[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:14.98,Default,,0000,0000,0000,,{\i1}34c3 intro{\i0}
Dialogue: 0,0:00:14.98,0:00:23.67,Default,,0000,0000,0000,,Herald: So, to our next talk... Sit and\Nrelax, you know what that means. Glass of
Dialogue: 0,0:00:23.67,0:00:30.60,Default,,0000,0000,0000,,wine or mate, your favorite easy chair,\Nand of course your latest WIFI enabled toy
Dialogue: 0,0:00:30.60,0:00:36.10,Default,,0000,0000,0000,,compromising your intimate moments.\NBarbara Wimmer, as free author and
Dialogue: 0,0:00:36.10,0:00:40.65,Default,,0000,0000,0000,,journalist, will tell you more about the\NInternet of Fails,
Dialogue: 0,0:00:40.65,0:00:47.19,Default,,0000,0000,0000,,will tell you more about where IoT goes\Nwrong. She's a free author and journalist
Dialogue: 0,0:00:47.19,0:00:57.44,Default,,0000,0000,0000,,at futurezone.at, (DORF?), and will in the\Nnear future release one or two public
Dialogue: 0,0:00:57.44,0:01:11.77,Default,,0000,0000,0000,,stories and a book. Applause!\N{\i1}applause{\i0}
Dialogue: 0,0:01:11.77,0:01:15.78,Default,,0000,0000,0000,,Barbara Wimmer: Hello everybody. I'm\Nwaiting for my slides to appear on the
Dialogue: 0,0:01:15.78,0:01:23.74,Default,,0000,0000,0000,,screen. Where are my slides please? That's\Nnot my slides.
Dialogue: 0,0:01:37.42,0:01:48.63,Default,,0000,0000,0000,,Oh, thank you very much. So welcome to the\Ntalk Internet of Fails when IoT has gone
Dialogue: 0,0:01:48.63,0:01:59.14,Default,,0000,0000,0000,,wrong. This is a very negative topic title\Nactually and you're getting a lot of
Dialogue: 0,0:01:59.14,0:02:06.71,Default,,0000,0000,0000,,negative stories in this next hour but I\Ndon't want to talk only about negative
Dialogue: 0,0:02:06.71,0:02:13.61,Default,,0000,0000,0000,,things so you can see "FAIL" as a "first\Nattempt in learning". So actually at the
Dialogue: 0,0:02:13.61,0:02:19.03,Default,,0000,0000,0000,,end of the talk I want to talk about\Nsolutions as well and I don't want to
Dialogue: 0,0:02:19.03,0:02:27.29,Default,,0000,0000,0000,,provide only bad and negative examples\Nbecause that's what we hear every day. And
Dialogue: 0,0:02:27.29,0:02:33.50,Default,,0000,0000,0000,,this is perfect for the congress motto\N"tuwat" because this is all about let's
Dialogue: 0,0:02:33.50,0:02:44.77,Default,,0000,0000,0000,,tuwat together. So nobody, most of you in\Nthis room don't will not know me. So I'm
Dialogue: 0,0:02:44.77,0:02:51.85,Default,,0000,0000,0000,,going to introduce myself a little bit and\Nwhy I'm talking to you about this topic,
Dialogue: 0,0:02:51.85,0:02:58.04,Default,,0000,0000,0000,,because that's probably what everybody\Nasks me when I appear somewhere and say oh
Dialogue: 0,0:02:58.04,0:03:07.49,Default,,0000,0000,0000,,I give talks about IoT. And so actually I\Nwork as an IT journalist for more than 12
Dialogue: 0,0:03:07.49,0:03:17.49,Default,,0000,0000,0000,,years. And I got in contact with internet\Nof things in 2014 when I talked to the
Dialogue: 0,0:03:17.49,0:03:26.43,Default,,0000,0000,0000,,local CERT.at team in Austria. I'm from\NVienna. And they first told me that the
Dialogue: 0,0:03:26.43,0:03:32.42,Default,,0000,0000,0000,,first refrigerator was caught that was\Nsending out spam mails and that was in
Dialogue: 0,0:03:32.42,0:03:42.47,Default,,0000,0000,0000,,2014 and actually that was really a funny\Nstory back then and we were laughing about
Dialogue: 0,0:03:42.47,0:03:48.53,Default,,0000,0000,0000,,it but at the same time we already knew\Nthat there is something coming up which is
Dialogue: 0,0:03:48.53,0:03:59.87,Default,,0000,0000,0000,,quite going to be a huge development and\Nso from back then I watched the whole IoT
Dialogue: 0,0:03:59.87,0:04:09.15,Default,,0000,0000,0000,,development in terms of security and\Nprivacy. And in the next 45min you will
Dialogue: 0,0:04:09.15,0:04:19.22,Default,,0000,0000,0000,,hear a lot of stuff about IoT, and where\Nthe problem with IoT is currently and
Dialogue: 0,0:04:19.22,0:04:26.40,Default,,0000,0000,0000,,examples of fails in terms of security and\Nprivacy. But like I mentioned before I
Dialogue: 0,0:04:26.40,0:04:31.76,Default,,0000,0000,0000,,wanna talk about solutions and when we\Ntalk about solutions it will not be like
Dialogue: 0,0:04:31.76,0:04:38.02,Default,,0000,0000,0000,,only one side, like only the consumer,\Nonly the IT-security, only developers.
Dialogue: 0,0:04:38.02,0:04:46.74,Default,,0000,0000,0000,,Actually what I'm going not to provide is\Ndetailed IT-security stuff. So if you
Dialogue: 0,0:04:46.74,0:04:53.79,Default,,0000,0000,0000,,wanna focus more on any story that I'm\Ntalking about I'm mentioning most of the
Dialogue: 0,0:04:53.79,0:05:01.71,Default,,0000,0000,0000,,the sources in the slides and if you\Nreally wanna know this example got up,
Dialogue: 0,0:05:01.71,0:05:06.56,Default,,0000,0000,0000,,please look it up if you're really\Ninterested deeply into it. I'm a
Dialogue: 0,0:05:06.56,0:05:12.89,Default,,0000,0000,0000,,journalist and not an IT-security person\Nso please don't expect me to go into
Dialogue: 0,0:05:12.89,0:05:19.77,Default,,0000,0000,0000,,details in this talk. Thats why it's also\Nin the ethics talk - ethics section of the
Dialogue: 0,0:05:19.77,0:05:28.76,Default,,0000,0000,0000,,congress and not the security part. So\Ncoming to the internet of things I want to
Dialogue: 0,0:05:28.76,0:05:39.76,Default,,0000,0000,0000,,start with a few numbers because these\Nnumbers show the development of IoT. In
Dialogue: 0,0:05:39.76,0:05:48.70,Default,,0000,0000,0000,,2016 we had 6.3 billions of devices out\Nthere. This year we already had 8.3
Dialogue: 0,0:05:48.70,0:05:58.83,Default,,0000,0000,0000,,billion of devices and in 2020 we will -\Nwe are going to have 20.4 billion
Dialogue: 0,0:05:58.83,0:06:05.16,Default,,0000,0000,0000,,connected devices out there. So the\Nnumbers are from Gartner Institute from
Dialogue: 0,0:06:05.16,0:06:13.70,Default,,0000,0000,0000,,January and I have one more slide with\Nmore accurate data from June this year and
Dialogue: 0,0:06:13.70,0:06:23.40,Default,,0000,0000,0000,,actually this slide shows that the\Ndevelopment is actually really growing.
