Unlock the Secrets of Hyperconnectivity: Discover the Risks and Benefits of Smart and Connected Technology

Brett Jordan: We live in a modern, hyper- connected world where everything is becoming smart and connected. Curious about what lies ahead and how this will impact your daily life? I'm Brett Jordan and this is Smarter Everything, a podcast on the future of connectivity, powered by Afero. In part two of our first episode, once again, I'll be talking with Joe Britt, founder and CEO of Afero, and Dr. Hugh Thompson, a leader in cybersecurity globally. We'll be talking about the things that consumers need to be mindful of, and how that is going to impact our daily lives. Here's our conversation.

Hugh Thomson: I am Hugh Thompson, managing partner at Crosspoint Capital.

Joe Britt: I'm Joe Britt, one of the co- founders and the CEO of Afero.

Brett Jordan: Joe and Hugh, we live in these really crazy and fun and exciting times. So much is happening. Today, I would like to talk a little bit about smart and connected things. I know we've talked a lot in the past, especially with you, Hugh, on cybersecurity and cyber warfare and those trends, and I believe that some of that is going to be applicable here, especially as we look at this smart and connected, hyper- connected world as it transitions from the consumer space into the enterprise space, and then probably into the metro and then into the critical infrastructure. How do consumers understand this? How do they find products that can have these guarantees of security? I hear a lot, people will say, " Well, I'm nobody. No one's ever going to attack me. Nobody knows me. Why would they ever attack me?" And then they just go and they buy whatever they can at the cheapest price possible, and then they deploy it in their home, and they think they're fine because somewhere they said, " Well, our device is secure."

Joe Britt: Yeah, the big challenge is how to distill a complex risk down into a form that an average consumer can consume, and understand. And it's a hard thing to do. It's the Wild West. How do you know that something is secure? And one of the approaches that we've taken is to use third party labs to take our stuff apart. Who's policing the police? Well, we can't just verify ourselves and say it's good and self- certify security. We think it's really, really important to have others take apart what we've built, experts in the field take apart what we've built and opine on how secure it is. I was just reading another article about robot vacuum cleaners, one of the most popular brands of robot vacuum cleaners. The more modern ones have cameras on them, which they use for navigation in the house. Totally reasonable application, but there's a pretty high bar from a security expectation of the consumer that it's going to be safe to have that thing roaming around the house and looking at everything. The reason I bring this up is because this particular article was about a bunch of photos that had somehow found their way off of one of these vacuum cleaners and onto a website, and they were of some very unsuspecting consumer in their bathroom as the vacuum was cleaning it. I think this is one of the biggest challenges, especially until we have some broadly accepted standard way of communicating to consumers what their expectation should be around security and privacy for all of these products.

Hugh Thomson: Joe, I like how you phrase that. It's, what should your expectation be? And today, I guess fortunately for many people, they couldn't even imagine what does it mean to have a hacked light bulb, or what does it mean to have any kind of device that's out there? They've never experienced anything like that firsthand, and usually they've never experienced a security related personal problem. I think that's changing now with ransomware, consumer ransomware, where at least you're probably two degrees of separation at max from someone that has had all of their photos, for example, encrypted on their laptop, and now they can't access them, and somebody's asking for payment to get it back. It's becoming more real, because even if it hasn't happened to you, you know somebody that it's happened to. But many people can't conceptualize, what would it mean, or should I even care if my light bulb was hacked? Those two things don't make any sense together until you show folks, " Well, actually act light bulb is a gateway into the rest of the things that you have in your home, and those things may have microphones, those things may have sensory capabilities." Or the fact that, if you can get into a device that doesn't have any sensory capabilities, but it is kinetic, it might be possible for you to combine attacks. I've seen some fascinate proof of concept, combinatorial attacks against a home, where at the same time they're manipulating the HVAC system, so they're making it much hotter than usual in the home and then they're taking something else that has a heating element and actually getting to a combustion event because they're combining things. The physical governor of the thing that had the heating element typically wouldn't allow it to combust, but if you make its environment 105 degrees, which is not common inside of a home, then you can get fascinating things to happen. The average person, this is a story that's in a movie, or maybe they haven't even seen it in a movie, and I think it's incumbent on those of us that have seen it, or have done proof of concepts in those kinds of areas to make them accessible, to allow the average person as well as a regulator to understand that these things provide great utility, but they also come with a set of risks. And here, let us make those rests real and visual for you so at least you can understand the balance between the two.

