The UK to mandate security standards for home network routers and smart devices

Articles UK Flag

UK mulls security warnings for smart home devices | Engadget

New UK Laws to Make Broadband Routers and IoT Kit More Secure | ISP Review

From the horse’s mouth

UK Government – Department of Digital, Culture, Media and Sport

Plans announced to introduce new laws for internet connected devices (Press Release}

My Comments

A common issue that is being continually raised through the IT security circles is the lack of security associated with network-infrastructure devices and dedicated-function devices. This is more so with devices that are targeted at households or small businesses.

Typical issues include use of simple default user credentials which are rarely changed by the end-user once the device is commissioned and the ability to slip malware on to this class of device. This led to situations like the Mirai botnet used for distributed denial-of-service attacks along with a recent Russia-sponsored malware attack involving home-network routers.

Various government bodies aren’t letting industry handle this issue themselves and are using secondary legislation or mandated standards to enforce the availability of devices that are “secure by design”. This is in addition to technology standards bodies like Z-Wave who stand behind logo-driven standards using their clout to enforce a secure-by-design approach.

Netgear DG834G ADSL2 wireless router

Home-network routers will soon be required to have a cybersecurity-compliance label to be sold in the UK

The German federal government took a step towards having home-network routers “secure by design”. This is by having the BSI who are the country’s federal office for information security determine the TR-03148 secure-design standard for this class of device.  This addresses minimum standards for Wi-Fi network segments, the device management account and user experience, along with software quality control for the device’s firmware.

Similarly, the European Union have started on the legal framework for a “secure-by-design” certification approach, perhaps with what the press describe as an analogy to the “traffic-light” labelling on food and drink packaging to indicate nutritional value. It is based on their GDPR data-security and user-privacy efforts and both the German and European efforts are underscoring the European concern about data security and user privacy thanks to the existence of police states within Europe through the 20th century.

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

… as will smart-home devices like the Amazon Echo

But the UK government have taken their own steps towards mandating home-network devices be designed for security. It will use their consumer-protection and trading-standards laws to have a security-rating label on these devices, with a long-term view of making these labels mandatory. It is in a similar vein to various product-labelling requirements for other consumer goods to denote factors like energy or water consumption or functionality abilities.

Here, the device will be have requirements like proper credential management for user and management credentials; proper software quality and integrity control including update and end-of-support policies; simplified setup and maintenance procedures; and the ability to remove personal data from the device or reset it to a known state such as when the customer relinquishes the device.

Other countries may use their trading-standards laws in this same vein to enforce a secure-by-design approach for dedicated-function devices sold to consumers and small businesses. It may also be part of various data-security and user-privacy remits that various jurisdictions will be pursuing.

The emphasis on having proper software quality and integrity requirements as part of a secure-by-design approach for modem routers, smart TVs and “smart-home” devices is something I value. This is due to the fact that a bug in the device’s firmware could make it vulnerable to a security exploit. As well, it will also encourage the ability to have these devices work with highly-optimised firmware and implement newer requirements effectively.

At least more countries are taking a step towards proper cybersecurity requirements for devices sold to households and small businesses by using labels and trading-standards requirements for this purpose.

Send to Kindle

20 Years of Wi-Fi wireless

From the horse’s mouth

Wi-Fi Alliance Wi-Fi Alliance 20th anniversary logo courtesy of Wi-Fi Alliance

20 Years of Wi-Fi (Press Release)

My Comments

“Hey, what’s the Wi-Fi password here?”. This is a very common question around the home as guests want to come on to your home network during their long-term visit to your home. Or one asks the barista or waiter at the cafe “Do you have Wi-Fi here?” with a view to some free Internet use in mind.

“What’s the Wi-Fi password?”

It is brought about by Wi-Fi wireless-network technology that has become a major lifestyle changer over the last 20 years. This has been propelled in the early 2000s with Intel advancing their Centrino Wi-Fi network-interface chipset which put forward the idea of highly-portable computing.

Dell XPS 13 9380 lifestyle press picture courtesy of Dell Corporation

The laptop like this Dell XPS 13 – part of the Wi-Fi lifestyle

The laptop computer, mobile-platform tablet and smartphone benefited from Wi-Fi due to their inherently-portable nature. This effectively allowed for “anywhere anytime” online work and play lifestyle including using that iPad or smartphone as a second screen while watching TV. Let’s not forget the use of Internet radios, network-based multiroom audio setups and those smart speakers answering you when you speak to them.

“Do you have free Wi-Fi here?”

Over the years there has been incremental improvements in bandwidth, security and quality-of-service for Wi-Fi networks both in the home and the office. Just lately, we are seeing home networks equipped with distributed Wi-Fi setups where there are multiple access-point devices working with a wired or wireless backhaul. This is to assure full coverage of our homes with Wi-Fi wireless signals, especially as we face different floorplans and building-material types that may not assure this kind of coverage.