Dialogue: 0,0:06:23.40,0:06:32.40,Default,,0000,0000,0000,,17% more compared to the previous year.\NAnd by 2021 global IoT spending is
Dialogue: 0,0:06:32.40,0:06:42.39,Default,,0000,0000,0000,,expected to reach about 1.4 trillion\Ndollars. So maybe some you are asking
Dialogue: 0,0:06:42.39,0:06:49.81,Default,,0000,0000,0000,,yourself: What is the internet of things?\NMaybe some of you expected I'm only
Dialogue: 0,0:06:49.81,0:06:59.67,Default,,0000,0000,0000,,talking about a smart home, because IoT is\Noften related to the smart home. And we're
Dialogue: 0,0:06:59.67,0:07:06.14,Default,,0000,0000,0000,,having all the smart devices that we put\Ninto our living rooms, but that's actually
Dialogue: 0,0:07:06.14,0:07:12.74,Default,,0000,0000,0000,,not the main focus because it's more about\Nthe connected everything. Which means
Dialogue: 0,0:07:12.74,0:07:19.24,Default,,0000,0000,0000,,toys, sex toys, home automation,\Nlightbulbs, surveillance cameras,
Dialogue: 0,0:07:19.24,0:07:28.57,Default,,0000,0000,0000,,thermostats, but also digital assistants\Nand wearables. So I wanna start with a few
Dialogue: 0,0:07:28.57,0:07:37.58,Default,,0000,0000,0000,,examples of classical internet of things\Nstuff which is actually a smart coffee
Dialogue: 0,0:07:37.58,0:07:45.43,Default,,0000,0000,0000,,maker. That's ... so what is smart about a\Ncoffee maker? It only gets ... it doesn't
Dialogue: 0,0:07:45.43,0:07:51.43,Default,,0000,0000,0000,,get smart when you regulate your coffee\Nmachine by app because what's smart about
Dialogue: 0,0:07:51.43,0:07:58.19,Default,,0000,0000,0000,,that? You can just press the button on the\Nmachine. But when you connect your coffee
Dialogue: 0,0:07:58.19,0:08:05.75,Default,,0000,0000,0000,,machine with fitness and sleeping trackers\Nthe coffee machine already knows when you
Dialogue: 0,0:08:05.75,0:08:13.18,Default,,0000,0000,0000,,get up if you need a strong or soft coffee\Nin the morning and so that might sound
Dialogue: 0,0:08:13.18,0:08:20.47,Default,,0000,0000,0000,,comfortable for some of us, but it also\Nhas a lot of dangers inside, because you
Dialogue: 0,0:08:20.47,0:08:25.71,Default,,0000,0000,0000,,never know that the data is really safe\Nand only stays with you. Maybe your
Dialogue: 0,0:08:25.71,0:08:37.43,Default,,0000,0000,0000,,insurance company get them one day. So you\Nall know Cars -probably-, the film, and
Dialogue: 0,0:08:37.43,0:08:46.04,Default,,0000,0000,0000,,this is McLightning Queen and it got a toy\Nnowadays which is sold for 350 dollars -
Dialogue: 0,0:08:46.04,0:08:55.49,Default,,0000,0000,0000,,no sorry, euros - and this car is able to\Nsit next to you and watch the film with
Dialogue: 0,0:08:55.49,0:09:02.31,Default,,0000,0000,0000,,you and is going to comment the film.\N{\i1}laughter{\i0}
Dialogue: 0,0:09:02.31,0:09:09.74,Default,,0000,0000,0000,,And it is - this sounds very funny - but -\Nand it is funny - but it means that it has
Dialogue: 0,0:09:09.74,0:09:15.13,Default,,0000,0000,0000,,a microphone integrated which is waiting\Nfor the terms in the film on the right
Dialogue: 0,0:09:15.13,0:09:22.75,Default,,0000,0000,0000,,stories and then it makes comments. And\Nthe microphone can only be turned off by
Dialogue: 0,0:09:22.75,0:09:30.81,Default,,0000,0000,0000,,app so there's no physical button to turn\Nit off and actually another thing is when
Dialogue: 0,0:09:30.81,0:09:36.41,Default,,0000,0000,0000,,you first ... when you actually got this\Npresent for Christmas, which is a really
Dialogue: 0,0:09:36.41,0:09:46.59,Default,,0000,0000,0000,,expensive present with 350 euros, it's\Nactually first updating for more than
Dialogue: 0,0:09:46.59,0:10:01.23,Default,,0000,0000,0000,,35min before you can even use it. The next\Nexample - you're already laughing - is
Dialogue: 0,0:10:01.23,0:10:09.12,Default,,0000,0000,0000,,internet of ... I call it internet of shit\Nbecause you can't say anything else to
Dialogue: 0,0:10:09.12,0:10:16.35,Default,,0000,0000,0000,,that example. It's a toilet IoT sensor\Nwhich is actually a smart, small little
Dialogue: 0,0:10:16.35,0:10:25.27,Default,,0000,0000,0000,,box which is put into the toilet. And this\Nbox has sensors. It's an Intel box but I
Dialogue: 0,0:10:25.27,0:10:34.76,Default,,0000,0000,0000,,don't know and this box has sensors and\Nthese sensors help analyzing the stool.
Dialogue: 0,0:10:34.76,0:10:44.36,Default,,0000,0000,0000,,And this data that is collected is going\Nto send into the cloud. And actually this
Dialogue: 0,0:10:44.36,0:10:49.55,Default,,0000,0000,0000,,could be very useful for people who are\Nhaving chronical diseases like Colitis
Dialogue: 0,0:10:49.55,0:10:59.32,Default,,0000,0000,0000,,Ulcerosa or other chronical diseases with\Nthe digestion stuff but it is mainly
Dialogue: 0,0:10:59.32,0:11:05.48,Default,,0000,0000,0000,,designed for healthy people who want to\Nmake better nutrition and reduce their
Dialogue: 0,0:11:05.48,0:11:13.87,Default,,0000,0000,0000,,stress levels with the stool analysis. And\Nmaybe it sounds good at the beginning but
Dialogue: 0,0:11:13.87,0:11:21.71,Default,,0000,0000,0000,,this data that is collected could also be\Nused for other things in the future. So
Dialogue: 0,0:11:21.71,0:11:30.89,Default,,0000,0000,0000,,it's a perfect example for internet of\Nshit. But there is another internet of
Dialogue: 0,0:11:30.89,0:11:37.97,Default,,0000,0000,0000,,shit which is a twitter account that\Ncollects all these funny little stories.
Dialogue: 0,0:11:37.97,0:11:44.92,Default,,0000,0000,0000,,It's not from me, so I'm not behind that.\NI tried to reach the person but I never
Dialogue: 0,0:11:44.92,0:11:50.73,Default,,0000,0000,0000,,got a replay so I can't tell you anything\Nabout them but they collect examples - if
Dialogue: 0,0:11:50.73,0:11:55.58,Default,,0000,0000,0000,,you don't follow them now and are\Ninterested in this topic you might do
Dialogue: 0,0:11:55.58,0:12:05.41,Default,,0000,0000,0000,,after this talk - so after presenting a\Ncouple of IoT examples with the good and a
Dialogue: 0,0:12:05.41,0:12:13.09,Default,,0000,0000,0000,,bit of the bad sides I first wanna focus a\Nlittle bit on the problem because as I
Dialogue: 0,0:12:13.09,0:12:20.15,Default,,0000,0000,0000,,said before you might now think that\Neverything is nice, comfortable, why
Dialogue: 0,0:12:20.15,0:12:26.69,Default,,0000,0000,0000,,shouldn't we do that and stuff like that.\NSo the problem is that most of the vendors
Dialogue: 0,0:12:26.69,0:12:33.73,Default,,0000,0000,0000,,that are doing IoT stuff now, that start\Nto connect everything, they are creating
Dialogue: 0,0:12:33.73,0:12:41.35,Default,,0000,0000,0000,,manually operated devices without\Nconnectivity for long years and they had a
Dialogue: 0,0:12:41.35,0:12:48.06,Default,,0000,0000,0000,,lot of knowledge in terms of materials,\Nergonomics, mechanical engineering but
Dialogue: 0,0:12:48.06,0:12:58.20,Default,,0000,0000,0000,,almost zero in the fields of IT security.\NActually I don't say that without having
Dialogue: 0,0:12:58.20,0:13:06.96,Default,,0000,0000,0000,,talked to vendors that have said exactly\Nthat when I interviewed them. Like there
Dialogue: 0,0:13:06.96,0:13:14.51,Default,,0000,0000,0000,,was a lightbulb vendor from Austria who is\Na really big vendor who is making
Dialogue: 0,0:13:14.51,0:13:22.40,Default,,0000,0000,0000,,lightbulbs for years and years and years\Nand actually they started to make
Dialogue: 0,0:13:22.40,0:13:34.61,Default,,0000,0000,0000,,connected lightbulbs in 2015 and when they\Ndid that they ... and I asked them "Oh how
Dialogue: 0,0:13:34.61,0:13:44.96,Default,,0000,0000,0000,,big is your IT security department?" "1\NPerson". So they didn't actually have the
Dialogue: 0,0:13:44.96,0:13:51.58,Default,,0000,0000,0000,,knowledge that IT security might be more\Nimportant when they connect - when they
Dialogue: 0,0:13:51.58,0:14:00.08,Default,,0000,0000,0000,,start to connect things. And actually the\Nresult is that these vendors are making
Dialogue: 0,0:14:00.08,0:14:05.52,Default,,0000,0000,0000,,the same sort of security errors than the\Nhigh tech industry was dealing with 15
