Ring’s new security ‘control center’ isn’t nearly enough

On the same day that a Mississippi family is suing Amazon -owned smart camera maker Ring for not doing enough to prevent hackers from spying on their kids, the company has rolled out its previously announced “control center,” which it hopes will make you forget about its verifiably “awful” security practices.

In a blog post out Thursday, Ring said the new “control center,” “empowers” customers to manage their security and privacy settings.

Ring users can check to see if they’ve enabled two-factor authentication, add and remove users from the account, see which third-party services can access their Ring cameras and opt-out of allowing police to access their video recordings without the user’s consent.

But dig deeper and Ring’s latest changes still do practically nothing to change some of its most basic, yet highly criticized security practices.

Questions were raised over these practices months ago after hackers were caught breaking into Ring cameras and remotely watching and speaking to small children. The hackers were using previously compromised email addresses and passwords — a technique known as credential stuffing — to break into the accounts. Some of those credentials, many of which were simple and easy to guess, were later published on the dark web.

Yet, Ring still has not done anything to mitigate this most basic security problem.

TechCrunch ran several passwords through Ring’s sign-up page and found we could enter any easy to guess password, like “12345678” and “password” — which have consistently ranked as some of the most common passwords for several years running.

To combat the problem, Ring said at the time users should enable two-factor authentication, a security feature that adds an additional check to prevent account breaches like password spraying, where hackers use a list of common passwords in an effort to brute force their way into accounts.

But Ring still uses a weak form of two-factor authentication, sending you a code by text message. Text messages are not secure and can be compromised through interception and SIM swapping attacks. Even NIST, the government’s technology standards body, has deprecated support for text message-based two-factor. Experts say although text-based two-factor is better than not using it at all, it’s far less secure than app-based two-factor, where codes are delivered over an encrypted connection to an app on your phone.

Ring said it’ll make its two-factor authentication feature mandatory later this year, but has yet to say if it will ever support app-based two-factor authentication in the future.

The smart camera maker has also faced criticism for its cozy relationship with law enforcement, which has lawmakers concerned and demanding answers.

Ring allows police access to users’ videos without a subpoena or a warrant. (Unlike its parent company Amazon, Ring still does not publish the number of times police demand access to customer videos, with or without a legal request.)

Ring now says its control center will allow users to decide if police can access their videos or not.

But don’t be fooled by Ring’s promise that police “cannot see your video recordings unless you explicitly choose to share them by responding to a specific video request.” Police can still get a search warrant or a court order to obtain your videos, which isn’t particularly difficult if police can show there’s reasonable grounds that it may contain evidence — such as video footage — of a crime.

There’s nothing stopping Ring, or any other smart home maker, from offering a zero-knowledge approach to customer data, where only the user has the encryption keys to access their data. Ring cutting itself (and everyone else) out of the loop would be the only meaningful thing it could do if it truly cares about its users’ security and privacy. The company would have to decide if the trade-off is worth it — true privacy for its users versus losing out on access to user data, which would effectively kill its ongoing cooperation with police departments.

Ring says that security and privacy has “always been our top priority.” But if it’s not willing to work on the basics, its words are little more than empty promises.

Google Nest begins testing HVAC alerts, partners with Handy for booking service calls

Google’s Nest is testing a new feature that will alert you to potential HVAC issues and even help you book an HVAC professional to fix it, thanks to a partnership with Handy. The company says the HVAC alerts are only available in select cities during the testing period. If you’re in one of the supported markets, the new HVAC alert email will include an additional link to a website where you can make an appointment with a repair professional.

Stanford’s Doggo quadrupedal robot and siblings Pupper and Woofer are coming to TC Sessions: Robotics + AI

Animal-like, four-legged robots have been a crowd-pleaser since Boston Dynamics’ BigDog, and Stanford’s Doggo shows how the technology can be made open source, accessible and educational. Doggo’s creators will bring the diminutive robot, plus its smaller and larger siblings Pupper and Woofer, to TC Sessions: Robotics + AI on March 3.

Modified HoloLens helps teach kids with vision impairment to navigate the social world

Growing up with blindness or low vision can be difficult for kids, not just because they can’t read the same books or play the same games as their sighted peers; Vision is also a big part of social interaction and conversation. This Microsoft research project uses augmented reality to help kids with vision impairment “see” the people they’re talking with.

Sonos clarifies how unsupported devices will be treated

Smart speaker manufacturer Sonos clarified its stance when it comes to old devices that are no longer supported. The company faced some criticisms after its original announcement. Sonos now says that you’ll be able to create two separate Sonos systems so that your newer devices stay up to date.

If you use a Zone Player, Connect, first-generation Play:5, CR200, Bridge or pre-2015 Connect:Amp, Sonos is still going to drop support for those devices. According to the company, those devices have reached their technical limits when it comes to memory and processing power.

While nothing lasts forever, it’s still a shame that speakers that work perfectly fine are going to get worse over time. For instance, if Spotify and Apple Music update their application programming interface in the future, your devices could stop working with those services altogether.

But the announcement felt even more insulting as the company originally said that your entire ecosystem of Sonos devices would stop receiving updates so that all your devices remain on the same firmware version. Even if you just bought a Sonos One, it would stop receiving updates if there’s an old speaker on your network.

“We are working on a way to split your system so that modern products work together and get the latest features, while legacy products work together and remain in their current state,” the company writes.

It’s not ideal, but the company is no longer holding your Sonos system back. Sonos also clarifies that old devices will still receive security updates and bug fixes — but there won’t be any new features.

I still think Sonos should add a computing card slot to its devices. This way, you wouldn’t have to replace speakers altogether. You could get a new computing card with more memory and faster processors and swap your existing card. Modularity is going to be essential if tech companies want to adopt a more environmentally friendly stance.