Joe Britt: Boy, that's a great use case. I mean, just what you said is a nightmare, and as you were explaining it, I was thinking, " Gosh, what if that happened?" You had a fully smart apartment and somebody did what you just described and started a fire, and then they also locked all the smart locks so you couldn't get out, and you're in a high- rise apartment, so you can't get out of a window either. Just incredible nightmare scenarios that come from these combinations of devices, and so strongly illustrates why it's important that the consumer's trust not be violated. They have to be secure.

Brett Jordan: My neighbor, she's a social media influencer, has quite a few connected products from various companies, none of the hub space stuff, but some other stuff. And she had some cameras in her baby's room that she had them on there so she could watch her baby, go in and check on them, because once you're a parent, you never wake a sleeping baby, and opening the door might constitute waking the baby. And so it's really convenient to have a camera that you can just turn on real quick and say, " Okay, they're still good. They're not wrapped up in their blanket," or something like that. But this two- year- old son started complaining about going to sleep every night, that there was a boogeyman in the closet, and they talked with their pediatrician about it and they said, " Well it's night terrors and thing like this. This is perfectly normal. It's just a phase. Most kids go through this and it'll subside in a couple months." Months, and months, and months, and months go by, and there's still this issue. And now the child won't want to go to bed, doesn't want to be in the room ever alone. And then come to find out someone had compromised, a man had compromised the camera, and had been watching and talking to their child all night long. And it's things like this that just curdle your blood. And we're in this technology space, and we're in this security space, and we need to figure out a way to help these things be more secure, and then also help customers and the consumers be able to have some level of confidence that if they buy something, they're not going to be in that situation. Because as a parent, that's just traumatic.

Hugh Thomson: As I mentioned, we've got five kids, you can imagine we've gone through many, many different types of baby monitors over the years, and having seen some very challenging things with some early internet connected devices, we opted almost always to go with an RF kind of a monitor. And what was quite fascinating happened to us two different times, I want to say maybe five years apart. It wasn't as scary as a scenario that you're talking about, which is just terrifying, but it was just a collision on the frequency, and what would happen in the middle of the night, and I didn't realize it for weeks and weeks into it happening, in my son's room, he would have the scenario you're talking about, somebody's to him through the camera. And it wasn't, again, purposeful or intentful, it was just a collision on a frequency, and he would wake up and he would tell us the strangest things like, " Hey, who's talking to me? Is the person here again tonight?" The things that you just had no concept, because that wasn't something that naturally would cross your mind. But it was incredibly troubling. There wasn't a conscious malicious act, but yet it had impact. And I think that's the other fascinating thing about connected devices, amazing potential upside, incredible, but on the downside, it may not even be somebody intentfully going after you as an individual, or even having any ill intent. It could just be the fact that there's something accidental that causes a behavior that you never wanted, you never expected. And I would say, Brett, to your point earlier, and I've heard that argument so many times that, " Geez, who's going to go after me? They got a lot of other people to go after. I'm pretty low down the list. Why should I worry about this stuff?" I don't think many people realize how automated, and systematized these attacker groups have become. It's incredible, the economies of scale that they have. It's almost like they operate their cyber crime enterprise just like a company. They've got a marketing department, they've got an IT department, which is looking for the problems, and then they've got the folks that are experts at communication putting just the right things in the emails or the messages. And the scale is so profound that they can cast in net very, very wide. And it really isn't a matter of, are you an interesting person or not? You just happen to have some vulnerability, either in a device, or a computer, or an application that you were using, and you got caught up as part of a widespread, " Let me just throw the net wide and see who I can get." And that's a concept that I don't think a lot of folks have internalized, it's just the scale of some of these.

Joe Britt: You reminded me of the classic Mirai botnet attack in telling that story. This was where millions of cameras were hacked and misused, because in their manufacturing process, not only was no thought given to security, but no thought was even given to the hazards of all of those cameras having the same administrator name and password. And this was not unique to one manufacturer, by the way. I mean, many, many different brands of cameras had this vulnerability, and it became this sleeping army that was marshaled by one group with one program. And that is an enormous hazard for all of this stuff. If forethought into security is not put in just for the safety of the user at home, it expands out geometrically across the entire population of devices when they're all harnessed together and used for bad purposes. Super scary stuff.