Dialogue: 0,0:14:05.52,0:14:14.27,Default,,0000,0000,0000,,years ago. So the early 2000s called and\Nwant their web security, their lack of
Dialogue: 0,0:14:14.27,0:14:23.70,Default,,0000,0000,0000,,security back. So there are all kinds of\Nproblems we already know from past:
Dialogue: 0,0:14:23.70,0:14:28.71,Default,,0000,0000,0000,,hardcoded passwords, unsecure bluetooth\Nconnections, permanent cloud server
Dialogue: 0,0:14:28.71,0:14:38.92,Default,,0000,0000,0000,,connections and a lot of other stuff. So\Nwe're going to have from all these 20
Dialogue: 0,0:14:38.92,0:14:45.71,Default,,0000,0000,0000,,billion devices out there, there will be a\Nlot of unsecure devices and the problem is
Dialogue: 0,0:14:45.71,0:14:53.41,Default,,0000,0000,0000,,that they are collecting to a botnet and\Nare starting DDoS attacks and we are going
Dialogue: 0,0:14:53.41,0:15:02.58,Default,,0000,0000,0000,,to have internet outages. For those who\Nare not familiar with the terms I made a
Dialogue: 0,0:15:02.58,0:15:07.55,Default,,0000,0000,0000,,really really really short explanation so\Nthat you are also understanding what I am
Dialogue: 0,0:15:07.55,0:15:14.71,Default,,0000,0000,0000,,talking about. A botnet is a network of\Nprivate computers infected with malicious
Dialogue: 0,0:15:14.71,0:15:21.75,Default,,0000,0000,0000,,software and controlled as a group without\Nthe owners knowledge. Like the example of
Dialogue: 0,0:15:21.75,0:15:29.06,Default,,0000,0000,0000,,the refrigerator that was sending out spam\NI told you about earlier. This
Dialogue: 0,0:15:29.06,0:15:35.87,Default,,0000,0000,0000,,refrigerator sent out ... one refrigerator\Nwas sending out 750.000 spam mails by the
Dialogue: 0,0:15:35.87,0:15:43.03,Default,,0000,0000,0000,,way. So the botnet, that has a botnet\Nowner of course, because it's not only a
Dialogue: 0,0:15:43.03,0:15:50.43,Default,,0000,0000,0000,,zombie botnet, and the botnet owner can\Ncontrol this network of infected computers
Dialogue: 0,0:15:50.43,0:15:57.61,Default,,0000,0000,0000,,by issuing commands to perform malicious\Nactivities like DDoS attacks. So DDoS is a
Dialogue: 0,0:15:57.61,0:16:04.30,Default,,0000,0000,0000,,distributed denial of Service attack and\Nactually that's an attempt to stop
Dialogue: 0,0:16:04.30,0:16:10.46,Default,,0000,0000,0000,,legitimate users form accessing the data\Nnormally available on a website. And this
Dialogue: 0,0:16:10.46,0:16:19.59,Default,,0000,0000,0000,,actually can lead to completely shutdown\Nof a service. And we had this already so
Dialogue: 0,0:16:19.59,0:16:30.07,Default,,0000,0000,0000,,I'm not talking about something in the far\Nfuture but we had this in 2016 and most
Dialogue: 0,0:16:30.07,0:16:37.64,Default,,0000,0000,0000,,people already recognized it but it didn't\Nrecognized why - their twitter accounts
Dialogue: 0,0:16:37.64,0:16:43.75,Default,,0000,0000,0000,,did not work, they couldn't use Reddit, or\NSpotify, or they couldn't pay with PayPal
Dialogue: 0,0:16:43.75,0:16:52.85,Default,,0000,0000,0000,,at the moment. And behind that attack was\NMirai so several other major services were
Dialogue: 0,0:16:52.85,0:17:03.23,Default,,0000,0000,0000,,offline because an infrastructure provider\Nwas attacked by zombie IoT devices. And
Dialogue: 0,0:17:03.23,0:17:11.58,Default,,0000,0000,0000,,this was one year ago and now one year\Nlater Mirai botnet infections are still
Dialogue: 0,0:17:11.58,0:17:21.40,Default,,0000,0000,0000,,widespread so not every zombie device is\Nalready secured so there are still some
Dialogue: 0,0:17:21.40,0:17:26.83,Default,,0000,0000,0000,,around and not so little and actually\Nthere is a study saying that every
Dialogue: 0,0:17:26.83,0:17:35.80,Default,,0000,0000,0000,,unsecured - no every botnet infection\Nthat's there - every security hole thats
Dialogue: 0,0:17:35.80,0:17:42.91,Default,,0000,0000,0000,,there is staying there for at least 7\Nyears which means that all the unsecure
Dialogue: 0,0:17:42.91,0:17:50.89,Default,,0000,0000,0000,,devices which are out now could get\Ninfected and could stay infected for 7
Dialogue: 0,0:17:50.89,0:17:56.68,Default,,0000,0000,0000,,years. So that's why it's very important\Nthat we are going to do something really
Dialogue: 0,0:17:56.68,0:18:10.17,Default,,0000,0000,0000,,quickly and not starting like in 2020. So\NMirai was supposed to continue in 2017 and
Dialogue: 0,0:18:10.17,0:18:20.22,Default,,0000,0000,0000,,actually a lot of DDoS attacks similar\Nattacks like Mirai happened in 2017. This
Dialogue: 0,0:18:20.22,0:18:29.87,Default,,0000,0000,0000,,as an example could unleash at any moment\Nwhich was in November one few days later
Dialogue: 0,0:18:29.87,0:18:41.65,Default,,0000,0000,0000,,exactly this attack was unleashed, so it\Nhappened. In 2017 we also had a huge
Dialogue: 0,0:18:41.65,0:18:54.40,Default,,0000,0000,0000,,increase in DDoS attacks 91% increase from\NQ1 and it's going to increase more. I have
Dialogue: 0,0:18:54.40,0:19:09.29,Default,,0000,0000,0000,,to take a short sip, sorry.\NNow we're coming back to examples. One
Dialogue: 0,0:19:09.29,0:19:15.72,Default,,0000,0000,0000,,really good example is the university that\Nwas attacked by it's own vending machines
Dialogue: 0,0:19:15.72,0:19:26.25,Default,,0000,0000,0000,,and smart lightbulbs and 5000 other IoT\Ndevices. This was very very difficult to
Dialogue: 0,0:19:26.25,0:19:31.74,Default,,0000,0000,0000,,get fixed because they couldn't get the\Nuniversity network down so they had to
Dialogue: 0,0:19:31.74,0:19:38.26,Default,,0000,0000,0000,,find a really difficult solution to get it\Nback up. And actually how did they even
Dialogue: 0,0:19:38.26,0:19:42.65,Default,,0000,0000,0000,,notice about it? Because the students\Ncomplained that the internet was going so
Dialogue: 0,0:19:42.65,0:19:53.24,Default,,0000,0000,0000,,slow. Another example which has nothing to\Ndo with DDoS attacks anymore but with IoT
Dialogue: 0,0:19:53.24,0:20:03.48,Default,,0000,0000,0000,,sensors - actually - in a fishtank in an\NAmerican casino - north American casino
Dialogue: 0,0:20:03.48,0:20:12.14,Default,,0000,0000,0000,,there were sensors measuring the\Ntemperature of the aquarium and the
Dialogue: 0,0:20:12.14,0:20:18.90,Default,,0000,0000,0000,,fishtank - that the fishes didn't die -\Nand these sensors were sending the data to
Dialogue: 0,0:20:18.90,0:20:28.50,Default,,0000,0000,0000,,a PC of this casino and this PC was the\Nsame - was using the same network than the
Dialogue: 0,0:20:28.50,0:20:37.87,Default,,0000,0000,0000,,sensors so actually the cybercriminals\Ncould access to this data of the casino
Dialogue: 0,0:20:37.87,0:20:43.21,Default,,0000,0000,0000,,and were stealing them and sending them to\Ntheir own servers in Finland. And the
Dialogue: 0,0:20:43.21,0:20:56.50,Default,,0000,0000,0000,,amount was about 10GB of data. Another\Nexample which is actually one of my most -
Dialogue: 0,0:20:56.50,0:21:03.49,Default,,0000,0000,0000,,I don't know why but it's the example I\Npersonally like most of the whole examples
Dialogue: 0,0:21:03.49,0:21:11.19,Default,,0000,0000,0000,,that are collected in 2017. So there was a\Nsurveillance camera bought by a
Dialogue: 0,0:21:11.19,0:21:22.06,Default,,0000,0000,0000,,netherlands woman. Actually she wanted to\Nsurveil her dog when she was out at work
Dialogue: 0,0:21:22.06,0:21:29.84,Default,,0000,0000,0000,,but what did this camera do? It did\Nsurveil the dog when she was out at work,
Dialogue: 0,0:21:29.84,0:21:37.26,Default,,0000,0000,0000,,but when she was at home the camera\Nfollowed her through the room and was
Dialogue: 0,0:21:37.26,0:21:44.41,Default,,0000,0000,0000,,watching her all over the place. And it\Nhad a microphone integrated and one day it
Dialogue: 0,0:21:44.41,0:21:51.68,Default,,0000,0000,0000,,started to talk with her and it said "hola\Nseñorita". And this woman was so
Dialogue: 0,0:21:51.68,0:21:59.89,Default,,0000,0000,0000,,frightened that she actually started to\Nrecord that because she thought that