But from this year onwards, the new Wi-Fi network will be based on WI-Fi 6 (802.11ax) technology and implement WPA3-grade security. There will also be the idea of opening up the 6GHz wavebands around the world to Wi-Fi wireless-network traffic, along with having support for Internet-of-Things applications.

Telstra Gateway Frontier modem router press picture courtesy of Telstra

The Wi-Fi router – part of every household

The public-access Wi-Fi networks will be more about simple but secure login and usage experiences thanks to Wi-Fi Passpoint. This will include simplified roaming between multiple Wi-Fi public-access hotspot networks, whether this is based on business relationships or not. It will also lead to telcos using Wi-Fi networks as a method to facilitate complementary coverage for their mobile-broadband networks whether they use current technology or the new 5G technology.

What needs to happen for Wi-Fi is to see work take place regarding high-efficiency chipsets for Internet-of-Things applications where such devices will be required to run on a small number of commodity batteries for a long time. One requirement I would like to see for public-access Wi-Fi is the ability to create user-defined “secure device clusters” that allow devices in that cluster to discover each other across the same public-access network but other devices outside of the cluster can’t discover them.

So happy 20th Anniversary to the network technology that has effectively changed our online lifestyle – the Wi-Fi wireless network.

Send to Kindle

Dell issues a security advisory regarding its SupportAssist software

Article

Dell XPS 13 2-in-1 Ultrabook at Rydges Melbourne

Check that the SupportAssist software on your Dell computer like this XPS 13 2-in-1 is up-to-date to keep a secure computing environment

Dell Computers Exposed to RCE Attacks by SupportAssist Flaws | BleepingComputer

From the horse’s mouth

Dell

DSA-2019-051: Dell SupportAssist Client Multiple Vulnerabilities (Support Notice)

Official Resources

Dell software download site

https://downloads.dell.com/serviceability/Catalog/SupportAssistInstaller.exe (Official software installer)

My Comments

A version of Dell’s SupportAssist computer-maintenance software that is currently installed on most recent-issue Dell desktop and laptop computers, including some of the Dell laptops reviewed on this site, has been found to have a bug that is a security issue. This bug will affect versions of this software prior to 3.2.0.90 .

Here, the bug exposes the SupportAssist software to a vulnerability that allows malicious code to be executed remotely. At the moment, it appears to happen on the same logical network, which can be a vulnerability for users using public-access networks that aren’t properly configured for client isolation.

It was discovered by a teenage software researcher called Bill Demirkapi, but other flaws regarding verification of software provenance were found in the prior versions of this software by another software researcher called John C. Hennessy-ReCar. Here, Dell practised responsible disclosure in reporting the SupportAssist software vulnerability and made sure there were newer properly-patched versions of this software.

A newer version (3.2.0.90) of this software has been released and made available to download from Dell’s servers. I have placed the link to the installer package and Dell’s software download site so you can make sure your computer is up-to-date. The software download site also has a “Detect PC” button to allow the site to properly identify the Dell computer it is being used from incase you find it difficult to properly identify the exact model yourself. You may also find that the existing SupportAssist software may update itself or suggest an update when it checks Dell’s servers for new software versions.

As well, copy the SupportAssist installer application referenced here to a USB memory key or portable hard disk because your system may keep the prior version of this application in its recovery partition and you would be running that version should you have to restore your computer from that partition.

A good practice that I would like to see regarding “recovery partitions” on today’s computers is to have a user-selectable option to “slipstream” or update these partitions with newer software versions. This can be of importance with major or minor revisions to the operating system or updated application, driver and support software.

It may be a good practice when you buy a prebuilt computer to visit its manufacturer’s support resources regularly to check for new software updates for hardware drivers or support software. You may also be alerted to any issues that you might come across with this system. As well, registering your system with the manufacturer may be of value when it comes to being alerted to software or hardware issues.

Send to Kindle

The battle’s on for streaming-music services

Articles

Spotify Windows 10 Store port

Spotify’s ad-supported free music service faces competition from Amazon and Google

Free ad-supported service tier

Amazon Music’s free ad-supported tier goes live, but only for Alexa users | The Verge

Amazon and Google Are Making Music Free — And That Could Be a Big Headache for Spotify | Rolling Stone

Hi-Fi-grade premium service tier from Amazon

Amazon may be working on a high-fidelity music streaming service | Engadget

Amazon Planning To Hi-Fi Music Streaming Service: Report | Android Headlines

My Comments

The Silicon Valley establishment are realising that other companies are offering streaming-music services that offer service options that they don’t provide in their own services.