Hugh Thomson: I agree. And just to hit on something you alluded to at the very beginning of this, when it comes to having the connected devices, you do have this utility risk trade- off, and it's good to, especially for those of us that live on and think about the security side all the time, think about the utility part too, and how much that really has changed our lives in a positive way that you don't often get a chance to sit back and reflect on. For children, for example, the kind of technology that they have now that can go in the crib, can monitor the baby and how are they sleeping? Are they in the right position? People are obviously terrified about certain things, especially in the first few months of life. The kinds of technology that they have now to allow you to monitor that child, to care for them in a more fulsome way is incredible. And I think about, we sit at this precipice that so many areas of our lives, so many areas of humanity could just markedly improve if we had a trust of the devices, and also those devices were put to good use at scale. It's profound and super exciting.

Brett Jordan: I mean, just really, really interesting stuff. Obviously, this has been a little bit of a darker scarier topic, but I think it's important for consumers to be able to understand, what do these products mean, and what does it mean for them in their lives and for their home, and what kind of things do they need to be at least mindful of or be able to ask the right questions? In a future podcast episode, we'll have Waylon Grange come and talk, he's former agency, he worked at Symantec and did a lot of the investigation on the original Dragonfly attack. And so we'll go into that in a future topic, like the Mariah botnet that Joe was talking about.

Joe Britt: Yeah, it's interesting, this conversation. We definitely went down some of the darker paths, but I think it's important, like you were talking about, to get the full perspective. Ultimately, all of these things are just tools, and humans are fundamentally tool makers. And any tool, any technology can be used for good or for evil. And we didn't spend that much time talking about all the good that comes from these things, but, my gosh, man, that's why people buy them and put them in their house, because it's something that enables their kids, or visitors to the house, or if they have an Airbnb monitoring and remotely controlling things like the door lock on the building. These are incredible sources of convenience for people, and they're time savers, and they're enablers. There are many people who have some disability that are able to have command and control over their home that they wouldn't have any other way just because they can talk to the house and have it respond. So I think it is important to always keep in mind that any technology can be used for good or evil, and it's up to the creators, the developers, and the deployers of that technology to keep that in mind, and make sure that they're taking the best measures possible to protect the users from unintended applications of this stuff.

Brett Jordan: That's exactly where I was wanting to go next, what are the really cool things that people want to do? What is this technology going to look like in the next 12 months? How is this going to make our lives better? I know, to your examples, I have some friends, they have a cabin, and they use these smart and connected devices to monitor their cabin when they're away. Not so much because a burglar's going to come in, but there might be a raccoon, or a small bear, or there might be a water leak and they don't want to wait six months and then go up there and have this massive cleanup to do. And so I think there's a lot of really great things that this technology is going to offer, and I think honestly it's going to make our lives better, but I think it's a balance. We need to help everybody understand what is the risk, but then also what is the really cool things. And so maybe each one of you could talk a little bit about what you see as the really good things about all this technology, and where do you think it's going to go over the next 12 months?

Hugh Thomson: In many of these cases, I can speak for myself, I don't even really understand how profoundly positive the benefit can be until I've actually tried it. And then there's some things that I've just become very, very dependent on because they've given me either joy and delight, or frankly, comfort, safety comfort. The fact that, as you say, that I can check on the house, that I can check that the doors are locked, that I can check on my kids, massive improvement, not just for the safety of them, but for my willingness to give them, when they're very young, additional room to run, and explore, and be creative. And it's amazing how, if you have the feeling of safety, the feeling of security, which I get through some of the security technologies that we have in the house, it can be very liberating. And that's the stuff that I personally am most excited about. As you can tell, I'm very, very child- focused, just given the volume of them. And in the next 12 months, geez, that sounds like a pretty short period of time, but at the pace that things are going, who knows how much more connected, and what even a measure of connectivity of somebody's personal life really looks like? But that'll continue to increase. As we all sit here right now and have this discussion, it's coming up on holidays, there are lots of gift- giving and exchanges, and I bet if you went through each of those items, the number of them that either need to be connected, could be connected, it's possible for them to be connected, as a percentage, is amazing. And you fast- forward and go a year from now, that curve is going to continue to go exponential. And I think it's just going to be a discovery process of which of those things really should be connected. Are they bringing true joy, utility, safety, betterment to your family, to your community, to society? But it's a very cool feeling out period, I would say, for the family and for society around how connected can we be and how connected should we be.