Dialogue: 0,0:21:59.89,0:22:08.29,Default,,0000,0000,0000,,nobody will buy this story. All will think\NI’m crazy but this camera actually did not
Dialogue: 0,0:22:08.29,0:22:15.58,Default,,0000,0000,0000,,surveil the dog but was hacked and\Nsurveiled her. And it was a very cheap
Dialogue: 0,0:22:15.58,0:22:21.87,Default,,0000,0000,0000,,camera by the way. She bought it in a\Nsupermarket but we don't know the name of
Dialogue: 0,0:22:21.87,0:22:29.33,Default,,0000,0000,0000,,the vendor in this case. So coming for a\Nvery cheap camera to a very hightech
Dialogue: 0,0:22:29.33,0:22:40.14,Default,,0000,0000,0000,,camera the cameras you see here is one\Nthat is actually build in a lot of
Dialogue: 0,0:22:40.14,0:22:48.18,Default,,0000,0000,0000,,companies and there was a security hole\Nfound by some Vienna security specialists
Dialogue: 0,0:22:48.18,0:22:53.24,Default,,0000,0000,0000,,from SEC consult and actually they\Ndemonstrated me how they could actually
Dialogue: 0,0:22:53.24,0:23:03.45,Default,,0000,0000,0000,,hack into this camera and how they could\Nmake it possible that this camera shows
Dialogue: 0,0:23:03.45,0:23:13.24,Default,,0000,0000,0000,,pictures of an empty room in a bank so the\Npictures from the empty room in the bank
Dialogue: 0,0:23:13.24,0:23:20.24,Default,,0000,0000,0000,,were shown to me and in reality the bank\Nwas robbed - ok, not in reality. But it
Dialogue: 0,0:23:20.24,0:23:29.21,Default,,0000,0000,0000,,could have been robbed. So thats actually\Nsounding a little bit like a movie scene
Dialogue: 0,0:23:29.21,0:23:37.53,Default,,0000,0000,0000,,and actually this camera which is sold as\Na security camera is kind of useless when
Dialogue: 0,0:23:37.53,0:23:42.84,Default,,0000,0000,0000,,it doesn't have security and it doesn't\Nreally show the picture. And the problem
Dialogue: 0,0:23:42.84,0:23:53.97,Default,,0000,0000,0000,,with this camera was hardcoded passwords.\NAnd the hardcoded password got fixed after
Dialogue: 0,0:23:53.97,0:24:02.69,Default,,0000,0000,0000,,so it was responsible disclosure process\Nand this camera is safe now. So I'm coming
Dialogue: 0,0:24:02.69,0:24:11.80,Default,,0000,0000,0000,,to a different example now. And this now\Nfinally explains why this toy is sitting
Dialogue: 0,0:24:11.80,0:24:19.67,Default,,0000,0000,0000,,here. Before my talk everybody was telling\Nme "Ah, you brought your favorite toy, to
Dialogue: 0,0:24:19.67,0:24:26.14,Default,,0000,0000,0000,,protect you during your talk." and I was\Nlaughing "Oh no. No no no no, it one of
Dialogue: 0,0:24:26.14,0:24:36.57,Default,,0000,0000,0000,,the most unsecure devices out there." But\Nbefore we come to this in special I'm
Dialogue: 0,0:24:36.57,0:24:46.79,Default,,0000,0000,0000,,going to talk a little bit about connected\Ntoys. So the Germany Stiftung Warentest
Dialogue: 0,0:24:46.79,0:24:54.65,Default,,0000,0000,0000,,had made a study regarding connected toys.\NThe people were testing them and actually
Dialogue: 0,0:24:54.65,0:25:04.82,Default,,0000,0000,0000,,all of their tested bears, robot dogs and\Ndolls were very very unsecure and some of
Dialogue: 0,0:25:04.82,0:25:12.78,Default,,0000,0000,0000,,them were even critical and are extremely\Ncritical and others were critical. And
Dialogue: 0,0:25:12.78,0:25:22.37,Default,,0000,0000,0000,,actually what was the problem with the\Ntoys and also with this? They were using -
Dialogue: 0,0:25:22.37,0:25:28.21,Default,,0000,0000,0000,,they are using bluetooth connections. And\Nthese bluetooth connections are not
Dialogue: 0,0:25:28.21,0:25:34.36,Default,,0000,0000,0000,,secured by a password or a PIN code. So\Nevery smartphone user close enough could
Dialogue: 0,0:25:34.36,0:25:42.63,Default,,0000,0000,0000,,connect to the toy and listen to children\Nor ask questions or threaten them and
Dialogue: 0,0:25:42.63,0:25:49.67,Default,,0000,0000,0000,,another problem are the data collecting\Napps related to this stuff. So actually
Dialogue: 0,0:25:49.67,0:25:58.64,Default,,0000,0000,0000,,this little unicorn has an app where you\Ncan send the messages. So what does this
Dialogue: 0,0:25:58.64,0:26:07.79,Default,,0000,0000,0000,,actually? It can play messages and you can\N- as a child you can record messages and
Dialogue: 0,0:26:07.79,0:26:17.46,Default,,0000,0000,0000,,send it to you mom or your dad. And when\Nyou play messages you never - the heart
Dialogue: 0,0:26:17.46,0:26:24.69,Default,,0000,0000,0000,,blinks. So actually there's a message\Nwaiting for you now. And I'm not sure if
Dialogue: 0,0:26:24.69,0:26:32.71,Default,,0000,0000,0000,,it's the same that I recorded earlier\Nbefore. Maybe now it is, maybe at the end
Dialogue: 0,0:26:32.71,0:26:42.73,Default,,0000,0000,0000,,of the talk when I press the button again\Nit might not be. And so everybody can - so
Dialogue: 0,0:26:42.73,0:26:49.84,Default,,0000,0000,0000,,this - err sorry - This device does have\Nan app where you can send the message to.
Dialogue: 0,0:26:49.84,0:26:55.73,Default,,0000,0000,0000,,And it also has a children interface and\Nwhere you are using the children interface
Dialogue: 0,0:26:55.73,0:27:02.66,Default,,0000,0000,0000,,you're seeing that there are ads\Nintegrated. And in the children's
Dialogue: 0,0:27:02.66,0:27:13.23,Default,,0000,0000,0000,,interface there were ads for porn and\Nehm... ...other stuff, which are not
Dialogue: 0,0:27:13.23,0:27:20.32,Default,,0000,0000,0000,,really in the best hands of a child. And\Nthis is also what Stiftung Warentest has
Dialogue: 0,0:27:20.32,0:27:31.14,Default,,0000,0000,0000,,actually - yeah has actually found out.\NThe data is also used to send to third
Dialogue: 0,0:27:31.14,0:27:35.70,Default,,0000,0000,0000,,party companies and they put trackers to\Ncontrol the online behavior of their
Dialogue: 0,0:27:35.70,0:27:42.70,Default,,0000,0000,0000,,parents. This is also done with this\Ndevice. So the Stiftung Warentest advises
Dialogue: 0,0:27:42.70,0:27:51.29,Default,,0000,0000,0000,,a not connectible dumb teddy might be the\Nsmarter choice in the future. And before I
Dialogue: 0,0:27:51.29,0:27:56.53,Default,,0000,0000,0000,,finally press this button - you're\Nprobably curious now - but first I'm going
Dialogue: 0,0:27:56.53,0:28:07.42,Default,,0000,0000,0000,,to talk a little bit about Cayla. You\Nprobably have heard of Cayla as a very
Dialogue: 0,0:28:07.42,0:28:14.88,Default,,0000,0000,0000,,unsecure doll. Actually it got forbidden\Nin Germany by law. It is judged as a
Dialogue: 0,0:28:14.88,0:28:22.08,Default,,0000,0000,0000,,prohibited broadcasting station. And\Nparents who do not destroy it will be
Dialogue: 0,0:28:22.08,0:28:28.71,Default,,0000,0000,0000,,actually fined. And I tried to buy Cayla\Nin Austria and didn't get the doll. So
Dialogue: 0,0:28:28.71,0:28:35.05,Default,,0000,0000,0000,,actually it should be really off the\Nmarket in the German speaking area. And
Dialogue: 0,0:28:35.05,0:28:43.50,Default,,0000,0000,0000,,actually that is also a result of a\Ncampaign from Norway called Toyfail, which
Dialogue: 0,0:28:43.50,0:28:49.80,Default,,0000,0000,0000,,is a Norwegian consumer organization who\Nare actually - this is Cayla. You can see
Dialogue: 0,0:28:49.80,0:29:00.11,Default,,0000,0000,0000,,her now. Which is actually going to the\NEuropean Parliament to make them
Dialogue: 0,0:29:00.11,0:29:07.83,Default,,0000,0000,0000,,understand how unsecure toys is doing a\Nlot of harm and how we should put more
Dialogue: 0,0:29:07.83,0:29:17.13,Default,,0000,0000,0000,,security into toys. And I've brought a\Nshort little video and I hope we can hear
Dialogue: 0,0:29:17.13,0:29:27.81,Default,,0000,0000,0000,,the audio here as well. We will see.\NNo. You don't hear anything.
Dialogue: 0,0:29:27.81,0:29:31.66,Default,,0000,0000,0000,,But this doesn't matter because they\Nhave...
Dialogue: 0,0:29:31.66,0:29:35.96,Default,,0000,0000,0000,,Sign Language Interpreter: subtitles\NBarbara: subtitles.
Dialogue: 0,0:29:35.96,0:29:40.53,Default,,0000,0000,0000,,Person (Video): There's not added any kind\Nof security. With simple steps I can talk
Dialogue: 0,0:29:40.53,0:29:44.99,Default,,0000,0000,0000,,through the doll and listen to other\Npeople.
