Really Not Yours. It’s a fairly common assumption that people own their own data. But if you give your personal data to a web site you no longer own that data. You gave it up voluntarily. Websites often make promises to not share that data with other companies, but it’s the extremely rare web company that doesn’t use your data for their own purposes.

I think this misunderstanding comes from the fact that every website has some sort of privacy disclosure and if you read through it quickly (as we all do, if we read these at all), you might get this notion. But all that these web sites promise you is that they will not violate any creative expression or content that you have provided to them. That is a protection provided by US privacy law and extends beyond the Internet. But since web sites rarely get any intellectual or artistic content from you that would be protected, they are free to use anything else you give them. Your name and the fact that you like potato chips is not protected content.

The reality is the opposite of what most people think and the same laws that protect any creative content you create also protect the contents of the databases created by the web companies. If anything, once you give them your information they have more rights to further use it than you do.

People Cannot Take Back Their Content. It’s another common misperception that you can ask a website to delete you and everything about you. But once you have voluntarily given out information about yourself, you have no right to recall it. Websites might allow you to take down a listing or page about you, but there is nothing that requires them to purge your information from their databases. In researching this I saw a very good summary of this point, which is to be very careful what you say on the web, because it is theoretically going to be out there forever.

You Don’t Have the Right to be Anonymous. Many people believe that they can maintain their privacy by creating a fictitious persona on the Internet. Obviously you can’t do this anywhere you shop or you would never get what you ordered. And it’s potentially unlawful to create a false persona on a social web site.

Sites like Facebook and Linked-In want to know who you really are and it is certainly a violation of their terms of service for you to be on these sites under a false persona. I saw an estimate recently by Facebook who thinks about 15% of their users are under false names. It’s certainly a benefit to Facebook to know who you are and so they are free to kick you off their site for supplying a false identity.

If you use a fictitious persona you are breaching the contract you sign with them when you sign up. While it can be argued that is breaking the law it is not likely that Facebook is ever going to go after somebody for this. However, you are violating several laws that are part of the U.S. Computer Fraud and Abuse Act and if you are ever found doing something else nefarious on your computer they could layer on these charges as well.

You Have No Basic Privacy Rights. People assume that they have some sort of privacy rights when dealing with sites like Facebook. But in fact, the privacy laws today are more for their protection than yours. Companies like Facebook are afforded broad free speech rights that lets them basically trample over your privacy. There are no constitutional or specific statutes that give the average consumer any rights on the Internet or on social media sites.

And thus, once you voluntarily log in and give up your information voluntarily these companies are within their rights to resell information about you to advertisers or to do pretty much anything else they want to do with it.

Faster Internet for Airplanes

British_Aerospace_BAC-111-537GF_One-Eleven,_Cyprus_Airways_AN0268935It’s somewhat ironic, but in the not too distant future most people are going to be able to get faster Internet access when flying on an airplane than they can get at home. The ITU Radiocommunications Sector (ITU-R), a division of the International Telecommunications Union has released a specification for fast Internet access that they call Earth Stations on Mobile Platforms. This new specification promises to bring Internet access to airplanes, ships, trains and other moving platforms which will be 10 to 20 times faster than what is available today.

This will be accomplished using satellites that transmit data paths at the very high spectrum range between 17.3 and 30.0 GHz. This band is so high that it will not interfere with anything terrestrial today, and is proposed for now to be limited to this mobile use. An airplane will connect to the satellite using this spectrum and then retransmit throughout the airplane using WiFi.

This spectrum uses extremely short radio waves and it is subject to many kinds of interference. This means it will make a better connection to an airplane that is flying in rarified air than it will to something on the surface of the earth. But even so the technology is expected to still be able to deliver somewhat decent bandwidth to ships and trains.