Ad-supported free-to-end-user service tier

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

The Amazon Echo will benefit from Amazon’s free music service

One of these is a free-to-end-user service option which is supported by audio advertising that plays in a similar manner to commercial free-to-air music radio.

Spotify had, for a long time, established its streaming-music service on a “freemium” model with an ad-supported basic service tier free to the end-user. This is alongside their Premium service tier which can be fully enjoyed on your mobile device or Spotify Connect endpoint audio devices and without advertising.

The advertising models included display advertising on the user interface along with radio-commercial-type audio ads at regular intervals. They also offer to marketers advertising ideas like sponsored playlists or sponsored listening sessions.

Now Amazon and Google are offering a free-music ad-supported streaming tier for their “online jukeboxes” but this will be limited to their smart-speaker platforms rather than a Web-based or mobile-based experience. There will also be a limited music offering available through this music tier.

Premium hi-fi-grade service tier

Cambridge Audio / Rega hi-fi system

Amazon to undercut Tidal and Deezer when delivering a streaming music service fit to play through hi-fi equipment

The other is a premium streaming service that yields at least CD-grade audio fit to be played through that hi-fi system rather than an experience similar to FM radio.

TiDAL and Deezer based their music-streaming service on listeners who value high-quality sound for a long time. You may have heard music streamed from one or both of these services if you have recently attended a hi-fi show like any of the Chester Group hi-fi shows where I have heard TiDAL in action, or visited a boutique hi-fi or home-AV store.

Amazon aren’t taking this lightly and are offering a hi-fi-grade premium service tier for their streaming-music service. This is priced at US$15 per month with a view to undercut TiDAL and Deezer and is also targeted towards people who use Alexa-platform audio devices with their hi-fi system or use an Alexa-based network multiroom setup.

The Amazon service will offer the music at CD quality at least, if not with some tracks offered at “master quality”. They are working with the record labels to license their music libraries to this service in order to have more high-grade content.

What is this to lead to

I see this opening up the floodgates for a highly-volatile streaming-music service market with companies wanting to cut in with entry-level free tiers driven by advertising or premium hi-fi-grade subscription tiers for those who value high-quality sound. Here, I would see at most of these companies running a three-tier music service for consumers – an ad-supported limited-content free service, a standard package with the whole library delivered ad-free and a premium package that has access to the whole library with CD-grade or master-grade audio.

There will be some factors that will allow each streaming-music service to differentiate themselves in a crowded market. They will become more important as a way to attract new subscribers or retain their existing subscriber base. It will also become important in encouraging people who have subscriptions with all of the services to focus their attention to a particular service.

One of these would be the quantity and quality of music playlists, especially curated playlists. Another would be the richness of information available to the user about the performers, composers, genres and other factors regarding the music library.

There will also be whether the music library contains underrepresented content and how much of this content is available to the users. This includes whether they offer a classical-music service with the expectations of such a service like composer-based searching.

Another issue that will show up is the provision of client-side support in standalone audio equipment so you aren’t running extra software on a computer or mobile device to get the music from that service to the speakers. This will also include having software for these services integrated in your car’s dashboard.

There will be the issue of what kind of partnerships the streaming-music service provider can have with the business community. It ranges from  “business music” service tiers with music properly licensed for public-performance on business premises to advertising and sponsorship arrangements like what Spotify has achieved.

As far as the creative team behind the music is concerned, a differentiation factor that will come about is how each streaming-music service renumerates these teams. It is whether they are the composers, arrangers, lyricists or music publishers behind the songs or the performers and record labels behind the recordings.

There will also be the issue of encouraging other vendors to tie-in streaming-music subscription as part of a package deal. This could be through an ISP or telco providing this service as part of an Internet or mobile-telephony service plan. Or buying a piece of equipment like an Internet radio could have you benefit from reduced subscription costs for a particular streaming-music service.

What I see of the online music-streaming market is something that will be very volatile and competitive.

Send to Kindle

Lifestyle publishing heads towards the online trend

Lifehacker Website

Lifehacker – an example of the new direction in online-based lifestyle publishing

The online life has placed significant changes in the realm of “lifestyle publishing”.

What I would describe as “lifestyle publishing” are print or online publications that primarily cover lifestyle issues like living at and keeping our homes, parenting, personal health and personal / relationship issues. This kind of content is seen as being evergreen and relevant for a long time.

The classic “women’s magazines” maintained this role while running celebrity gossip and similar material. They existed in a position where they were available in the checkout lanes at supermarkets or at general/convenience stores and newsagents. As well, prior issues would exist in the waiting rooms at most medical practices and, of course, they would exist on many coffee tables as casual reading.

