 So this is Sukrit Bharatiya and today's podcast is about a topic which is really close to my heart because I'm a science fiction writer and I'm also a technology writer in addition to the tech journalism that I do and technology has always been kind of the foundation of my work whether it's fiction or reality but today we are not going to talk about my fiction we are going to talk about how technology or science is portrayed in the work of fiction these days I mean for example if you look at Mr Robot I mean they they they got it so so right I mean I okay let me admit that the first episode they mentioned KDE and so I see you're right no you know I'm actually on KDE myself actually I own the Google plus KDE community so a lot of you know KDE fans and all those they're like super excited about it and then also you know I use Tor sorry TaylorS write about you know Kali Linux and everything so that was you know really really you know they got it totally right so so today that the big thing is that whatever you see in in TV or movies these days is actually closer to reality you know then they appear on the mirror or in your TV screen so today we're going to talk to James Pluff who's an expert in this area so James can you please quickly introduce yourself sure my name is James Pluff I'm a solutions architect at Mobile Iron so most of my day-to-day is spent actually working with our technology partners they integrate our security and management platform with their security tools and so I spend a lot of time playing in a in a big box of technology Legos I guess the best way to put it and and and what kind of you know either services or solutions do you offer to you know your Mobile Iron specialty is actually in the security management security and management of smart devices whether that's your phones tablets even you know windows 10 laptops and tablets that are making their way into the world so that's kind of been our our stock in trade from day one is is letting enterprises securely deploy those devices in their environments okay one thing that when you talk about these days we are living in the IoT you know word everything is kind of in that direction there are so many factors that affect the the security first of consumer awareness the Amazon key recent was a good example of that and before that last year I think D-Link was actually fined because of you know the way they were kind of doing all the security stuff there and I think there was another twi company I forgot the name our kids used to have those twice but we kind of get rid of it so they're like consumer awareness plus you know the vendors are too lazy sometimes their product cycle is like for one week you know in Chinese vendors they just make it sell it and forget about it there's no mechanism or incentive for updates and then third is there is no regulation so so how do you deal with these problems well I think that's one of the things that is is going to be a continual struggle as we see more IoT kind of in our lives right there there's been a long-standing tradition in industrial design this notion of planned office lessons that a thing lasts for a certain amount of time and then it just goes away but we find that a lot of times things last a lot longer than they should consumer electronics are a great example the issue was that in the good old days we didn't have things connected to the internet and so they weren't remotely accessible and so software bugs were just things that sort of affected maybe the functionality or maybe they weren't even things that you noticed but you know as you noted with amazon key a software bug in amazon key can be something like a total stranger suddenly having a key to your house and being able to unlock it from a considerable distance away so one of the things that I think we need to get smarter about is what the real risks are as we sort of approach these things you know on the one hand things like amazon echo and google home are extremely convenient for kind of having the voice assistant goodness knows we'd all like to have a personal assistant nearby to help us out with the little things right I have one right now you can see on my table exactly and but the caveat is then that it's also a live microphone that's sort of sitting in your home and I don't want to be too much of a tinfoil hat character about it but it is unclear how those things will sort of uh integrate themselves into our lives over time and what that'll mean as we continue to use them we're always a lot better about figuring out a nifty thing to do than we are about figuring out the long-term implications of those nifty things yes I was actually I was working on an IT story and when we were going to buy our refrigerator because we just bought a house two years ago and a smart fridge and I was curious that the life span of an average fridge is like 12 years or whatever it is you know maybe more but when I checked with Samsung or LG about okay for what is their policy for software update on those refrigerators for example let's say two years later if Samsung it stops updating the firmware or you know updating the software or ties on or whatever is running on the fridge it's not that you know that somebody is going to dry my coke from my fridge the problem is that it's connected to the network and that will compromise my whole network and then it will get access to everything else in the house and they never came back with a concrete answer so so as you said you know that some devices are designed but there are a lot many other devices that are designed to last that long but if you go to their warranty page or support page it's nowhere it mentions that you will get software till tell you 10 years or 20 years no nothing so so so I would like okay somebody just like mr. robot somebody can hack into your fridge and turn it off like for five hours every night so your meat is all rotten so when you have a party everybody will get food poisoning or salmonella or whatever and it will die you know so