There is not enough capacity on a satellite to use the same frequency to deliver bandwidth to multiple customers on the earth surface, which is why it is being proposed for only moving targets. With this frequency the satellite needs to point multiple small antennas at one receiver in order to create a good link, making it impractical for a satellite to connect to too many different receivers simultaneously.

This use has already been approved by Ofcom, the British version of the FCC and there are expectations that the US and the rest of Europe will also approve this application.

There is a lot of demand for bandwidth from airlines, cruise ships and passenger trains. Passengers want to stay connected to the Internet while traveling, particularly on long transoceanic flights or on cruise ships. This service will be able to deliver speeds in the range of 100 Mbps download for the whole airplane, which is fast enough for a number of customers to watch streaming video simultaneously.

There are already some airlines that are handing tablets to their customers as an alternative to in-plane TV screens. American Airlines is now handing out tablets in first class on transcontinental or long international flights. These tablets can browse a library of content stored on board the plane. Hawaiian Airlines is doing it one better and is handing a tablet to all customers on flights to and from the mainland. But with access to this new technology the airlines wouldn’t have to limit people to only on-board programming and could also give them email and web access.

Cruise ships are particularly interested in the technology because they have found that there are many people today who won’t take a cruise if that means being cut off from Internet access. For many people, being connected is becoming an essential element of daily life.

I said at the start of the blog that this is somewhat ironic, because there are still many homes in the US that cannot adequately stream video and it just seems somewhat odd that the one place they will be able to experience that is in a jet traveling at 500 miles per hour.

Web 3.0

WWW_balloonWeb 3.0 is the name that has been given to the next generation web. While not everybody agrees with the designations, web 1.0 was the first generation web where everything was flat web sites. With Web 1.0 we browsed website to see what other people wanted us to tell us.

We are now in Web 2.0 where users can interactively create content. Instead of just looking at web sites users now interact and create content on social networks like Facebook, Twitter and LinkedIn. YouTube has so much user generated content that it is one of the biggest traffic generators on the web. And web sites are no longer static and users can post our opinions on a newspaper article or create funny reviews on an Amazon product.

Web 3.0 is expected to go a step further and personalize the web experience. It is expected users will have a personal assistant that will learn their preferences and help them navigate the web. Apple’s Siri is one of the first generation of this type of assistant, but they are expected to soon advance far past Siri.

The biggest improvement of Web 3.0 is that it will understand context, which is lacking in Siri and today’s search engines like Google. But in the future if you tell your assistant that you want to buy a mouse, it will know from the context if you mean the computer device or the little furry animal. The real advantage of the ability to understand context is that search engines will get smarter and will bring you facts. Today the web searches on key words and brings you every web site that contains one of your search words. But in Web 3.0 it is expected that you can ask a question like, “What year was Abraham Lincoln elected?” and get the answer instead of a bunch of web sites about Lincoln, Nebraska.

A personal assistant will also make life easier. For instance, you can tell your assistant that you want to meet a friend for a birthday lunch and also buy them a present. You assistant will talk to your friend’s assistant behind the scene and find a restaurant that is convenient for both of you and that you both will like. And it will suggest presents to you, and once you choose one will buy it for you, have it gift wrapped and delivered to the restaurant. And all of this happens behind the scene with an assistant that understands context.

There will be more to Web 3.0 than just the personal assistant. As more brains get built into the web the way we use it can be smarter as well. As an example, Google just patented something they call geolocation technology. This, and tools like it are going to bring some aspects of artificial intelligence to your personal assistant. For example, with geolocation, advertisers will be able to make offers to you (really to your assistant) that are dependent upon your location. They might offer you a special on a meal, a drink or a purchase that is a few stores in front of you as you walk down the street. But your assistant will learn to filter such requests and will only bring to your attention the ones that are going to be of interest to you.

The personalized web is going to transform the web experience. You will finally be able to use the web to find the facts you want instantly. You will be able to use the web as your social secretary, or as your to-do list or in any other manner of your choosing.