Some of these magazines even provide activities like crosswords and other puzzles or provide colouring-in pages and similar activities for children. This is to enhance the value of the magazine across the reader’s household. You may also find a few comic strips in the magazines as another content type.

They have been supported by various magazines that focus on particular topics like cookery, home improvement, parenting and health. It is also along with those salacious gossip magazines filled with lurid details of what the TV stars, the European royal families or other celebrities are up to.

Mamamia Website

… as is Mamamia

But, thanks to the smartphones and tablets, the direction for this kind of publishing has headed towards two major online paths. These devices have provided a portable and discreet means to consume this kind of material whether at home or out and about, in a similar way to how the e-book has been a boon to the romance novel and similar popular “guilty-pleasure” reading.

One of these are the independent blogs and small-time Websites, especially the “mum blogs”. These blogs appear on their own site or purely on a social-media platform like Facebook. People who follow the independent sites and blogs consider them authentic due to them representing the voice of the site’s or article’s author and their experiences.

MillieMummyMelbourne mum blog

… and “mum blogs” like MillieMummyMelbourne

The other fork in the road are the likes of Fusion Media Group and Pedestrian TV who maintain a large powerful blog/Website network with names like Lifehacker and Gizmodo. In this case, Fusion Media Group are franchising some of their mastheads in to other countries in a similar manner to what the Daily Mail and The Guardian are doing. It includes providing localised content for these markets as well as content that appeals across the world.

Another example of the other fork in the road is Mamamia who is becoming a powerful online “women’s magazine” focusing on what women really want. But this masthead is moving away from the traps associated with the salacious celebrity-gossip culture such as relying on imagery supplied by paparazzi photographers.

The online lifestyle publications don’t just provide content in the written form augmented with photos or other imagery. Increasingly these publications are providing audio podcasts or short videos in addition to the written content. Here, it is positioned as another way to present the same information that the site provides.

Lenovo Yoga Tab Android tablet

These mobile tablets play in to the hand of the online lifestyle publishers

Some of these online lifestyle-publishing mastheads are doing some things that aren’t really associated with the traditional women’s mags. One approach has been to review and compare different products that exist on the market and are relevant to their reader base.  This was a practice that was typically saved for car, boat, photo/audio/video and similar magazines or magazines offered by consumer-rights organisations.

But independent bloggers like the “mum blogs” are undertaking this role by reviewing or comparing household and similar goods. In some cases, the vendors supply the review samples of these goods, especially newer products, in order to have them put in the public consciousness.

There will be some continual questions raised about online lifestyle publishing.

One of these will be about monetising the content. This is more so where people are using social media, online content aggregators or email to follow the sites and read the latest content they offer.

Dell Inspiron 13 7000 2-in-1 Intel 8th Generation CPU at QT Melbourne hotel - presentation mode

.. as do the popular 2-in-1 convertible laptops like the Dell Inspiron 13 7000 2-in-1 range

This situation may affect the viability of on-site display advertising as a monetisation strategy. It is even though most of these publishers don’t have difficulty in creating family-friendly brand-safe content which can attract the advertisers to their Website.

One way this issue has been targeted is through the provision of sponsored content on these sites. The article or articles will have some input from a brand and be published with the brand’s identity appearing at various points in the article. This may also include the supply of goods and services at no cost to the blogger in exchange for them to write up a review about them like in the MillieMummyMelbourne blog regarding LEGO Duplo Stories with Amazon Alexa.

Some people see the existence of sponsored content or product reviews based on vendor-supplied samples as not being authentic. This is because they see the vendors or brand owners effectively steering the discussion regarding the goods or services being offered with the publishers extolling the advantages of these goods. This is something that has happened across lifestyle publishing in the traditional media with the use of advertorials within the magazines or infomercials being run during morning TV.

Another approach has been to run an online storefront that offers merchandise promoting the Website or designed by the author. It is more so where the author has the creative ability to design their own merchandise like clothing for example.

Another issue that will crop up is how to position online lifestyle publications in a manner to make them discoverable.

At the moment, discovery of this content is primarily through Google, Bing or other search engines especially where the search engine may surface a list-driven article written somewhere on the Internet that compares and describes the sites you are after. This takes over the role of the browsing-driven Internet directories like Lycos which existed before the Google behemoth came to the fore where Web providers could submit links to their sites to these directories.

As well, some of the online content aggregators like Feedspot or Feedly do provide the ability to search or browse for content of a kind. Similarly Web portals could be used as a tool to place online lifestyle publications “on the map”, perhaps through the use of a dedicated “lifestyle” Web portal promoted through traditional media.

Use of native or Web apps that show up strong with iPads, Android tablets and similar devices cam be a way to keep that “magazine experience” alive when you are “flicking” through these online lifestyle publications or “mum blogs”.

