Product Security Takes Center Stage As Attackers’ Livestream Ring Devices Harass Users

The astronomical success of Ring’s opt-in surveillance products took a dark turn over the last week when attackers began reusing credentials to gain access to the devices and harass families. The devices themselves were not compromised; instead, attackers reused passwords from accounts without multifactor authentication that allowed them access. Reports by Joseph Cox and Jason Koebler of VICE’s Motherboard cover the antics of the attackers, which include harassing children after parents placed the device in a child’s room. Not content with merely launching embarrassing attacks, perpetrators took another step by using Discord and a podcast to amplify the attacks’ exposure by letting people listen in as they tormented Ring users. In “Secure What You Sell: CISOs Must Tackle Product Security To Protect Customers,” Amy DeMartine and Jeff Pollard discuss product security in depth, including the need to secure the unintended or unplanned use cases of products by customers. In this case, Ring probably never intended for the units to be installed in the room of a child, but they were, and attackers used that customer’s decision to harass children. Security leaders live in a world of “what could go wrong?” and such expertise could have helped develop plans for this scenario, long before the company was forced to respond to the public relations storm that’s ensued since the attacks were discovered.

The CCPA Is Almost Here — Are You Prepared?

On Thursday, December 12, Fatemeh Khatibloo participated in a Chatham House Rule event in New York discussing the future of advertising in the face of the California Consumer Privacy Act (CCPA), which goes into effect on January 1. In a room full of advertisers, publishers, industry trade groups, and adtech vendors, it became clear that most companies aren’t prepared to handle a potential flood of consumer requests for data deletion, data portability, and opting out of data selling. On the latter point, no one could agree on what data selling includes under the current draft regulations. Fortunately, we were able to discuss Forrester’s comments to the California Attorney General (AG) on three specific CCPA issues:

  • We asked the AG to provide extreme clarity on what the law means by selling and “valuable consideration” for data sharing. For example, as read today, user data shared by a publisher to an ad network for targeting purposes would be considered “selling.” Likewise, device data shared by a brand to a cross-device identity vendor would be covered under the provision. We need specifics here, and we need them fast.
  • We let the AG know that a browser setting for “Do not sell my data” is a blunt instrument that will have an economic impact on publishers and result in more paywalls for consumers. Our research tells us that the desire for privacy and restrictions on data sharing isn’t binary — consumers trust some companies more than others and may be happy to let some publishers use their online behavior to personalize content and ads. If a browser setting is sufficient to opt a user out of all data sharing on all sites, many publishers will end up enacting paywalls, claiming that contextual ads don’t drive the same revenues as behaviorally targeted ads.
  • We asked for guidance and guardrails around the calculations for what an individual’s data is worth. We believe the current examples are far too broad to be useful. We need an industry standard for how to make these calculations so that consumers understand the true cost of opting out of data selling. As it stands today, publishers and advertisers can create a calculus that favors their business and allows them to charge consumers more for services than is strictly appropriate.

The Next Wave Of Emerging Tech Will Be Back Down In The Hardware

You might have noticed a lack of hot new emerging technologies to fuss over. We have been talking about AI, blockchain, IoT, and now edge for at least a few years. What is next? We see work going on down at the chip and networking level that portends the emergence of yet unimagined new applications. The CPU has become the bottleneck for data-intensive workloads. We are taking briefings from vendors addressing this problem. Consider the Gen-Z Consortium, which describes itself as a new data access technology designed to provide high-speed, low-latency, memory-semantic access to data and devices via direct-attached, switched, or fabric topologies. A mouthful for sure, but at its heart, this group of vendors is working on how to create an addressable memory space architecture that can hold a yottabyte of data for processing using multiple types of chips: CPUs, GPUs, TPUs, and QPUs someday. Similarly, Fungible has developed a new type of chip it dubs a “data processing unit.” It has onboard software-defined networking instructions, which let it function as a distributed, data-oriented processor capable of computing over 10x more incoming data and distributing that work to CPUs, GPUs, and other emerging processor types in the future. These and other innovations are part of what we call exponential accelerators that make everything up the software stack faster and more capable in chains of technology innovation. They indicate that the next wave of disruptive software will be orders of magnitude more powerful than what we have today, enabling us to build unimaginably powerful new applications that build on cloud, AI, blockchain, edge, and quantum computers — someday. For now, it’s time to get back down into the infrastructure and watch what is happening.