Funding Faster Internet in Schools

Indianola_High_SchoolThe FCC announced this week that they will be providing an additional $750 million in the E-Rate program to promote high speed broadband to schools. This was mentioned in President Obama’s State of the Union address. And this is a follow-up to the announcement last year that the administration wants all schools to have access to 100 Mbps by 2015 and access to a gigabit by the end of the decade.

I want clarify that this does not increase the size of the Schools and Library Fund that is part of the Universal Service Fund. That fund is still at $2.4 billion per year and will stay at that level of funding. So this announcement, while sounding like a big increase, is really a reallocation of the existing fund.

More of the fund will help to pay for fast internet connections, but that means other things will no longer be funded. Many who are getting reimbursed from this fund today for older technologies are going to see their payments decrease or cease. Today this fund pays for a lot of old technologies, and so funding for things like voice lines, dial-up connections for faxes, paging services, and email programs will be eliminated or severely curtailed. For every school who gets more funding there will be another that gets less and this is a zero sum game.

For those who don’t follow this program, let me give you a short primer in how it work. Schools receive funding based upon the percentage of their students who are eligible for the school lunch program. Schools with the highest percentages of school lunches will get some or all of their communications costs for the schools covered by the fund. The lower the percentage of school lunch students, the smaller the amount that the fund will pay, as a percentage of the bill. The funds are awarded from neediest downward until all of the funds for a year are allocated.

The funds pay for a variety of different costs, and one assumes that the menu of things that can be compensated from the plan is going to change with this announcement. But today the fund will not only cover some monthly recurring costs, such as for an Internet connection, but it will pay for one-time costs like wiring a school for Internet.

Every school who gets funding must have an ISP partner who provides the services. Let’s use an example of a school that gets a 60% reimbursement to show how this works. The ISP will sell services to the school at competitive rates. In most places the ISPs are picked using state purchasing laws requiring the low cost bidder to win the job. The school will pay the ISP its unfunded percentage of the bill, in this case 40%. The ISP must be registered with the USF fund to get paid, and they would bill the fund for the remaining 60%. This means that the ISP gets full payment, but that the school in this example saved 60% on their bill.

One has to imagine that the fund is now going to have some sort of incentive to reimburse schools for connections that are at least 100 Mbps download. Connections that are slower than that are going to have to somehow be given a lower rating for the fund to help foster the goal of faster Internet.

I worry a bit in that revising the rules to promote fast Internet might inadvertently disadvantage those schools with the slowest Internet. There are schools that happen to be located in a broadband desert who have no access to fiber, and those schools might lose compensation that helps them to pay for the fastest speed they can get.

Many ISPs already take part in this program. But if you are in a position to sell a high-speed connection to a school or library you should get registered with the USF fund. It’s fairly easy to do and CCG can help you with the paperwork. This program is run well and ISPs report no problems getting reimbursed. There is no reason for ISPs and school partners who qualify to not get help from this fund.

Why Not 3.65 GHz?

Transmitter_tower_in_SpainAny company about deploying point-to-multipoint wireless data services ought to be thinking about using the 3.65 GHz spectrum. Unless you happen to own other licensed spectrum, this is probably your best alternative to using the normal unlicensed spectrum. But in many places the normal unlicensed bands of 900MHz, 2.4GHz, and 5.8GHz are congested, and are getting more so every day. I’ve written earlier blogs talking about how all of the cable companies and telcos are now using unlicensed spectrum routers at almost every home. And the Internet of Things is going to pile a ton of new uses onto unlicensed spectrum everywhere.

The FCC authorized the 3.65GHz – 3.70GHz frequency for public use in 2006, with some usage rules to maximize the utility of the spectrum. The rules are aimed to provide the most benefit to smaller markets and less densely populated areas. This can mean a cleaner signal for any carrier deploying a point-to-multipoint wireless services. A few of the rules include:

Restricted Locations. The spectrum cannot be used close to existing government installations or satellite earth stations that use the spectrum. So you can’t deploy around some of the larger air force bases and around a handful of remaining satellite earth stations. The FCC maintains a list of the restricted locations. It should be noted that the earthstation market has been consolidating and over the last few years a number of older earthstations have been decommissioned. This restriction does not block the spectrum in too many places.