What needs to be done regarding online lifestyle publishing is to raise the profile of this segment to a position comparable with the traditional printed magazines. There was an episode of ABC’s “Media Watch” comparing them against the traditional womens’ magazines but this was showing concern about the sponsorship and brand-interaction issue.

Here, it was a way to use traditional media to put these blogs and sites on the map, but other resources can be used equally as well. For example, a radio or TV talk show could be used as a platform to interview lifestyle bloggers including “mum bloggers” and place them on the map. Or traditional media can exchange content with the lifestyle Websites and blogs to, perhaps, enrich coverage of a particular topic or cross-promote resources.

What needs to happen is to increase the profile of the online publications and blogs in the context of lifestyle-focused publishing especially in the eyes of the casual readers.

Now lifestyle publishing has headed towards the online direction and is coming to a tablet computer near you.

Send to Kindle

Yale uses modules to extend smart-lock functionality

Article

Use of a user-installable module allows these Yale smart locks to work with different connected-home systems

Yale Expands Assure Lock Line With New Smart Lever Lock | Z-Wave Alliance

My Comments

Yale have implemented the smart-lock approach in a very interesting way ever since that company released their Real Living Connected Deadbolt in to the North-American market.

Here, they designed an electronic lock as a basic platform device but built an expansion-interface arrangement in to this lock’s design. Here, users could install a retrofit module in to the battery compartment on the door’s inside to add on Zigbee, Z-Wave or August smart-lock connectivity to their lockset.

This approach has been rolled out to the Assure range of electronic deadbolt locks and lever locksets with the use of the same module type for the whole range. It also applies to the Lockwood Secure Connect product range offered in Australia which is based on the Yale designs.

A similar approach has been implemented in the UK for some of the Yale electronic door locks sold in that market. But the modules used with the UK locksets are different to the North-American modules due to the regional differences that affect how Z-Wave and Zigbee operate and the country’s preferred building-hardware form factors. One of these units is infact designed to replace the outside cylinder on a rim-mounted nightlatch or deadlatch to enable “smart lock” functionality to this common class of door lock.

All these modules are expected to be installed in a “plug-and-play” fashion where they simply add the extra functionality to the lock or bridge it to the smart-home ecosystem once you install the module. After you install these modules in the lockset, the only thing you need to do is to pair them with the smart-home or integrated-security ecosystem.

Even within the same form-factor, the electrical interface for these modules may be varied for later products which can raise compatibility issues. Similarly, some of the home-automation integrators tend to presume that a particular module will only work with their system.

They also work on a particular “Internet-of-Things” wireless interconnection rather than an IP-based home network, requiring them to use a network bridge to work with an online service. This bridge is typically provided as part of a security-and-home-automation ecosystem whether offered by a telco, security services firm or similar company.

What have I liked about this approach is the use of user-installable modules that are designed to work across a particular Yale smart-lock range. Here, these modules interlink with Yale or third-party smart-home setups with the ability to be replaced should you decide to move to a better home-automation system that uses a different Internet-of-Things interface.

It underscores the fact that, once installed, a door lock is expected to be in service for a very long time and this same requirement will be placed upon smart locks. This is even though new smart-home or smart-building technologies will appear on the horizon.

It is similar to how central-heating systems are being enabled for smart-home operation through the use of a room thermostat that has the “smarts” built in to it. These thermostats are designed to be powered by the host HVAC system and connect to that system according to industry-standard wiring practices that have been determined and evolved over a long time.

This approach can be taken further with other devices like major appliances that are expected to serve us for a long time. Even if a manufacturer wants to create an ecosystem around its products and accessories, it needs to keep the specifications for interlinking these products and accessories the same to allow users to implement newer devices in to the system.

It can also work properly with a self-install approach where the customer installs the necessary aftermarket modules themselves or a professional-install approach which involves a technician installing and commissioning these modules. The latter approach can also work well with manufacturers who offer “functionality” or “upgrade” kits that enable the use of these modules.

The ASSA Abloy approach to making sure your smart lock works with the smart-home system by using user-replaceable modules makes sense for this class of product. Here, you are never worried about the smart-lock ability being “out of date” just because you install a home-automation setup that suits newer needs.

What needs to happen with the retrofit approach is that the physical and electrical interface for add-on modules has to be consistent across the product range or device class for the long haul. There also has be be some form of compatibility should any design revisions take place. Similarly, using a common application-level standard can work well with allowing the same device and retrofit module to work with newer systems that adhere to the relevant standards.

These expectations may not really work well with system integrators, telcos and the like who prefer to be the only source for products that work with a smart-home system.

Here, it is the first time I have noticed a smart-home device designed to be upgraded over its long service life.