Dialogue: 0,0:29:44.99,0:29:47.74,Default,,0000,0000,0000,,Person through doll (Video): No one wants\Nothers to speak directly through the doll.
Dialogue: 0,0:29:47.74,0:29:56.79,Default,,0000,0000,0000,,Barbara: He's speaking now at the moment.\NDoll: {\i1}inaudible{\i0}
Dialogue: 0,0:29:56.79,0:30:38.90,Default,,0000,0000,0000,,Person: And you may think... [see video\Nsubs] ... Cayla, can I trust you?
Dialogue: 0,0:30:38.90,0:30:44.01,Default,,0000,0000,0000,,Doll: I don't know.\N{\i1}laughter{\i0}
Dialogue: 0,0:30:44.01,0:30:58.15,Default,,0000,0000,0000,,{\i1}applause{\i0}\NBarbara: Yeah and we don't trust Cayla and
Dialogue: 0,0:30:58.15,0:31:07.91,Default,,0000,0000,0000,,we also don't trust our little unicorn.\N{\i1}button clicking{\i0}
Dialogue: 0,0:31:07.91,0:31:25.04,Default,,0000,0000,0000,,{\i1}laughter{\i0}\N{\i1}crying baby in background{\i0}
Dialogue: 0,0:31:25.04,0:31:34.81,Default,,0000,0000,0000,,Barbara: Ok, somebody has hacked it.\N{\i1}laughter{\i0}
Dialogue: 0,0:31:34.81,0:31:42.92,Default,,0000,0000,0000,,Yes.\NUnicorn Toy: Hello, Chaos Communication
Dialogue: 0,0:31:42.92,0:31:48.00,Default,,0000,0000,0000,,Congress.\NBarbara: Ok, that's what I recorded
Dialogue: 0,0:31:48.00,0:31:57.14,Default,,0000,0000,0000,,earlier. But there is some time left.\NMaybe, maybe... but you're all sitting too
Dialogue: 0,0:31:57.14,0:32:04.12,Default,,0000,0000,0000,,far actually and nobody of you brought\Nyour computer, so... but we will see, we
Dialogue: 0,0:32:04.12,0:32:10.04,Default,,0000,0000,0000,,will try it later on. So but actually you\Nshouldn't trust this unicorn, because this
Dialogue: 0,0:32:10.04,0:32:22.36,Default,,0000,0000,0000,,unicorn is from the company called\NCloudpets, which is a - no sorry It's a
Dialogue: 0,0:32:22.36,0:32:29.68,Default,,0000,0000,0000,,toy called Cloudpet and the company is\NSpiraltoys from the US. So this is
Dialogue: 0,0:32:29.68,0:32:39.11,Default,,0000,0000,0000,,Cloudpet and there are cats and dogs and\Nunicorns and it's very ugly but it's a
Dialogue: 0,0:32:39.11,0:32:48.64,Default,,0000,0000,0000,,unicorn. And actually now I'm already\Ntalking a lot about this. Why I'm
Dialogue: 0,0:32:48.64,0:32:57.55,Default,,0000,0000,0000,,explaining you now. There already was a\Ndata breach with this toy so the
Dialogue: 0,0:32:57.55,0:33:05.61,Default,,0000,0000,0000,,children's messages in Cloudpets data\Nactually was stolen and was public on the
Dialogue: 0,0:33:05.61,0:33:13.74,Default,,0000,0000,0000,,internet. 2 million voice messages\Nrecorded on the cuddly toys has been
Dialogue: 0,0:33:13.74,0:33:25.06,Default,,0000,0000,0000,,discovered free on the internet. And\Nactually Spiraltoys say that there was no
Dialogue: 0,0:33:25.06,0:33:33.63,Default,,0000,0000,0000,,data breach but the data was there, so...\NThats also why I brought this, it was
Dialogue: 0,0:33:33.63,0:33:40.36,Default,,0000,0000,0000,,still very easily available and actually\Nas I said before the app for child the
Dialogue: 0,0:33:40.36,0:33:51.25,Default,,0000,0000,0000,,interface shows porn ads, so I would not\Nrecommend that for your child. Actually
Dialogue: 0,0:33:51.25,0:33:55.60,Default,,0000,0000,0000,,there are already a lot of institutions\Nout there which are warning for connected
Dialogue: 0,0:33:55.60,0:34:03.49,Default,,0000,0000,0000,,toys also the consumer group Which? which\Nactually did a study about this and other
Dialogue: 0,0:34:03.49,0:34:10.00,Default,,0000,0000,0000,,like also the Furby connected they\Nanalyzed, the German Stiftung Warentest,
Dialogue: 0,0:34:10.00,0:34:13.95,Default,,0000,0000,0000,,the Austrian Verein für\NKonsumenteninformation, the Norwegian
Dialogue: 0,0:34:13.95,0:34:22.43,Default,,0000,0000,0000,,consumer council, and the FBI. The list is\Nto be continued. So consider if you really
Dialogue: 0,0:34:22.43,0:34:31.48,Default,,0000,0000,0000,,need a connected toy for your child or\Nyourself because the next section is about
Dialogue: 0,0:34:31.48,0:34:37.98,Default,,0000,0000,0000,,sex toys.\N{\i1}laughter{\i0}
Dialogue: 0,0:34:37.98,0:34:49.90,Default,,0000,0000,0000,,{\i1}applause{\i0}\N{\i1}squeaky horn{\i0}
Dialogue: 0,0:34:49.90,0:34:57.17,Default,,0000,0000,0000,,{\i1}more laughter and applause{\i0}\NI am not... It's not necessary say a lot
Dialogue: 0,0:34:57.17,0:35:04.33,Default,,0000,0000,0000,,about this example. It's actually a\Nconnected vibrator that has a build-in
Dialogue: 0,0:35:04.33,0:35:18.87,Default,,0000,0000,0000,,camera and this camera is very very very\Nunsafe. Also this toy is really expensive,
Dialogue: 0,0:35:18.87,0:35:24.67,Default,,0000,0000,0000,,so you can't say "Eh, it's only the cheap\Nstuff that is so unsecure." Also the high-
Dialogue: 0,0:35:24.67,0:35:32.48,Default,,0000,0000,0000,,tech stuff can be really unsecure. I mean\Nthis vibrator costs 250 dollars so it's
Dialogue: 0,0:35:32.48,0:35:42.61,Default,,0000,0000,0000,,very expensive and it has a build-in web-\Nconnected endoscope and they found out
Dialogue: 0,0:35:42.61,0:35:55.64,Default,,0000,0000,0000,,that it's massively insecure. The password\Nof this... And if you forgot to change it
Dialogue: 0,0:35:55.64,0:36:01.74,Default,,0000,0000,0000,,it's a few more players than expected that\Nmight be watching your newest video about
Dialogue: 0,0:36:01.74,0:36:09.95,Default,,0000,0000,0000,,your private sex adventures. There was\Nanother example actually in this - sorry
Dialogue: 0,0:36:09.95,0:36:14.64,Default,,0000,0000,0000,,go back one more time to this example -\Nthere's a very funny video on it on
Dialogue: 0,0:36:14.64,0:36:20.49,Default,,0000,0000,0000,,youtube about it, maybe you wanna watch\Nit. I didn't bring it because I couldn't
Dialogue: 0,0:36:20.49,0:36:31.60,Default,,0000,0000,0000,,reach the makers of it. So I'm going to\Nthe next example which is about a case of
Dialogue: 0,0:36:31.60,0:36:39.04,Default,,0000,0000,0000,,sex toy company that actually admits to\Nrecording users remote sex sessions and it
Dialogue: 0,0:36:39.04,0:36:48.11,Default,,0000,0000,0000,,called it a "minor bug". It was this love\Nsensor remote app you can see the icon
Dialogue: 0,0:36:48.11,0:36:56.05,Default,,0000,0000,0000,,here and actually this is a vibrator and\Nan app and the vibrator controlling app
Dialogue: 0,0:36:56.05,0:37:03.08,Default,,0000,0000,0000,,was recording all the sex sounds, all the\Nsounds you're making when you're using
Dialogue: 0,0:37:03.08,0:37:09.61,Default,,0000,0000,0000,,this vibrator and stores them on the phone\Nwithout your knowledge. And the company
Dialogue: 0,0:37:09.61,0:37:15.60,Default,,0000,0000,0000,,says that no information or data was sent\Nto the servers so this audio file exists
Dialogue: 0,0:37:15.60,0:37:21.57,Default,,0000,0000,0000,,only temporarily and only your device. And\Nthey already had an update so actually
Dialogue: 0,0:37:21.57,0:37:28.28,Default,,0000,0000,0000,,this is not as funny as the other story\Nbut still it's an example of how unsecure
Dialogue: 0,0:37:28.28,0:37:38.45,Default,,0000,0000,0000,,sex stuff can be. So there are lot of lot\Nof more sex examples out there. One you
Dialogue: 0,0:37:38.45,0:37:45.78,Default,,0000,0000,0000,,should actually definitely search for\Nafter - please don't search for now, but
Dialogue: 0,0:37:45.78,0:37:55.25,Default,,0000,0000,0000,,after this talk. You could google or\Nduckduckgo or whatever you use the terms
Dialogue: 0,0:37:55.25,0:38:04.28,Default,,0000,0000,0000,,"blowjob injection". And please add\N"security" because otherwise you will land
Dialogue: 0,0:38:04.28,0:38:07.92,Default,,0000,0000,0000,,on other sites.\N{\i1}laughter{\i0}
Dialogue: 0,0:38:07.92,0:38:18.36,Default,,0000,0000,0000,,And this was a female security expert who\Nwas doing this research about a device
Dialogue: 0,0:38:18.36,0:38:24.76,Default,,0000,0000,0000,,which actually was supposed to your\Ngirlfriend could make you a special
Dialogue: 0,0:38:24.76,0:38:31.05,Default,,0000,0000,0000,,blowjob program, your special blowjob and\Nthis could be hacked so somebody else's
Dialogue: 0,0:38:31.05,0:38:39.12,Default,,0000,0000,0000,,blowjob might appear instead your own.\N{\i1}laughter{\i0}
Dialogue: 0,0:38:39.12,0:38:47.52,Default,,0000,0000,0000,,So there's also a story about a map of\Nbuttplugs in Berlin that are unsecure.