you don't have so so so that brings me to the fictional part of it that when we think about I recall the early days of science fiction it used to be like you know that a science fiction writer kind of challenges that technology you know that okay what else you can do you know now like look at Arthur C. Clarke he gave the idea of satellites you know and you nobody could patent satellite because he was so precise about it the the fall on the moon does he wrote about what kind of you know environment will be there on the moon and date that it came out to be true but nowadays what is happening is that as a science fiction writer we are living in that day I mean we are talking you know we used to talk about video phone and stuff like that we are actually sitting real lifetime and recording it and so now the challenge technology is posing to a writer says that what else can you think you know so yeah it's and I think you see an interesting trend in that regard both in popular culture some of the things you see depicted in things like mr. robot but also series like black mirror where mm-hmm as we start to have all of this ubiquitous technology I think it is counseling us to view it with a little bit more skepticism than we have historically you know it's it's really great you and I are talking to each other I'm in Michigan you're in Virginia and and this is fantastic like when I saw the first commercial and I'm going to date myself here I suppose with technology but the first commercial where AT&T was advertising video conferencing it was like you would have to go to a special phone booth that AT&T had somewhere and stepped inside and and it was on a screen you know that was like eight inches diagonal and the picture quality was terrible but you and I can see each other in in high depth we're doing that from the comfort of our offices and it it works out extremely well but you know it is one of those things that while there are certain conveniences as one of my favorite singer songwriters says every tool is a weapon if you hold it right and so it is incumbent upon us to to exercise a little bit of caution I think you touch upon mirror and and mr robot I mean it depends on the the audience you know most of us do know that when he's as a searching into something you know you know or they're using tail OS or Kali Linux we do know why they're one is penetration tool when you talk about security doesn't mean you know that or if you put tail so as that is so so there are different tools for different things but when she was hacking into whether it's FBI system or when they took control of the whole house you know and how how real are those threats actually you know how much of that is fiction versus how much of that is real well I think you know the reality is that at the end of the day these things are are meant to tell a story and so you have the luxury of keeping things grounded in reality but also taking a little bit of dramatic license in the services of story but I think the the case of hacking the smart house is a great example and I know you'll appreciate this based on your background but a lot of what's made this innovation possible is open source software you know we don't have to code everything from scratch anymore we can find the components in the libraries we need and assemble them in the way that lets us do the things that we want and so that that has been a key driver for a lot of what we've seen in things like smart homes the fact that Linux exists and there's a lot of open source hardware designs for for different things that you might want to do the downside there is that when you're using open source software and if you don't have any plan for what the lifecycle of that software will be as you found with your your questions about the refrigerator right what will you do when a vulnerability is discovered because secure today is not the same thing as secure tomorrow and so you know you may roll out something you may have done all of the requisite testing on the software you may not have found any vulnerabilities but down the road something may occur and so well I think there's there's an element of fiction there's also a while while the example in Mr. Robot of smacking of hacking the smart home is is somewhat fictitious it's not that far removed from real scenarios yes you mentioned open source since I have been covering open source and you know you see you know open source is not I don't know if you can see it it's all three printed on open source printer actually and I have been covering and yeah please go ahead oh I was just gonna say I noticed the master sword there in the background which is very near and dear to my own heart having been playing Legend of Zelda games for I guess close to 30 years at this point yeah this is getting a bit off topic but the thing is I'm actually playing the the master sword trial and I'm still on the first layer of the three level and I always die at them so I am kind of getting upset but I will try to finish it because you know you'll get from 30 power you'll get all the way to 60 so yeah and then that you did not have seen this but this is sawtooth from zero dawn horizon horizon dot zero yeah so this is also 3d printed on the and all of these are fully open source 3d printers the point that I mentioned it because I'm into gaming but I don't play games but but I'm I like I have PlayStation I have Xbox I have Nintendo Switch I I like to keep myself platform agnostic so I don't become a fanboy of certain technology and I also you know see where it's going now so when you mentioned open source I mean if you look at the proprietary word it's not that proprietary word is secure you know only they have access to the source code and you cannot even do reverse you know in most cases because it could be illegal or DMCA is there now for with open source the the thing is that anyone can look at it and anyone can fix it that's what happens you know when you look at the Linux kernel mailing list you know Red Hat doesn't have to