Send to Kindle

WPA3-Personal security–What does this mean for your Wi-Fi network

Article

Telstra Gateway Frontier modem router press picture courtesy of Telstra

Expect the next-generation Wi-Fi network to have WPA3 security

What is WPA3? And some gotchas to watch out for in this Wi-Fi security upgrade | Network World

My Comments

Over the next few years, Wi-Fi routers, access points and client devices like computers and smartphones will be supporting WPA3 as a media-specific network security protocol.

At the moment, I will be focusing on the WPA3-Personal variant which is relevant to small networks like the typical home or small-business network. This kind of network security is also implemented in an increasing number of venue-based public-access networks in order to allow the venue owner to protect and authenticate the network and preserve its role as an amenity for the venue’s customers.

The WPA3-Personal network security protocol has the same method of operation as for a WPA2-Personal network. This is using a “Wi-Fi password” commonly known across all access points and client devices that use the network segment.

But it describes this “Wi-Fi password” as Simultaneous Authentication Of Equals rather than the previous Pre-Shared Key used in previous WPA-Personal implementations. It also affects how this “Wi-Fi password” is represented and encrypted in order to protect it against an off-site brute-force cracking attempt.

As well, each connection between the client device and the access point is encrypted in a manner unique to that connection.

The initial onboarding process will be typically based on the traditional password-entry method. But it will also implement Wi-Fi EasyConnect which uses a QR code or WPS-based push-button setup.

The Wi-Fi WPA3 security protocol may take years to become mature while a secure surefire codebase for client-side and access-point-side implementations is worked out. The initial codebase was found to have software weaknesses in the early Personal-setup implementation and is being debugged now.

A question that will be raised is whether an upgrade to WPA3 security will require new hardware for either the client device or the access point or if this can be performed using revised firmware that has the necessary software code. This may depend on whether the hardware uses a purely software-defined approach for managing its functionality.

There will be situations that will take place regarding existing equipment and WPA3-capable equipment. Here, a WPA3 client like a smartphone can work with an existing WPA2-compliant Wi-Fi network segment but not have the full benefits. Similarly, a WPA3-capable Wi-Fi network segment will need to be operated in a “transition mode” to allow existing WPA2-compliant client devices to connect. Again, this doesn’t provide all the benefits of a Wi-Fi network segment secure to WPA3 standards.

You can also work around this limitation by implementing two Wi-Fi network segments that have separate ESSIDs. One of these could be configured to work the current WPA2-Personal standard while the other is set up purely for WPA3-Personal. This practice may come in to its own if you have a Wi-Fi network using the latest standards while you maintain another using tried-and-trusted standards.

Send to Kindle

Gigaset Alexa smart speaker is a cordless phone

Articles

Gigaset L800HX Alexa DECT smart speaker press picture courtesy of Gigaset AG

This Gigaset smart speaker works as a DECT handset for fixed-line telephony services

Gigaset reinvents the landline phone – Gigaset smart speaker L800HX | Business Insider

German language / Deutsche Sprache

Gigaset L800HX: Smart Speaker mit DECT- und Amazon-Alexa-Anbindung | Caschy’s Blog | Stadt.Bremerhaven.de

Gigaset L800HX: Alexa-Lautsprecher mit Festnetztelefonie | Computerbild.de

Gigasets Smart Speaker ist auch ein Telefon | Netzwoche (Schweiz / Switzerland)

From the horse’s mouth

Gigaset Communications

L800HX Smart Speaker

German language / Deutsche Sprache

Product Page

Press Release

Blog Post

My Comments

Amazon effectively licensed the Alexa client software that is part of the Echo smart speakers that they sell for third parties to use. This opens up a path for these third-party companies to design smart speakers and similar products to work with the Alexa voice-driven assistant ecosystem.

This kind of licensing opens up paths towards innovation and one of the first fruits of this innovation was Sonos offering a smart speaker that worked with multiple voice-driven home assistant platforms that they licensed. But I will be talking about another approach that links the traditional fixed-line telephone to the smart speaker.

Amazon Echo Connect adaptor press picture courtesy of Amazon

The Amazon Echo Connect box enables your Amazon Echo speakers to be your traditional household telephone

When faced with Google offering telephony functionality in their Home speaker, Amazon one-upped them with the Echo Connect box. This box connects to your home network and your fixed telephone line so you can make and take telephone calls through the traditional fixed telephone service or its VoIP equivalent using an Echo smart speaker or similar device. The device had to connect to the telephone socket you would connect the traditional telephone to as though it was an extension telephone and if you implemented a VoIP setup using a VoIP-enabled router, you would connect it to the telephone-handset port on this device.