India-2

Vivo beats Samsung for 2nd spot in Indian smartphone market

Samsung, which once led the smartphone market in India, slid to the third position in the quarter that ended in December, even as the South Korean giant continues to make major bets on the rare handset market that is still growing. 158 million smartphones shipped in India in 2019, up from 145 million the year before, according to research firm Counterpoint.

Chinese firm Vivo surpassed Samsung to become the second biggest smartphone vendor in India in Q4 2019. Xiaomi, with command over 27% of the market, maintained its top spot in the nation for the tenth consecutive quarter.

Vivo’s annual smartphone shipment grew 76% in 2019. The Chinese firm’s aggressive positioning of its budget S series of smartphones — priced between 0 to 0 (the sweet spot in India) — in the brick and mortar market and acceptance of e-commerce sales helped it beat Samsung, said Counterpoint analysts.

Vivo’s market share jumped 132% between Q4 of 2018 and Q4 of 2019, according to the research firm.

Realme, which spun out of Chinese smartphone maker Oppo, claimed the fifth spot. Oppo assumed the fourth position.

Samsung has dramatically lowered prices of some of its handsets in the country and also introduced smartphones with local features, but it is struggling to compete with an army of Chinese smartphone makers. The company did not respond to a request for comment.

Realme has taken the Indian market by storm. The two-year-old firm has replicated Xiaomi’s playbook in the country and so far focused on selling aggressively low-cost Android smartphones online.

Vivo and Oppo, on the other hand, have over the years expanded to smaller cities and towns in the country and inked deals with merchants. The companies have offered merchants fat commission to incentivize them to promote their handsets over those of the rivals.

Xiaomi, which entered India six years ago, sold handsets exclusively through online channels to cut overhead, but has since established presence in about 10,000 brick and mortar stores (including some through partnership with big retail chains). The company said in September last year that it had shipped 100 million smartphones in the country.

India surpasses the U.S.

The report, released late Friday (local time), also states that India, with 158 million smartphone shipments in 2019, took over the U.S. in annual smartphone shipment for the first time.

India, which was already the world’s second largest smartphone market for total handset install base, is now also the second largest market for annual shipment of smartphones.

Tarun Pathak, a senior analyst at Counterpoint, told TechCrunch that about 150 million to 155 million smartphone units were shipped in the U.S. in 2019.

As smartphone shipments decline in most countries, India has emerged as a rare market where people are still showing great appetite for new handsets. There are nearly half a billion smartphones in use in the country today — but more than half a billion people in the nation are yet to get one.

The nation’s slowing economy, however, is understandably making its mark on the smartphone market as well. The Indian smartphone market grew by 8.9% last year, compared to 10% in the previous year.

As autonomy stalls, lidar companies learn to adapt

Lidar sensors are likely to be essential to autonomous vehicles, but if there are none of the latter, how can you make money with the former? Among the industry executives I spoke with, the outlook is optimistic as they unhitch their wagons from the sputtering star of self-driving cars. As it turns out, a few years of manic investment does wonders for those who have the wisdom to apply it properly.

Unearth the future of agriculture at TC Sessions: Robotics+AI with the CEOs of Traptic, FarmWise and Pyka

Farming is one of the oldest professions, but today those amber waves of grain (and soy) are a test bed for sophisticated robotic solutions to problems farmers have had for millennia. Learn about the cutting edge (sometimes literally) of agricultural robots at TC Sessions: Robotics+AI on March 3 with the founders of Traptic, Pyka and FarmWise.

acoustic-levitation-ethz-1-2

This ultrasonic gripper could let robots hold things without touching them

If robots are to help out in places like hospitals and phone repair shops, they’re going to need a light touch. And what’s lighter than not touching at all? Researchers have created a gripper that uses ultrasonics to suspend an object in midair, potentially making it suitable for the most delicate tasks.

It’s done with an array of tiny speakers that emit sound at very carefully controlled frequencies and volumes. These produce a sort of standing pressure wave that can hold an object up or, if the pressure is coming from multiple directions, hold it in place or move it around.

This kind of “acoustic levitation,” as it’s called, is not exactly new — we see it being used as a trick here and there, but so far there have been no obvious practical applications. Marcel Schuck and his team at ETH Zürich, however, show that a portable such device could easily find a place in processes where tiny objects must be very lightly held.

A small electric component, or a tiny oiled gear or bearing for a watch or micro-robot, for instance, would ideally be held without physical contact, since that contact could impart static or dirt to it. So even when robotic grippers are up to the task, they must be kept clean or isolated. Acoustic manipulation, however, would have significantly less possibility of contamination.

Another, more sinister-looking prototype.

The problem is that it isn’t obvious exactly which combination of frequencies and amplitudes are necessary to suspend a given object in the air. So a large part of this work was developing software that can easily be configured to work with a new object, or programmed to move it in a specific way — rotating, flipping or otherwise moving it at the user’s behest.

A working prototype is complete, but Schuck plans to poll various industries to see whether and how such a device could be useful to them. Watchmaking is of course important in Switzerland, and the parts are both small and sensitive to touch. “Toothed gearwheels, for example, are first coated with lubricant, and then the thickness of this lubricant layer is measured. Even the faintest touch could damage the thin film of lubricant,” he points out in the ETHZ news release.

How would a watchmaker use such a robotic arm? How would a designer of microscopic robots, or a biochemist? The potential is clear, but not necessarily obvious. Fortunately, he has a bit of fellowship cash to spend on the question and hopes to spin it off as a startup next year if his early inquiries bear fruit.