patch it or Suzy can patch it anyone you can patch it I can patch it send it to Linux store well so he will take a patch or not take the patch proprietary you cannot do that but the problem is that these you know companies vendors without naming anybody they put binaries on it but they don't offer any mechanism for even a user who want to change to upload the firmware so so and so should not there be a way I mean like for example I can very easily hack my router and you know put the open source you know firmware on it and improve the performance so should there be either through revelation that you know first of all it should be mandatory to keep the firmware upgrade till the lifecycle of the product itself you tell you know what is the lifecycle of the product second is that it should be the user should be allowed to upgrade the firmware and since you are using open source libraries and stuff already you can offer you know that as on github so users you know whoever want they can you know take over their fridge when you plan to and support for it just the way you know my laptop I can put Linux on it and run whatever what do you think about that I mean what I'm trying to say is that being an open based on open source there is a great advantage that they don't have to really have that liability and burden you know they can just say yeah go ahead you know you can what do you think about it yeah I mean I I think that makes a lot of sense I think we haven't really seen companies embrace that to date and you've seen kind of that sort of argument go down actually with John Deere so you have farmers out who are very much accustomed to maintaining their own tractors but now their tractors rely heavily on software and so they've actually been going out to the internet and getting cracked versions of firmware to update their tractors you know in much the same way that they would would repair the engine once upon a time and so I think there is an interesting discussion that needs to be had and some consensus needs to be reached between companies and customers about what constitutes ownership because in a lot of respects you know we find ourselves at at the receiving end of a fairly lengthy and complex legal agreement when you unbox any given new device when you take an iPhone out of the box or a new Google Pixel you know one of the things that you're doing is accepting a lot of terms and conditions about how the software will work and how the software will work affects the useful lifespan of the device and so I think that's an area that from a consumer point of view requires a little more focus and and attention I always get a little bit cagey thinking about regulation because you always worry that regulation will potentially stifle innovation that's certainly not what we're about but by the same token to your point that what if I want to continue to safely use the device that I've acquired whatever that device is whether it's my John Deere tractor or or my tablet with everything so connected all the time we have to really think about what the lifecycle means and and we have to start reevaluating how we approach these things it frankly just doesn't make sense to say that when there are no more software updates the hardware should automatically go in the landfill that's just no kind of way to use resources right I mean the whole point is that it enables you to keep you know that device alive and when you mention John Deere it's actually even legally there is no such thing which stops but John Deere or other companies they are using DMC article 1201 which is more about copyright you know so they are saying simply since my code runs on it so I have so you are they're abusing copyright laws to gain ownership of the so that article should be totally you know abolished all together and you know and it should be allowed for researchers or users to be able to do what they want to do with the machine that they have purchased so I think that is a lot of political thing also needs to be done but coming back to the point of all the risks that are there you know we cannot even kind of even as a fiction writer you know I can only think so much you know what is possible there are a lot of possibilities where things can go wrong so what what what should people do to protect themselves because like I just said I have this Google to Google home devices I don't use Amazon eco very much because I can have a very natural conversation with Google home I can let's say hey what kind of food they ate in Belgium you know it will tell it they you know waffles and fries because I lived in Belgium so I know and then I don't even have to tell it it's a I'll say you know what is the capital you know oh sorry where is it so it will tell me Brussels so it knows the context I can just keep talking what kind of food they eat what kind of close they wear how to go there it knows that I'm talking in Belgium and Brussels with Siri I won't even even talk about series IQ is as good as a dog's IQ uh Amazon eco is is really you know not good at answering these kind of actually even when I ask you know because I just got a pen on the GH5 if I ask Alexa uh how good is GH5 as I don't know do you want me to order a GH5 that's what will be the answer if I asked Google home it will read something from a site it will tell according to Geekwire or you know GR review blah blah this is what the device is all about so these are smart devices they have access to everything and the problem is that we don't own these devices we have this hardware in our home but Google Amazon or Apple in case of Apple may be different because Siri runs I don't think it runs too much on the cloud but you know we these companies own these devices we have no control over what kind of data they are accessing we don't know because they are listening all the time we just take their words you know that okay you said it's not listening that means it's not listening you know but so how do people protect themselves while taking advantage of these