Dialogue: 0,0:38:47.52,0:38:56.46,Default,,0000,0000,0000,,Also if you're interested in that please\Nalso search for that story. Because it's
Dialogue: 0,0:38:56.46,0:39:01.45,Default,,0000,0000,0000,,funny to talk about this, but I also wanna\Ntalk little bit about things that we could
Dialogue: 0,0:39:01.45,0:39:08.89,Default,,0000,0000,0000,,actually do. And one of the projects in\Nthis part is actually doing something
Dialogue: 0,0:39:08.89,0:39:14.48,Default,,0000,0000,0000,,thats called the "internet of dongs\Nproject - hacking sex toys for security
Dialogue: 0,0:39:14.48,0:39:22.19,Default,,0000,0000,0000,,and privacy". And as you can see it's\Nsupported by PornHub, which in this case
Dialogue: 0,0:39:22.19,0:39:29.03,Default,,0000,0000,0000,,means that they get money from PornHub\Nthat they can buy sex toys for their
Dialogue: 0,0:39:29.03,0:39:41.68,Default,,0000,0000,0000,,research. So PornHub is sponsoring them.\NActually I did for talk to the guy who is
Dialogue: 0,0:39:41.68,0:39:49.51,Default,,0000,0000,0000,,behind this project. He's called\NRandomman. That's a render of him and this
Dialogue: 0,0:39:49.51,0:39:57.21,Default,,0000,0000,0000,,is the website by the way. So he told me\Nhe's currently - they're currently a team
Dialogue: 0,0:39:57.21,0:40:05.60,Default,,0000,0000,0000,,of about 15-20 people out there that are\Ndoing their security research in their own
Dialogue: 0,0:40:05.60,0:40:10.98,Default,,0000,0000,0000,,spare time. And they are not getting any\Nmoney for it and they also don't want to
Dialogue: 0,0:40:10.98,0:40:17.67,Default,,0000,0000,0000,,get any money but they are already looking\Nfor more security experts that wanna join
Dialogue: 0,0:40:17.67,0:40:24.44,Default,,0000,0000,0000,,the team and also they have also an\Nethical codex and stuff like that and
Dialogue: 0,0:40:24.44,0:40:32.18,Default,,0000,0000,0000,,actually one of the most important things\Nthat he was telling me is that he doesn't
Dialogue: 0,0:40:32.18,0:40:41.11,Default,,0000,0000,0000,,want that you should stay off connected\Nsex toys at all, but to find the security
Dialogue: 0,0:40:41.11,0:40:54.76,Default,,0000,0000,0000,,holes that we are all able to use them if\Nwe want without any fear. So yeah, you can
Dialogue: 0,0:40:54.76,0:41:02.71,Default,,0000,0000,0000,,get in contact with him if you're\Ninterested. Coming to a different section
Dialogue: 0,0:41:02.71,0:41:14.11,Default,,0000,0000,0000,,now. You can see I'm switching from\Nsecurity to security and privacy and now
Dialogue: 0,0:41:14.11,0:41:23.90,Default,,0000,0000,0000,,I'm landed on the privacy section. This is\NGoogle Home. And we all know that there is
Dialogue: 0,0:41:23.90,0:41:32.87,Default,,0000,0000,0000,,also Amazon Echo and digital assistants\Nare also smart IoT devices and this is why
Dialogue: 0,0:41:32.87,0:41:38.81,Default,,0000,0000,0000,,I wanna talk a very very short time about\Nthem because I'm sure a lot of people got
Dialogue: 0,0:41:38.81,0:41:46.29,Default,,0000,0000,0000,,those devices for Christmas. Actually\Nthere was a big increase of digital
Dialogue: 0,0:41:46.29,0:41:56.63,Default,,0000,0000,0000,,assistants in the last year int this\Nquarter 3 of 2016 there were only 900.000
Dialogue: 0,0:41:56.63,0:42:11.04,Default,,0000,0000,0000,,of such devices sold and in the quarter 3\N2017 we had more than 7.4 million of those
Dialogue: 0,0:42:11.04,0:42:17.18,Default,,0000,0000,0000,,devices sold. So there's a huge increase\Nand we don't even have the numbers of the
Dialogue: 0,0:42:17.18,0:42:29.11,Default,,0000,0000,0000,,Christmas time. Yeah you have seen it. so\Nwhy I wanna talk about it, because when
Dialogue: 0,0:42:29.11,0:42:36.51,Default,,0000,0000,0000,,you put this kind of stuff in your home it\Nmight be very comfortable at the beginning
Dialogue: 0,0:42:36.51,0:42:41.52,Default,,0000,0000,0000,,because you don't have to look up the\Nweather information you can - you don't
Dialogue: 0,0:42:41.52,0:42:47.25,Default,,0000,0000,0000,,have to read your emails you can make the\Ndevice read your own emails you can use
Dialogue: 0,0:42:47.25,0:42:55.88,Default,,0000,0000,0000,,them to program your list of what you're\Ngoing to buy and stuff like that but
Dialogue: 0,0:42:55.88,0:43:02.38,Default,,0000,0000,0000,,that's how they learn a lot about the\Nusers habits and their personalties and
Dialogue: 0,0:43:02.38,0:43:07.48,Default,,0000,0000,0000,,those devices will learn more and more\Ninformation about you and this information
Dialogue: 0,0:43:07.48,0:43:16.35,Default,,0000,0000,0000,,does not stay in your own home it actually\Nis going to send to the servers of amazon
Dialogue: 0,0:43:16.35,0:43:22.72,Default,,0000,0000,0000,,and google and I don't need to tell you\Nwhat amazon an google are doing with this
Dialogue: 0,0:43:22.72,0:43:31.17,Default,,0000,0000,0000,,data. current at least currently they are\Nonly collecting it but that's very
Dialogue: 0,0:43:31.17,0:43:39.76,Default,,0000,0000,0000,,valuable and they turn around and use it\Nor sell it in various ways to monetize
Dialogue: 0,0:43:39.76,0:43:48.76,Default,,0000,0000,0000,,that information in one of the future\Ndays. So all digital assistants send the
Dialogue: 0,0:43:48.76,0:43:54.44,Default,,0000,0000,0000,,voice controls that are made after "Ok,\NGoogle" or "Alexa" to their servers and
Dialogue: 0,0:43:54.44,0:44:00.85,Default,,0000,0000,0000,,the data will be saved there and it was\Nnot possible for me to find out for how
Dialogue: 0,0:44:00.85,0:44:07.46,Default,,0000,0000,0000,,long and at which servers. It's not in\Ntheir terms of conditions and I couldn't
Dialogue: 0,0:44:07.46,0:44:15.60,Default,,0000,0000,0000,,find it anywhere. So also the German data\Nprivacy delegate Andrea Voßhoff didn't
Dialogue: 0,0:44:15.60,0:44:21.58,Default,,0000,0000,0000,,find this information. She criticized that\N"It is not easy for users to understand
Dialogue: 0,0:44:21.58,0:44:28.34,Default,,0000,0000,0000,,how, to what extent and where the\Ninformation collected is processed. Also,
Dialogue: 0,0:44:28.34,0:44:37.30,Default,,0000,0000,0000,,it is not clear how long the data will be\Nstored." So if you still want those
Dialogue: 0,0:44:37.30,0:44:45.37,Default,,0000,0000,0000,,devices in your home now there are at\Nleast physical mute button with google
Dialogue: 0,0:44:45.37,0:44:52.15,Default,,0000,0000,0000,,home and amazon echo and you can also\Nchange the settings to control the data so
Dialogue: 0,0:44:52.15,0:45:00.40,Default,,0000,0000,0000,,all the data that is collected is regulary\Ndeleted from the servers but of course you
Dialogue: 0,0:45:00.40,0:45:08.49,Default,,0000,0000,0000,,never know in how may backups it's\Ncollected as well. So yes it's only
Dialogue: 0,0:45:08.49,0:45:22.48,Default,,0000,0000,0000,,recording after this voice control but\Nboth devices already got hacked and yeah I
Dialogue: 0,0:45:22.48,0:45:32.37,Default,,0000,0000,0000,,didn't amazon echo got hacked in 2016 and\Ngoogle mini got hacked in 2017 of course
Dialogue: 0,0:45:32.37,0:45:39.61,Default,,0000,0000,0000,,both problems got fixed and when I say got\Nhacked it means that the devices in your
Dialogue: 0,0:45:39.61,0:45:54.00,Default,,0000,0000,0000,,home were listening to the conversations\Nall the time. So I'm coming -
Dialogue: 0,0:45:54.00,0:46:01.11,Default,,0000,0000,0000,,unfortunately the funny examples are over.\NI'm coming to the part where I wanna speak
Dialogue: 0,0:46:01.11,0:46:09.96,Default,,0000,0000,0000,,about what we can do against the lack of\Nsecurity and lack of privacy with the
Dialogue: 0,0:46:09.96,0:46:18.56,Default,,0000,0000,0000,,internet of things. So we are currently\Nhaving the status quo where we are having an
Dialogue: 0,0:46:18.56,0:46:23.51,Default,,0000,0000,0000,,information asymmetry between the vendor\Nand the customer. Currently the
Dialogue: 0,0:46:23.51,0:46:29.10,Default,,0000,0000,0000,,manufacturers do not need to provide a\Nsample information but(?) how security of
