top of page
  • Writer's pictureGoldfinch

Whos fault is it?


Homo Homini Lupus est, a famous latin sentence, that is, a man is a wolf to man. It's all the fault of these damn hackers. About two weeks ago, the story of a man who almost lost all his money was very popular on Linkedin (link). You might think that a story like any other, someone using the Bank, Granddaughter or Policeman method is trying to extort our savings. So why has this story become so popular? In my opinion, there are two reasons:

One - a young narrative - a victim tells about it.

Two - it talks about using technology for bad intentions and this is what we know sells best.

Unfortunately.

More and more often, when browsing the news, you can come across information that technology has hurt someone. One of the catchiest headlines I've found lately is that ChatGPT talked someone into suicide. It is a pity that no one mentioned the fact that AI has already saved the lives of several if not tens of thousands of people by identifying the early stage of malignant tumors. As I mentioned before, it's just a tool, the way we use it depends entirely on us. And here we return to the question "Whose fault is it?"

The story from Linkedin is just such an example, someone uses tools called SMS gateway for sending messages by criminals impersonating, in this case PKO bank. If you remember, SMS gateways were very popular some 20 years ago, because they allowed you to send a message to someone at no cost when, for example, our SMS limit was over. Today, the same technology that was supposed to make life easier for us is working against us. And here it is necessary to ask technology producers to finally take responsibility for their tools, and of course I don't mean that someone is using these tools incorrectly, but that producers knowingly or unknowingly (I don't know which is worse) they do not build mechanisms to protect against misuse.


In 2016, hackers, using devices connected to the Internet, such as IP cameras, video recorders or ordinary home routers, carried out the largest DDoS (Distributed Denial of Service) attack in history, completely blocking access to services such as Netflix, Spotify and Twitter. Since such an attack was already possible 7 years ago, I'm afraid to think what attack could be carried out today with 22 billion devices, such as a vacuum cleaner or a smart food processor, connected to the Internet. I'm curious how many of you have changed your router's default password, if at all possible, because you're using devices provided by your carriers.

And here we come to the point of no return. We, as users, mostly have to trust our suppliers, the only question is whether they do everything in their power to ensure our security, since it is so easy to take over such devices. What's worse, it's getting harder and harder to get devices that are not connected to the Internet. Probably most people in the world do not have the tools or the ability to perform a basic vulnerability scan of devices connected to our networks, let alone analyze the software code used to control all these devices.

Recently, exploring the subject of corporate social responsibility (CSR), I wanted to find out what values ​​introduce technology companies, and whether there are any mentions of cybersecurity at all.

  1. Microsoft

    1. We believe that economic growth should be inclusive – for every individual, organization, community and country. This starts with increasing access to digital skills and opportunities, and ends with bridging the data gap and supporting public health.

    2. We unequivocally support basic human rights, from defending democracy and protecting human rights, to fighting injustice and racial inequality, to ensuring access to broadband and accessible technology - without which people cannot access education, work, healthcare and more.

    3. Climate change is a generation-defining issue, and solving it requires rapid, concerted action and technological innovation. We have outlined ambitious commitments and detailed plans to deliver them, and we help others set and achieve their own climate goals.

    4. At Microsoft, we are optimistic about the benefits of technology, but clearly identify the challenges. To make a positive impact on technology, people need to have trust in the technology that the companies behind them use.

  2. Apple

    1. Since 2020, we are carbon neutral in our corporate activities. Building on this achievement, we have set ourselves an ambitious and urgent goal to produce carbon-neutral products by 2030. And our green chemistry and recycling innovations bring us closer than ever to the day when our products can be made without taking the earth.

    2. At Apple, we work every day to put people first - by empowering people with accessible technology, by advancing equality and opportunity, by creating an inclusive and diverse work environment, and by respecting the human rights of everyone whose lives we touch.

    3. We embed transparency and accountability at every level of our business. Apple's board of directors and governance structure help support principled operations, informed and effective decision-making, and appropriate monitoring of our compliance and performance.

  3. Google

    1. We are decarbonising our energy consumption so that by 2030 we can use carbon-free energy everywhere, 24/7.

    2. Our ambition is to maximize the reuse of scarce resources in our operations, products and supply chains, and empower others to do the same.

    3. By 2030, we will replenish 120% of the water we use and actively support water security and ecosystems where we operate.

Three giants - not one of them mentioned at least once about making people feel safe using their products. The closest is Microsoft, which wants their customers to be able to trust the technology. Second in line is Apple, which points to privacy on its website below its key values. Unfortunately, Google doesn't care about our security. Of course, all 3 companies are investing amazing amounts of money in cybersecurity. On the other hand, all three companies produce the most vulnerable products:

  1. Microsoft - 24242 vulnerabilities detected

  2. Apple - 12341 vulnerabilities detected

  3. Google - 7773 detected vulnerabilities

It's scary to think how leaky Samsung refrigerators or Roomba vacuum cleaners are. You could say that we are at the mercy of technology producers when it comes to cybersecurity. A bit of a sad picture of the future is being created for us. Do tech companies deserve criticism? Personally, I think so. Do we really need a new iPhone every year? Microsoft currently has almost 600 new products and functionalities on its roadmap. The life cycle of technology products is phenomenally short. The expected lifetime of smartphones is a maximum of three years. A well-preserved laptop should last only five years. You've probably come across the statement yourself that household appliances work for the warranty period, because the day after the warranty expires, it breaks down, as if technology manufacturers specially program the life of their products to drive sales of new products. With this rate of launching new products on the market, it's no wonder that cybersecurity is at the very end, because functionality is the most important thing.


Interestingly, if you read the previously mentioned CSR strategies, there is a lot of emphasis on being Eco. Well, yes, but if the producers are Eco, does that mean that their products are also Eco? Well, with such a short lifespan of technological products, it is very doubtful.

So, are we doomed to live in a cyber-dangerous world, since technological progress is driven by ubiquitous consumerism? However dark this tunnel would be, there is a light at its end, and I'm not talking about the locomotive. As customers, we have quite little influence on how companies operate, because how can you not use the achievements of technology. However, we have quite a large impact on other aspects of life, including crucial education. At the prestigious computer science major at the Polish-Japanese Academy of Information Technology, there are 30 hours of lectures and 30 hours of exercises on IT security for a 4 year study program. There are only a dozen or so universities in Europe where you can choose cybersecurity as your field of study. Therefore, it may be worth introducing more safety elements in such. Knowledge about cybersecurity is nothing secret and it is worth introducing it at the very beginning of education.

See that in the case of cars, it is the human who is at the center of safety, not the product. The car as a product has to protect the driver, passengers, and at the moment even the environment. So why can't Internet-connected technology be similarly tested? Since all technological products undergo very rigorous quality tests to be released for sale, why is their content not - meaning why the product will not be tested for cybersecurity before it is released for sale? Maybe then technological products will actually be human-centric?


If you like what you read make sure you subscribe


88 views0 comments

Recent Posts

See All

The H@ck Summit 2023

It is my pleasure to announce that I have been invited to join the Program Committee of this years edition of The H@ck Summit - the largest cybersecurity conference in Poland, which will take place on

Comments


bottom of page