devices because I don't want to live in a cage either cave either you know I don't want to go back crawl back you know to ocean so how do we maintain this balance between you know accessing these technologies while protecting ourselves yeah I think there's going to have to be at least a certain amount of work done on the political front you know just to have some sort of advocacy you know we saw this kind of happen a while back with website privacy policy that for a long long time people were the way that people were tracked on websites wasn't necessarily immediately obvious to folks and there was a big big push from consumers to understand how am I being tracked how do you use the data once I'm at your site and the language around those privacy policies got clearer and I think that's actually going to become at some point for companies a competitive differentiator right that we can tell you in very plain language exactly what it is we do how we handle the data how we keep it safe what we use it for where we store it these sorts things a lot of that right now is actually unfortunately very opaque and so it would be hard for for an end user to make an informed decision about would I rather have a google home or an amazon alexa in in my house based on the sort of privacy policies there and so I think you know at some point that it is going to be an issue just from a consumer protection point of view but I think forward-looking companies will use that to your advantage or their advantage rather and you see that a little bit I think from apple right now that they actually what they you know as a subtext to a lot of their messaging really really focused on the privacy piece of it and and that has implications for a lot of other stuff as well including you know law enforcement and so I think there's going to be a lot of healthy and vigorous debate for a long long time but it is something that that the consumer community needs to start pushing for I mean it was the same thing with going back for technology for a long long time whether you're talking about seatbelts or airbags it needs to be the sort of thing that that consumers demand and that companies are able to drive value from providing that level of transparency I think that makes perfect sense but here's the irony that US is one of those countries where Facebook is one of the most popular networks so when you're logged into Facebook and regularly feeding them with everything that is going on in your life I don't think you will be very cautious about privacy and demand you know some other vendor it don't exist so I have a lot of I lived in Europe so I have a lot of friends European friends and I work with a lot of European countries and they companies and they have very strict policies when it comes to privacy you know rights and they are really really very very you know particular about about this thing like I work with a company called NextCloud and they offer you know Dropbox like solution but you have to you can run it you know server you can control who can access it not and and that's amazing because you know I run that you know on my own server you can rent services from other people so so here when we look at you know that people are logged into their Facebook all the time they are sharing their story on Instagram do you really think that they will be you know a consumer awareness at all because you know companies will look at Facebook they'll say okay we will not do any policies we will route you through Facebook so if you want to join our service you know log into your Facebook account yeah I mean I think you know it's one of those things that that we wish we would get that awareness kind of overnight right that that building up that that kind of muscle memory about the way to keep yourself safe online just came naturally to us but all of this technology is very new and so we have to to muddle through I think as we we work some of this out and that does make it difficult though thankfully we do have plenty of science fiction as kind of a a little bit of a compass for navigating some of those those thornier issues um but it is something that that we we have to stop and and be able to think critically about um you know we're very quick to latch on to convenience but we don't always think about what we're giving up in exchange just like for myself I started thinking about how I used Facebook and I actually dropped off Facebook um maybe six years ago or so because I I decided that while it let me keep in touch with people in a in a really convenient way that if what I really wanted was to stay in touch with those people I should reach out to them directly as opposed to sort of letting this cloud service become a proxy for my personal interactions with the people that I cared about and so um that makes certain things trickier because everybody you know lives in different places has different schedules and has different stuff going on in life but um that was just sort of the personal decision that I made in terms of how am I going to stay connected to the people that I want to stay connected to and not use this tool um so it made me change my behaviors a little bit but uh I don't think I'm I'm too much worse off for it I mean there are definitely things that I know that I missed out on by not participating in Facebook by the same token I feel like you know the things I've traded have made other stuff more meaningful and if we sit down and think about those things um you know everybody's going to make a different decision but it's something we should all consider for ourselves and what that means for our our use of technology yeah I totally agree with I remember Richard M. Stallman uh he's the founder of phyto software foundation and the gynojipal which is the most popular license used in Linux and he's not on Facebook and you know he has visited us he has stayed with us and he's really really really you know he says that so I was like you know my friends are there on Facebook so I have to stay in