Dialogue: 0,0:46:29.10,0:46:36.90,Default,,0000,0000,0000,,a device such as how long it will receive\Nsecurity updates. so when we buy a device
Dialogue: 0,0:46:36.90,0:46:52.15,Default,,0000,0000,0000,,we never know... oh is it going to be safe\Nor not. So what we need ... actually what
Dialogue: 0,0:46:52.15,0:47:00.30,Default,,0000,0000,0000,,we need. I did write a couple of things -\NI write down a couple of things here which
Dialogue: 0,0:47:00.30,0:47:10.41,Default,,0000,0000,0000,,are partly stolen by the green MEP Jan\NPhilipp Albrecht from his program because
Dialogue: 0,0:47:10.41,0:47:18.30,Default,,0000,0000,0000,,he's dealing a lot with that kind of\Nquestion what we can do with his work and
Dialogue: 0,0:47:18.30,0:47:27.59,Default,,0000,0000,0000,,I'm also - I also was stealing some of\Nthose suggestions from the Renderman from
Dialogue: 0,0:47:27.59,0:47:34.52,Default,,0000,0000,0000,,the Internet of Dongs project, he also had\Nsome helpful tips. And I also stole some
Dialogue: 0,0:47:34.52,0:47:40.00,Default,,0000,0000,0000,,of the information from security experts I\Ntalked in interviews all of the time
Dialogue: 0,0:47:40.00,0:47:45.08,Default,,0000,0000,0000,,because we never talk only about the bad\Nthings we always - we all want to get the
Dialogue: 0,0:47:45.08,0:47:52.69,Default,,0000,0000,0000,,internet of things safer at the end. So\Nsome of them suggested that we could need
Dialogue: 0,0:47:52.69,0:48:01.07,Default,,0000,0000,0000,,an security star rating system similar to\Nthe energy labeling. And when we talk
Dialogue: 0,0:48:01.07,0:48:13.13,Default,,0000,0000,0000,,about security star ratings that could\Nmean that we use a label. When a device
Dialogue: 0,0:48:13.13,0:48:19.55,Default,,0000,0000,0000,,gets security updates for free for the\Nnext five years it gets the A++ label, if
Dialogue: 0,0:48:19.55,0:48:24.90,Default,,0000,0000,0000,,it's no updates at all and it stays\Nunsecure it gets the baddest rating or
Dialogue: 0,0:48:24.90,0:48:32.33,Default,,0000,0000,0000,,such things. Actually vendors should also\Nbe forced to close security holes instead
Dialogue: 0,0:48:32.33,0:48:39.62,Default,,0000,0000,0000,,of ignoring them. And they should provide\Nthe security researchers with email
Dialogue: 0,0:48:39.62,0:48:45.85,Default,,0000,0000,0000,,addresses where we can easily report\Nsecurity flaws because sometimes the
Dialogue: 0,0:48:45.85,0:48:52.33,Default,,0000,0000,0000,,hardest part of the game is to actually\Nfind the right contact to send out the
Dialogue: 0,0:48:52.33,0:49:01.45,Default,,0000,0000,0000,,information about what is unsecure and\Nwhat's not. What we also need is a
Dialogue: 0,0:49:01.45,0:49:09.48,Default,,0000,0000,0000,,mandatory offline mode for electronical\Ndevices so this device at least has a
Dialogue: 0,0:49:09.48,0:49:19.71,Default,,0000,0000,0000,,button where you can turn it off. so it\Ndoesn't listen to you permanently. And we
Dialogue: 0,0:49:19.71,0:49:28.09,Default,,0000,0000,0000,,need that for all devices - all connected\Ndevices. Also an airbag and seatbelt for
Dialogue: 0,0:49:28.09,0:49:35.16,Default,,0000,0000,0000,,the digital age and we also have to talk\Nabout product liability and a clear update
Dialogue: 0,0:49:35.16,0:49:46.09,Default,,0000,0000,0000,,policy. so there are also good examples\Nthat we are having now. Actually all what
Dialogue: 0,0:49:46.09,0:49:54.92,Default,,0000,0000,0000,,I was talking about here is regulation.\NRegulation that is not existing at the
Dialogue: 0,0:49:54.92,0:50:05.08,Default,,0000,0000,0000,,moment. But there is some regulation that\Nis existing in the kind of data which is
Dialogue: 0,0:50:05.08,0:50:12.87,Default,,0000,0000,0000,,the GDPR the General Data Protection\NRegulation which is coming up in May 2018
Dialogue: 0,0:50:12.87,0:50:20.17,Default,,0000,0000,0000,,and it has included some really really\Nreally helpful things: privacy by design
Dialogue: 0,0:50:20.17,0:50:27.75,Default,,0000,0000,0000,,and privacy by default. And more\Npossibilities for law enforcement. And
Dialogue: 0,0:50:27.75,0:50:36.09,Default,,0000,0000,0000,,this is very very important because it\Ndoesn't say that because we are going to
Dialogue: 0,0:50:36.09,0:50:43.33,Default,,0000,0000,0000,,have a regulation about privacy by design\Nand privacy by default this is really done
Dialogue: 0,0:50:43.33,0:50:47.80,Default,,0000,0000,0000,,by the vendors. Actually when is was\Ninterviewing some of them they already
Dialogue: 0,0:50:47.80,0:50:55.27,Default,,0000,0000,0000,,told me that it's not their plan to\Nintegrate that in their products they are
Dialogue: 0,0:50:55.27,0:51:03.82,Default,,0000,0000,0000,,going to wait until they are sued. They\Nsay "Oh, we don't need it. why should we
Dialogue: 0,0:51:03.82,0:51:16.09,Default,,0000,0000,0000,,do it worked now - nope." So that's why\Nthe law enforcement comes into place and
Dialogue: 0,0:51:16.09,0:51:21.43,Default,,0000,0000,0000,,maybe some of you know Max Schrems, he's\Nalso speaking here in two days about
Dialogue: 0,0:51:21.43,0:51:28.49,Default,,0000,0000,0000,,something else though and he a data\Nprotection activist. And he says that
Dialogue: 0,0:51:28.49,0:51:33.78,Default,,0000,0000,0000,,everything that goes will be done in this\Nphase we are now, but if vendors won't
Dialogue: 0,0:51:33.78,0:51:44.60,Default,,0000,0000,0000,,observe the law we have to remind them to\Ndo it. So this is how he looks like and he
Dialogue: 0,0:51:44.60,0:51:51.77,Default,,0000,0000,0000,,says that with this new regulation we can,\Nas a customer, ask for compensation when
Dialogue: 0,0:51:51.77,0:51:57.79,Default,,0000,0000,0000,,data breaches occur. We couldn't do that\Nso easily now but with this new regulation
Dialogue: 0,0:51:57.79,0:52:05.16,Default,,0000,0000,0000,,it will get a lot of easier. And if 4\Nbillion people sue a company and ask for
Dialogue: 0,0:52:05.16,0:52:16.16,Default,,0000,0000,0000,,compensation that could be a bit expensive\Nat the end. So if you are not able to sue
Dialogue: 0,0:52:16.16,0:52:24.59,Default,,0000,0000,0000,,anybody yourself, which is not cheap so\Nnobody - not everybody will secure
Dialogue: 0,0:52:24.59,0:52:32.14,Default,,0000,0000,0000,,companies you can support organizations\Nthat help you with that like the new
Dialogue: 0,0:52:32.14,0:52:39.15,Default,,0000,0000,0000,,organization from Max Schrems called "None\Nof Your Business" maybe you have seen this
Dialogue: 0,0:52:39.15,0:52:45.98,Default,,0000,0000,0000,,already, I'm not saying that you should\Nsupport especially (???) this
Dialogue: 0,0:52:45.98,0:52:52.02,Default,,0000,0000,0000,,organization but his plan is to actually\Ndo that stuff I explained earlier: sue
Dialogue: 0,0:52:52.02,0:52:59.27,Default,,0000,0000,0000,,companies that are not abiding to the law.\NSo if you wanna visit the website they
Dialogue: 0,0:52:59.27,0:53:13.35,Default,,0000,0000,0000,,currently collecting money. What else can\Nconsumers do? That are no easy tips but we
Dialogue: 0,0:53:13.35,0:53:20.28,Default,,0000,0000,0000,,can't do much except a few easy things.\NDoes this product really need an internet
Dialogue: 0,0:53:20.28,0:53:28.00,Default,,0000,0000,0000,,connection? Is it possible to turn it off?\NIs it still working after that? What do we
Dialogue: 0,0:53:28.00,0:53:36.59,Default,,0000,0000,0000,,find about it on the internet? Can we\Nreach the vendor? Does the vendor reply
Dialogue: 0,0:53:36.59,0:53:45.03,Default,,0000,0000,0000,,when I have a question? Do we get more\Ninformation? Sometimes also clicktivism
Dialogue: 0,0:53:45.03,0:53:53.18,Default,,0000,0000,0000,,helps to stop vendors making stupid\Ndecisions. Here is another example from
Dialogue: 0,0:53:53.18,0:54:00.01,Default,,0000,0000,0000,,the vacuum robot cleaning machine Roomba\Nwho wanted to sell the data that is
Dialogue: 0,0:54:00.01,0:54:08.35,Default,,0000,0000,0000,,collected from the home from the vacuum\Ncleaner and actually there was a huge huge
Dialogue: 0,0:54:08.35,0:54:14.08,Default,,0000,0000,0000,,huge shitstorm after he was announcing\Nthat - the CEO that was announcing that.