Licensed Use. You can license the spectrum for a $280 fee. However, such a license is not exclusive and every holder of the spectrum is expected to coordinate with other users. This is not like a normal FCC license and it is not first come first serve. Everyone using the spectrum in a given area is expected to work with others to minimize interference. The FCC will act as the arbiter if parties can’t work things out. I would point out that in a point-to-multipoint deployment it I fairly easy to keep interference to a minimum.

Contention. There are different rules for using the spectrum depending upon how you deploy it. The rules promote using radios that deploy other spectrum in addition to 3.65 GHz. For radios that only use this spectrum the usage is limited to the 25 MHz band between 3.65 and 3.675 GHz. But radios that allow for a shift to other frequencies when there is contention can use the full 50 MHz channel within the frequency.

The frequency can support bandwidth on one channel up to a theoretical 37 Mbps download. But real life deployments are called somewhere around 25 Mbps close to the transmitter.

Radios for this frequency are readily available from most of the major point-to-multipoint radio manufacturers. The price of the base stations and customer CPE are very much in line with the cost of radios in the unlicensed bands.

One advantage of this spectrum is that it can go a significant distance. It can theoretically work to the horizon, but the throughput diminishes with distance. Life with most bandwidth, you can engineer to get good bandwidth at the outside of your range by sacrificing bandwidth close to the antenna, or you can alternately go for big bandwidth close to the tower with decreasing bandwidth with distance. It’s easy to engineer a system that can deliver 10 Mbps download at five miles. We’ve seen 3 Mbps at 9 miles.

This frequency is best used in a rural deployment, because the bandwidth from a given sector of a basestation is shared with all of the customers using that sector. Like with any shared bandwidth technology, the more customers you cram onto the system, the less bandwidth available for each customer, particularly at peak times.

Who Will Be the Cable Killer?

Cable OutletIt’s a given these days that people are dropping cable subscriptions in favor of other sources of content. For now the exodus from cable is a trickle, but as we have seen with other industries, things can change into a flood quickly if there is a widely-acceptable alternative to an older technology.

This leads me to speculate about what company might be the one to break the cable monopoly. My crystal ball is no better than anybody else’s and this is just speculation. But it is not purely a mental exercise, because the odds are that somebody is going to be the cable killer.

One can first look at the characteristics that any cable killer must have. Number one is that they are going to need to have access to large number of potential customers. Today there are only a handful of companies that can make such a claim, although we have seen that when something new comes along that a new industry entrant can attract millions of customers in a very short period of time. The cable industry has a handful of large providers including Comcast with 23 million, Time Warner with 12 million, Direct TV with 20 million and Dish Networks with 14 million. And Charter would join this group if they are able to buy Time Warner.

So who can compete with those kinds of numbers? I can think of several that already have more customers than Comcast. Netflix is one, with over 33 million subscribers. It is not much of a stretch to see NetFlix as a cable killer if they can get enough additional programming to lure people permanently away from cable.

Interestingly, the company that has quietly built a huge pile of potential customers is Apple. They have sold over 20 million Apple TVs. And worldwide they have sold over 170 million iPads, many of them in the US. It’s been rumored for years that Apple was on the verge of announcing a programming blockbuster, and perhaps they have just been waiting to get enough Apple hardware platforms into the marketplace before trying to lure the programmers. This company destroyed the music industry in just a few years and perhaps they can do it again with cable.