touch he said just because your friends are going to jump off the cliff doesn't mean you should jump off the cliff too they can go to hell I don't care but you don't go there so you're I mean that's but that's not the idea when they have like one billion solution so you're right in both ways first of all either you know disconnect them yourself or become an agent to change people's behavior because if there's enough pressure you know Facebook and all those companies you know they will have to change but there's no push so there's no push so there's nothing happening now can you just highlight some of the key immediate risk that people who either use iot devices or you know any of these devices smart devices what are the few you know like five checkbox they should keep in mind so that we can say that okay if you do these things that james is recommend you will be relatively safer than you were earlier well I think iot devices are particularly tricky because many of them are so new and so many of them it's unclear what um you know what exactly is running inside so you don't you don't really know what's going on with iot devices all the time so my general advice for iot is think about what your iot device does for you and try to imagine the nightmare scenario that you have like if a hacker was able to take total control of that thing and it seems a little sensational to put it that way but if a hacker was able to take total control of that device how uncomfortable would your life become and if the answer is extremely then maybe an iot device isn't the right choice for you I where does this seem I have an analog thermostat in my house um you know not because I'm particularly afraid of iot thermostats just that uh the analog thermostat does the job for me just fine um and at some point I'm gonna need to replace it and I'll probably go digital and I probably will get an iot enabled but I don't have a need to do that right now um and you know I people harp on on this specific thing in any security context and it always seems a little uh you know a little repetitive but for your smart devices stay on top of those software updates for the most part the the os manufacturers out there have done a really great job of trying to stay on top of security issues um and it's you know it's a lot more convenient to update your uh iphone or your google pixel than it has ever been to like if you set the wayback machine even just a windows xp right you can remember like doing the service pack and it breaking your computer um one these updates are a lot faster they're a lot more frequent um but it it's it's that's probably as obvious as it seems and as many people say it it is really surprising the number of folks who don't think about software updates as being sort of critical to their internet safety um and then I think uh you know news caution when procuring new software so again kind of looking at the curated app stores uh whether you're talking about apple's app store or google play they're not panaceas for perfect software um bad software does sometimes get in there but the good news is it doesn't get in there very often and when it does it gets cleaned up very quickly um I know a lot of folks who grab android apps from very suspicious sources and um you know as uh as dicey as an analogy as this might be I would say think back to some of the things you learned in middle school biology about health and well-being and try to apply some of those same concepts to the way that you deal with your your uh digital life as well and I think you'll you'll be better off uh yeah before we wrap it up there are two or two or three points you mentioned they're really important I was reading a story a few days ago I think it was in words where the the author complained that he was listening a song and suddenly there was an update on Alexa so Alexa stopped the song and installed updates I don't think it these kind of practice should be criticized it could have been a very you know serious sort of security update which meant that it has to be a bit of so you're listening to song is not that important as it is for you know zero day vulnerability to be fixed immediately so you should be appreciating that you know it was fixed number one number two is that as you mentioned for the app store yes please don't buy but at the same time when you go to amazon.com or ebay don't look for the cheapest device you know if the device is accessing your network I mean that should be you know the first thing that you should always look at really credible uh you know uh uh manufacturers or so don't just buy you know those inexpensive knock off Chinese cameras you know to monitor your babies or for security or whatever it is you spend some more money but at least you will get a company which will have a warranty and there you will know that okay you're you're you're you know because as you said earlier also that when you get an IT device and if a hacker you know accesses it will you be buried I think most people even don't know that if a hacker accesses the device what can go wrong they say oh okay they access my thermostat okay they may increase the temperature no once they are in your network they can use you as a you know as a botnet for DDS attack themselves you know they can access and if you are using an insecure browser or non-nttps sites they can still create car informations from the browser I mean they can do anything that they want once they are in your network so yeah be very very careful when you are buying any of these devices any other any other closing you know thoughts before we wrap this up um I you know I think I'm good on my end I certainly appreciate you offering up the opportunity to chat with you I've I've really enjoyed it yeah same here and hopefully we'll you know see each other again and we'll talk about you know more IT related or you know other you know mobile related security related stuff and you know thanks a lot for your time and bye for today my pleasure take care you too bye bye