Dialogue: 0,0:54:14.08,0:54:20.27,Default,,0000,0000,0000,,And after the shitstrorm the CEO said "Ok,\Nno nono. We're not collecting. We're not
Dialogue: 0,0:54:20.27,0:54:28.49,Default,,0000,0000,0000,,selling your data. No no." So sometimes\Nthis helps as well and of course follow
Dialogue: 0,0:54:28.49,0:54:35.94,Default,,0000,0000,0000,,the basics in IT-security please update\Neverything that has updates, separate
Dialogue: 0,0:54:35.94,0:54:45.27,Default,,0000,0000,0000,,networks from IoT products and use safe\Npasswords, support open hardware, open
Dialogue: 0,0:54:45.27,0:54:50.89,Default,,0000,0000,0000,,software, products where the data is\Nstored locally is always better than in
Dialogue: 0,0:54:50.89,0:54:58.05,Default,,0000,0000,0000,,the cloud and if you're tech savvy enough\Nstart - which I think you are here - start
Dialogue: 0,0:54:58.05,0:55:09.11,Default,,0000,0000,0000,,building your own tools. Because you have\Nthe control. And what can developers do?
Dialogue: 0,0:55:09.11,0:55:14.71,Default,,0000,0000,0000,,Support privacy by design, security by\Ndesign, think about it from the beginning
Dialogue: 0,0:55:14.71,0:55:22.15,Default,,0000,0000,0000,,because you can change it and take\Nresponsibility. And IT security can also
Dialogue: 0,0:55:22.15,0:55:30.01,Default,,0000,0000,0000,,do some stuff or continue to do some\Nstuff. Point the vendor to the problems,
Dialogue: 0,0:55:30.01,0:55:36.24,Default,,0000,0000,0000,,make helping IT security stronger, keep\Nreporting the flaws, publish your
Dialogue: 0,0:55:36.24,0:55:43.27,Default,,0000,0000,0000,,research, help develop standards, labels\Nand seat belts and support each others
Dialogue: 0,0:55:43.27,0:55:52.10,Default,,0000,0000,0000,,work to a stronger voice about this. So\NI'm coming to the end of my talk now and
Dialogue: 0,0:55:52.10,0:55:57.92,Default,,0000,0000,0000,,to the topic back to the internet of\Nfails: How many must be killed in the
Dialogue: 0,0:55:57.92,0:56:04.73,Default,,0000,0000,0000,,Internet of Deadly Things train wrecks?\NThis is actually an article I was reading
Dialogue: 0,0:56:04.73,0:56:12.75,Default,,0000,0000,0000,,with a huge interest myself because it was\Nstarting to deal with making comparisons
Dialogue: 0,0:56:12.75,0:56:17.55,Default,,0000,0000,0000,,to the great age of railway construction\Nthat was likewise riddled with decades of
Dialogue: 0,0:56:17.55,0:56:25.82,Default,,0000,0000,0000,,disasters before the introduction of\Neffective signaling and failsafe breaks.
Dialogue: 0,0:56:25.82,0:56:30.14,Default,,0000,0000,0000,,And it was also comparisoned with the\Nautomotive industry where the mandatory
Dialogue: 0,0:56:30.14,0:56:36.65,Default,,0000,0000,0000,,fitting of seatbelts designing the bodies\Nof cars to reduce injury to pedestrians,
Dialogue: 0,0:56:36.65,0:56:42.33,Default,,0000,0000,0000,,airbag and measures to reduce air\Npollution were not introduced not early
Dialogue: 0,0:56:42.33,0:56:51.37,Default,,0000,0000,0000,,enough. So this guy was asked: Do we\Nreally need to kill a few people first?
Dialogue: 0,0:56:51.37,0:56:58.40,Default,,0000,0000,0000,,And he said: Unfortunately that will happen.\NSo he says: Safety and security standards
Dialogue: 0,0:56:58.40,0:57:06.35,Default,,0000,0000,0000,,for the internet of things can't come soon\Nenough. I agree with that. With that we
Dialogue: 0,0:57:06.35,0:57:15.96,Default,,0000,0000,0000,,need standards really soon. So I am at the\Nend of my talk and if we have some time
Dialogue: 0,0:57:15.96,0:57:22.21,Default,,0000,0000,0000,,left I'm waiting for your questions,\Nideas, and input now. Otherwise I will
Dialogue: 0,0:57:22.21,0:57:25.37,Default,,0000,0000,0000,,thank you very much for your attention.
Dialogue: 0,0:57:25.37,0:57:28.37,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:57:28.37,0:57:33.89,Default,,0000,0000,0000,,Herald: Thank you Barbara. A very warm\Napplause.
Dialogue: 0,0:57:33.89,0:57:37.63,Default,,0000,0000,0000,,So a small information: If you want to\Nexit the room please exit the room to your
Dialogue: 0,0:57:37.63,0:57:47.77,Default,,0000,0000,0000,,left over there. So, questions?\NI see one question from the Signal Angel.
Dialogue: 0,0:57:47.77,0:57:54.04,Default,,0000,0000,0000,,Q: Hello, ok. The internet wants to know,\Nwell those companies don't have any IoT
Dialogue: 0,0:57:54.04,0:58:03.37,Default,,0000,0000,0000,,security whatsoever or basically none, so\Nwhat can we do to make them have more?
Dialogue: 0,0:58:03.37,0:58:07.71,Default,,0000,0000,0000,,B: What we as who, as consumers?\NQ: Yeah, basically.
Dialogue: 0,0:58:07.71,0:58:15.22,Default,,0000,0000,0000,,B: Yeah, actually I would - what I said\Nwas I would write them and ask for
Dialogue: 0,0:58:15.22,0:58:25.72,Default,,0000,0000,0000,,standards. I would - I think it can be the\Nfirst step that we can write emails or
Dialogue: 0,0:58:25.72,0:58:32.85,Default,,0000,0000,0000,,call them and say "Well, what kind of\Nsecurity is build in this device, can you
Dialogue: 0,0:58:32.85,0:58:40.14,Default,,0000,0000,0000,,tell me? Otherwise I won't buy your\Nproduct."
Dialogue: 0,0:58:40.14,0:58:50.27,Default,,0000,0000,0000,,Herald: Thank you. Any other question? Ok,\Nin this case again: Thank you Barbara for
Dialogue: 0,0:58:50.27,0:58:53.25,Default,,0000,0000,0000,,your nice talk.\N{\i1}applause{\i0}
Dialogue: 0,0:58:53.25,0:58:59.77,Default,,0000,0000,0000,,A very warm round of applause. Thanks.
Dialogue: 0,0:58:59.77,0:59:05.29,Default,,0000,0000,0000,,{\i1}34c3 outro{\i0}
Dialogue: 0,0:59:05.29,0:59:20.74,Default,,0000,0000,0000,,subtitles created by c3subtitles.de\Nin the year 2018. Join, and help us!