Cisco Looks To Empower Next-Generation Networking Values, Starting In 2020

This leading network technology vendor’s innovation team has launched a new networking processor, Silicon One, which enables internet processing in excess of 10 terabytes per second per router or other device. This technology will greatly empower the forthcoming 5G networks’ bandwidth but also apply to other network types such as Wi-Fi, edge networking, and more. Walt Disney Studios partnered with Cisco to help drive its own innovation efforts to provide next-generation, high-performance video experiences, improved 4K movie making, and transformative theater experiences. Cisco also announced its next-generation routers (Cisco 8000) and network operating system (IOS XR7), which will help its customers deploy secure, high-scalability Silicon One solutions. It also collaborated with a variety of networking vendors, including Comcast, STC, and NTT Com, on this technology, all of which will be adding Silicon One to their own equipment. Clients concerned about their growing network bandwidth requirements for video delivery, edge computing, high-bandwidth cloud connectivity, and other growing needs should see this as an empowering move for their roadmap.

Oculus Hopes ‘Tis The Season For VR To Finally Catch On

Five years ago, Facebook bought Oculus for $2.3 billion. The Kickstarter-funded virtual reality (VR) headset maker had only released a prototype at the time, but true believers expected that fully functional headsets would soon be available and then the magic of VR would take over. Sony jumped in with its PlayStation VR gaming peripheral two years later. The results have been underwhelming. Sony admits it has sold fewer than five million units around the world in three years — to an install base of more than 100 million PlayStation 4 consoles. Some have given up on VR altogether — including Microsoft, whose Xbox chief Phil Spencer recently publicly stated that “Nobody’s asking for VR.” Defenders of the tech claim that it’s a technology problem, asserting that early VR tech suffered from problems such as low visual resolution, the awkwardness of being tethered, and the need to use specialized hardware. This holiday season will be the test of that optimistic, just-you-wait attitude. Earlier this year, Oculus released Oculus Quest, a standalone wireless VR headset. At just $399 for the base model, the Quest has purportedly solved many of the hardware problems above — the price is right, the experience improved. Our take: It’s the content that will matter. At least 20 million consumers have the crucial combination of money, entertainment drive, and novelty-seeking psychology to buy the Quest. But they will only do so if the content is uniquely powerful or if their friends are all doing it or both. Too bad that Facebook doesn’t yet have its Horizon VR environment ready for new Quest buyers, a significant upgrade on the brilliantly flawed Second Life experience from more than a decade ago. It has the potential to take VR beyond shooting zombies into immersive social experiences like flying biplanes through castles built by virtual friends. That combination of novelty and social connection is what will eventually push VR forward. Our take: Oculus Quest will sell fewer than a million units this year, sadly.

Peloton’s Response To Its Commercial Made A Bad Situation Worse

Last week, we avoided the bandwagon — or, should we say, the connected stationary bike. It led only to bewildered conversations about how bad Peloton’s infamous commercial really is. You were likely inundated with enough opinions and had your own. What we will comment on this week is Peloton’s response to the ad: “While we’re disappointed in how some have misinterpreted this commercial, we are encouraged by — and grateful for — the outpouring of support we’ve received from those who understand what we were trying to communicate.” Who are these “some” of which Peloton speaks? Those who drove 4.1M views of one parody video? The poor actress who blamed her own face for the fuss? Wall Street, which punished Peloton’s already volatile stock price? The real answer, one Peloton may not appreciate, is today’s empowered customer. Our research on brand crisis management poses that in today’s climate of customer power, polarization, and social sharing, your brand crisis is inevitable. It lays out what to do (e.g., empathize with customers) and what not to do (e.g., put the company first) when crisis hits. We offer a triage framework, which places this one at a medium severity and guides remediation at the segment level, meaning thank the supporters but don’t dismiss the detractors and move fast. In the time you’re sitting back tight-lipped and deflecting, someone might make a witty gin commercial at your expense — very smooth indeed.