Joe Britt: I have a couple of thoughts. One, I think over the next 12 months... I do believe we're at the beginning of this exponential growth of this space, just looking at the number of products that are available, and the number of manufacturers that are adopting these technologies. And so, one of the things that is really exciting for me is all the good that can come from this, people being able to do things they were never able to do before. And the form of doing things they've never been able to do before, there's multiple forms. There's things that he was talking about like, " Did I lock the door? Did I turn off the oven?" Everybody has had these feelings, so being able to just, at a glance, or with a word, cause those concerns to go away... If you think collectively of hundreds of millions of people losing that level of worry alone, the noise floor goes down in your brain. But then I also think about the convenience factor. Your kid comes home, and he's locked out, and there's not a key outside, how does he get in? Well, if I can unlock the door from my phone, that's tremendously powerful and gives me a lot of peace of mind. But then there's also peace of mind for unwelcome surprises. And Hugh, you were talking earlier about a way to attack using a heater and some other device in the house, raise the ambient temperature, and it reminded me of a true story. Another friend of mine who also has a cabin, it's in Tahoe, and this was 15 years ago, 20 years ago. No connected devices at all, no connected thermostat, and something went wrong with the thermostat. So even non- smart devices have problems. They're not perfect. And the furnace turned on and had been running for weeks, and weeks, and weeks, and weeks, and weeks, just full blast, because the thermostat was calling for heat, it was broken. And the guy goes up there, and not only is it really hot and did it waste a lot of energy, candles are melted, all kinds of damage happened just because the temperature did get high enough. It wasn't high enough to ignite anything, but it was high enough to make stuff melt, which is mind- blowing. And so if you think then about, I have connected thermostats, and they've warned me before, " Hey, your house is either not heating or not cooling the way I expect it to. You might want to check and see if there's something wrong with the HVAC system." So I think that this kind of situational awareness that we already enjoy in things like social media apps on the smartphone, these are programs that pull our relationships together with other people, what we're really talking about is pulling relationships together between us and things. And the more that we have come to understand and appreciate the direct value that comes, especially from peace of mind as well as command and control, with the way that we interact with our friends and family, it's very natural that this just expands out to a desire to have that kind of reach and awareness across everything around us, I think.

Brett Jordan: I think those are really great examples, and I think there's so much potential here. And I agree, Joe, I think we're right on the edge of this exponential growth, and this reliance on all of these smart and connected things, and the things that people will be able to do. And I even think of myself. A few years ago, my mom passed away from a bad stage of cancer, and she had some fall hazards and stuff like this, because the cancer in the brain, it messes you up. And it would be so nice now to be able to put up a few devices in the house so if she doesn't answer her phone, you can check and see, has she fallen down somewhere? Is she okay? And then when they have two- way talking, be like, " Mom, are you okay?" There's some peace of mind that can come from this, especially when you can't be on- premise all of the time. And whether you're just checking on your dog, or your cats, I will admit I have a camera that watches the cat's food because sometimes they knock it over. And if we're gone away for the weekend, then I need to ask the neighbor to come over, and fix the cat's food. And once again, I can just unlock the door from my phone, and let them in and they can go down and fix the cat's food, and then off they go. And so I think there's so much potential for this space, and there's going to be so much good. And I think that's the overall message that we want to give, is that this is a really exciting time for this hyper- connected world that we live in, and there's going to be so many good things that come out of it. You do need to be mindful of the security and the risk, and hopefully you partner with vendors and products that can actually maintain their security. Well, thank you both. Today we've been talking with Dr. Hugh Thompson and Joe Brit, two of the leaders in this space. Hugh is a mathematician, been leading the cybersecurity, cyber warfare space around the world for decades, Joe has been leading innovative technologies, everything from Apple to Web TV, to Danger, who made the original sidekick phone for T- Mobile, to Afero now. It's been really great to speak with both of you. Thank you for your time and thank you for coming today.

Hugh Thomson: Brett, thanks so much. Great to see you both.

Brett Jordan: Thank you so much for joining us today for this episode of Smarter Everything. We really love feedback, so please consider taking a moment to send us a comment or a rating on Apple Podcasts. And if you have time, and you liked this episode, please consider subscribing. We'll see you next time for Smarter Everything.