Now Gigaset Communications, a German telecommunications company who is making innovative telephony devices for the European market, has approached this problem in a different way. Here, they have premiered the Gigaset L800HX smart speaker that works on the Alexa ecosystem. But this uses functionality similar to the Amazon Echo Connect box but by working as a DECT cordless handset.

The Gigaset L800HX can be paired up with any DECT base station or DECT-capable VoIP router to become a telephony-capable smart speaker. It is exploiting the fact that in competitive telecommunications markets in Continental Europe, the telcos and ISPs are offering multiple-play residential telecommunications packages involving voice telephony, broadband Internet and multiple-channel TV service on fixed and/or mobile connection.

Increasingly the fixed-line telephony component is provided in a VoIP manner with the carrier-supplied home-network router having VoIP functionality and an integrated DECT base station along with one or two FXS (telephone handset) connections for this service. This is due to use of dry-loop xDSL, cable-modem or fibre-optic technology  to provide this service to the customer and a drift away from the traditional circuit-based telephony service.

Onboarding this speaker requires you to interlink it to your Wi-Fi home network and your DECT-based cordless base station or VoIP router. Then you also set it up to work with the Amazon Alexa ecosystem using the Amazon app or Webpage associated with this ecosystem. A separate Gigaset mobile-platform app provides further functionality for managing this device like synchronising contacts from your mobile or DECT base-station contacts list to the Amazon Alexa Calling And Messaging service. It provides all the other expectations that this service offers like the Drop In intercom function. Let’s not forget that this device can do all the other tricks that the standard Echo can do like play music or manage your smart home under command equally as well.

The German-speaking tech press were raving about this device more as tying in with the current state of play for residential and small-business telecommunications in the German-speaking part of Europe. They also see it as a cutting-edge device combining the telephony functionality and the smart-speaker functionality in one box that fits in with the Continental-Europe ecosystem tightly.

Here, it is another example of what the licensing approach can do for an ecosystem like Amazon Alexa or Google Assistant. This is where there is an incitement for innovation to take place regarding how the products are designed.

Send to Kindle

Australian Electoral Commission weighs in on online misinformation

Article

Australian House of Representatives ballot box - press picture courtesy of Australian Electoral Commission

Are you sure you are casting your vote or able to cast your vote without undue influence?

Australian Electoral Commission boots online blitz to counter fake news | ITNews

Previous coverage

Being cautious about fake news and misinformation in Australia

From the horse’s mouth

Australian Electoral Commission

Awareness Page

Press Release

My Comments

I regularly cover the issue of fake news and misinformation especially when this happens around election cycles. This is because it can be used as a way to effectively distort what makes up a democratically-elected government.

When the Victorian state government went to the polls last year, I ran an article about the issue of fake news and how we can defend ourselves against it during election time. This was because of Australia hosting a run of elections that are ripe for a concerted fake-news campaign – state elections for the two most-populous states in the country and a federal election.

It is being seen as of importance due to fact that the IT systems maintained by the Australian Parliament House and the main Australian political parties fell victim to a cyber attack close to February 2019 with this hack being attributed to a nation-state. This can lead to the discovered information being weaponised against the candidates or their political parties similar to the email attack against the Democrat party in the USA during early 2016 which skewed the US election towards Donald Trump and America towards a highly-divided nation.

The issue of fake news, misinformation and propaganda has been on our lips over the last few years due to us switching away from traditional news-media sources to social media and online search and news-aggregation sites. Similarly, the size of well-respected newsrooms is becoming smaller due to reduced circulation and ratings for newspapers and TV/radio stations driven by our use of online resources. This leads to poorer-quality news reporting that is a similar standard to entertainment-focused media like music radio.

A simplified low-cost no-questions-asked path has been facilitated by personal computing and the Internet to create and present material, some of which can be questionable. It is now augmented by the ability to create deepfake image and audio-visual content that uses still images, audio or video clips to represent a very convincing falsehood thanks to artificial-intelligence. Then this content can be easily promoted through popular social-media platforms or paid positioning in search engines.

Such content takes advantage of the border-free nature of the Internet to allow for an actor in one jurisdiction to target others in another jurisdiction without oversight of the various election-oversight or other authorities in either jurisdiction.

I mentioned what Silicon Valley’s online platforms are doing in relation to this problem such as restricting access to online advertising networks; interlinking with fact-check organisations to identify fake news; maintaining a strong feedback loop with end-users; and operating robust user-account-management and system-security policies, procedures and protocols. Extant newsrooms are even offering fact-check services to end-users, online services and election-oversight authorities to build up a defence against misinformation.

But the Australian Electoral Commission is taking action through a public-education campaign regarding fake news and misinformation during the Federal election. They outlined that their legal remit doesn’t cover the truthfulness of news content but it outlines whether the information comes from a reliable or recognised source, how current it is and whether it could be a scam. Of course there is the issue of cross-border jurisdictional issues especially where material comes in from overseas sources.