And we can’t forget Google. Google has been rumored to be thinking about bidding on the NFL Sunday Package when it comes up for renewal. One thing that Google has that nobody else has is the ability to throw billions at launching a new effort in a hurry. Sports programming is one thing that could lure people off of traditional cable and it is not too hard to imagine Google outbidding everybody else for the NFL and a few other sports networks and then also swinging a deal with ESPN.

There is also the upstart Aereo. Assuming the courts don’t stop them, they will be in every medium and large tier market within a few years and building up a big customer base that is already spending money for alternate programming. While they are only streaming a limited line-up today, they already have the technology in place to support a huge line-up through the air.

It seems to me like it is going to be very hard for programmers to keep ignoring some of these companies. Now that traditional cable is losing customers every quarter it is going to become easier and easier for programmers to do the math and to see that they could get revenues from both the traditional cable operators and the new upstarts. There is no love lost between the programmers and the cable companies and the programmers will make new deals when the math looks right.

If I had to pick a winner from that pile of candidates it would be either Google or Apple. Google is capable of buying the sports market and luring away the many sports fans. Apple could begin offering alternate programming in a hurry through its huge embedded hardware base. And perhaps, the real answer is – all of the above. Once a few programmers decide to break the traditional monopoly they are likely to make a deal with anybody who will give them money for their content. If that happens, the traditional cable companies are toast in terms of keeping any cable monopoly. But they will always be relevant as the largest ISPs in the country.

More on MIMO

Project_Diana_antennaOne of the technologies that is going to be needed to make the Internet of Things work better is MIMO. MIMO stands for multiple-input, multiple output and refers to using an array of antennas to communicate instead of a single antenna. MIMO technology can apply to different kinds of wireless including WiFi and cellular.

MIMO has been around for a few years and the latest high performance WiFi routers include the first generation MIMO technology. These wireless routers include multiple antennas that work together and the purpose for the antennas is to establish separate wireless routes to different devices.

When done smartly, MIMO dynamically sets up a different wireless path to a given device, so there would be a separate wireless path to your cell phone, your TV and your speaker system. The current MIMO routers can only establish a few separate paths at a time. So if you have more than a few wireless devices running at the same time (which many of us now do), then there is also a general broadcast signal that can be picked up by any device within range.

As you can imagine, establishing separate paths and doing it well can be a challenge. Some devices like cell phones and tablets are mobile within the environment and the router has to keep track of where each device is at. Done well the router will determine the right amount of power and bandwidth to give to each device.

But fast forward a few years when you also have a host of IoT devices in your home. Today in my house we often are running seven WiFi devices, but add to this an array of smart appliances, smoke detectors, security cameras, medical monitors and various toys and it’s easy to see that the normal home router could get overwhelmed in a hurry.

Scientists are already working on more sophisticated MIMO devices so that they can understand the challenges of handling large numbers of multiple devices simultaneously. Scientists at Rice University have constructed an array of 96 MIMO antennas that is letting them a look into our future. They have named their array Argos and it is giving them a tool for exploring the ways to process and integrate inputs and outputs from many sources. They are calling their application Mammoth MIMO.

Mammoth MIMO antenna arrays are more efficient than a bunch of single antennas. The large array that Rice is studying can do a whole lot more than connect to 96 devices and they are claiming that  the multiplicative efficiency appears to make the large array as much as ten times more efficient than using a host of individual routers.

That kind of efficiency is going to be necessary in the future in two circumstances. First, this technology could be used immediately in crowded environments. We are all aware of how hard it is to get a cell phone signal when there are a lot of people together in a convention center or stadium. Mammoth MIMO could enable many more connections.

But the more widespread use will be in a world where the normal home or business is filled with scores of IoT devices all wanting to make connections to the network. Without improved MIMO this is not going to be possible.

Massive MIMO is going to require massive processing power to make sense of the huge inflow of simultaneous signals. That will require more computational and data storage locally just to process and make sense of IoT data. I have several friends who work in the field of artificial intelligence and they think their technology is going to be needed to help make sense of the massive data flood that will flow out of IoT.