They outlined that their remit covers the “authorisation” or provenance of the electoral communications that appear through advertising platforms. As well, they underscore the role of other Australian government agencies like the Australian Competition and Consumer Commission who oversee advertising issues and the Australian Communications And Media Authority who oversee broadcast media. They also have provided links to the feedback and terms-and-conditions pages of the main online services in relationship to this issue.

These Federal agencies are also working on the issue of electoral integrity in the context of advertising and other communication to the voters by candidates, political parties or other entities; along with the “elephant in the room” that is foreign interference; and security of these polls including cyber-security.

But what I have outlined in the previous coverage is to look for information that qualifies the kind of story being published especially if you use a search engine or aggregated news view; to trust your “gut reaction” to the information being shared especially if it is out-of-touch with reality or is sensationalist or lurid; checking the facts against established media that you trust or other trusted resources; or even checking for facts “from the horse’s mouth” such as official press releases.

Inspecting the URL in your Web browser’s address bar before the first “/” to see if there is more that what is expected for a news source’s Web site can also pay dividends. But this can be a difficult task if you are using your smartphone or a similarly-difficult user interface.

I also even encourage making more use of established trusted news sources including their online presence as a primary news source during these critical times. Even the simple act of picking up and reading that newspaper or turning on the radio or telly can be a step towards authoritative news sources.

As well, I also encourage the use of the reporting functionality or feedback loop offered by social media platforms, search engines or other online services to draw attention to contravening content This was an action I took as a publisher regarding an ad that appeared on this site which had the kind of sensationalist headline that is associated with fake news.

The issue of online misinformation especially during general elections is still a valid concern. This is more so where the online space is not subject to the kinds of regulation associated with traditional media in one’s home country and it becomes easy for foreign operators to launch campaigns to target other countries. What needs to happen is a strong information-sharing protocol in order to place public and private stakeholders on alert about potential election manipulation.

Send to Kindle

Celebrity voices to become a new option for voice assistants

Article

How to Make John Legend Your Google Assistant Voice | Tom’s Guide

Google Assistant launches first celebrity cameo with John Legend | CNet

How to make John Legend sing to you as your new Google Assistant voice | CNet

From the horse’s mouth

Google

Hey Google, talk like a Legend {Blog Post)

Video – Click or tap to play

My Comments

Google is trying out a product-differentiating idea of using celebrity voices as an optional voice that answers you when you use their Google Assistant.

This practice of using celebrity voices as part of consumer electronics and communications devices dates back to the era of telephone answering machines. Here, people could buy “phone funnies” or “ape tapes” which featured one-liners or funny messages typically recorded by famous voices such as some of radio’s and TV’s household names. It was replaced through the 90s with downloadable quotes that you can use for your computer’s audio prompts or, eventually, for your mobile phone’s ringtone.

Now Google has worked on the idea of creating what I would call a “voice font” which uses a particular voice to annunciate text provided in a text-to-speech context. This is equivalent to the use of a typeface to determine how printed text looks. It also encompasses the use of pre-recorded responses that are used for certain questions, typically underscoring the particular voice’s character.

The technology Google is using is called WaveNet which implements the neural-network and machine-learning concept to synthesise the various voices in a highly-accurate way. But to acquire the framework that describes a particular voice, the actor would have to record predefined scripts which bring out the nuances in their voices. It is part of an effort to provide a natural-sounding voice-driven user experience for applications where the speech output is varied programmatically such as voice-driven assistants or interactive voice response.

At the moment, this approach can only happen with actors who are alive and can come in to a studio. But I would see WaveNet and similar technologies eventually set up to work from extant recordings where the actor isn’t working to a special script used for capturing their voice’s attributes, including where the talent’s voice competes with other sounds like background music or sound effects . By working from these recordings, it could be about using the voices of evergreen talent that had passed on or using the voices that the talent used while performing in particular roles that underscored their fame. A good example of this application are the actors who performed in those classic British TV sitcoms of the 1970s or using Peter Sellers’, Spike Milligan’s, Harry Secombe’s and Michael Bentine’s voices as they sounded in the Goon Show radio comedy.

Google is presenting this in the form of a special-issue “voice font” representing John Legend, an actor and singer-songwriter who sung alongside the likes of Alicia Keys and Janet Jackson. Here, it is being used as a voice that one can implement on their Google Home, Android phone or other Google-Assistant device, responding to particular questions you ask of that assistant.

Amazon and others won’t take this lying down especially where the voice-driven assistant market is very competitive. As well, there will be the market pressure for third parties to implement this kind of technology in their voice-driven applications such as navigation systems in order to improve and customise the user experience.

Send to Kindle