Withings
Show Hide image

This £160 "smart hairbrush" symbolises the big problem with the Internet of Things

Is it worth the risk of hacking - and the potential invasion of privacy - to find out if you're brushing your hair wrong?

Who wants a hairbrush that's connected to the internet? Well, its manufacturers - Kérastase, Withings and L’Oréal - seem pretty excited about it. They unveiled the gadget at the CES technology show in Las Vegas to great fanfare.

The £160 Hair Coach is part of the "internet of things" - devices that promise to be smarter and cooler because they are connected to the web. It contains a microphone that promises to record the sound of breaking hair, and multiple sensors that will send data about your brushing technique to an app on your phone. 

In the last year, the Internet of Things industry has boomed, with everything from smart kettles to smart dolls entering our homes. Unfortunately, many of these devices have been shown to be prone to security breaches. Recently, security researchers found that a connected cooking pot could be hacked to gain access to your phone.

“Any Internet of Things (IoT) device, if security hasn’t been considered properly during development, can be hacked,” says Ken Munro, a security entrepreneur from PenTest Partners, a company which carries out security tests on IoT devices. 

Munro hasn’t yet looked at the Hair Coach, but he speculates about the security of any IoT device with a microphone and internet connection. “Listening to hair breakage requires a microphone, so can it hear more than just breaks? It’s clearly very sensitive, so could it detect human voice and potentially become a spy bug?”

A spokesperson for Withings explained that the microphones are activated only when the user starts brushing their hair. The brush detects when it is being used and begins data collection automatically. The company then store 3-5 second audio recordings. Withings claim the microphone is not able to pick up conversations "unless the user is speaking really closely to the brush". The spokesman added that: "Furthermore, we will apply some filters to not record voice frequencies."

Ken Munro is sceptical that this is technically possible, however. “The manufacturer may counter that the microphone has been configured solely to listen to particular frequencies, but that’s often achieved in software rather than hardware. Hence, there may be potential to modify what it can hear and create that bug,” he says. Withings emphasises that all of its data is secure. "Even if someone achieves to hack the device, all our datas are encrypted," the spokesman said over email.

The brush might well be secure. But its price and its function make it a vivid symbol of the debate over the Internet of Things as a whole. Does every gadget need to be digital? Or is something else going on?

"This just smacks of a marketing team panicking about how to keep their product relevant in the digital age, but some products simply don't need to be digital to be relevant," says Renate Samson, the chief executive of privacy campaign group Big Brother Watch. "It's one thing to bung a sensor and microphone into a device and think your marketing solutions are solved, but what security protections are being installed?"

The rush to digitise has lead to mulliple security and privacy failures in other IoT products. Just last week, a Twitter user shared his experience of his new smart television being infected by ransomware, with hackers demanding $500 (£406) for him to get use of his TV back. In 2015, Munro managed to hack a connected children's doll and make it say swear words, and more recently, he discovered a flaw in the security of a WiFi enabled vibrator that meant anyone could discover which individuals used the device by discovering the location and name of their WiFi connection. "That’s probably not a feature that owners realised or would like!" he says. 

Concerns go beyond spying, however, as IoT devices can be used to carry out Distributed Denial of Service (DDoS) attacks. (Essentially, this is when a website's server is brought down by being hit with so many simultaneous requests for data that it cannot cope.) Last October, sites including Netflix, Twitter, and Spotify temporarily went down after hackers infected unsecured IoT devices with malware, then used them to make server requests. "There's this renewed urgency to talk about what happens when we connect all these things through the Wi-Fi without giving much thought to their security," said NPR technology reporter Alina Selyukh at the time.

But what can you do to keep yourself safe? Ken Munro advises that if you are purchasing an IoT device, you should check whether it needs a pairing PIN to connect to Bluetooth. Without a PIN or passcode, anyone nearby would be able to access the device. It's also important to investigate whether the product is properly encrypted between the app and the company's cloud servers. If not, your personal information about how you use the device could be open to hackers. Although it might not concern you to have data about your usage of your kettle, bin, or hair brush being disclosed, Munro emphasises that such flaws can also lead to your home network and phone being hacked. 

Privacy is also a concern when it comes to data collected by IoT devices. Many IoT companies will share your data with third parties such as advertisers or law enforcement. Last month, Amazon refused to hand over voice recordings from their “constantly listening” Amazon Echo to the police when asked to in order to aid a murder case, but not all companies will resist such requests.

All of these problems are solvable, but the bigger question is - are the gadgets involved worth the bother? A parody account on Twitter, @InternetofShit, reveals the ways that IoT devices actually make our lives worse, not better. Among their recent posts they have chronicled theromstats that show you adverts, alarms that can't be turned off, and a dollhouse where the doors won't open.

If we continue the trend of connecting everything we own to the internet, it's only a matter of time until we become unable to use every day objects due to unforseen faults and flaws, like the person with a "smart lock" unable to open their own front door. Smart devices are going to have to get, well, a little bit smarter. 

Amelia Tait is a technology and digital culture writer at the New Statesman.

Getty/Glu Games/New Statesman
Show Hide image

The second coming of Gordon Ramsay

A star is reborn. 

It would be a lie to say that Gordon Ramsay ever disappeared. The celebrity chef made his television debut in 1997 and went on to star in shows in 1998, 2001, 2004, 2005, 2006, 2007, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, and 2017. There hasn’t been a lull in Ramsay’s career, which has arguably gone from strength to strength. In 2000, he was cooking for Vladimir Putin and Tony Blair – in 2008, he ate the raw heart of a dead puffin.

Left: Gordon Ramsay shaking hands with Vladimir Putin. Right: Gordon Ramsay hugging a puffin (different from the one he ate).

Yet we are, undeniably, in the middle of a Ramsay renaissance. How? How could a man that conquered the last twenty years of cookery-based television have an upsurge in popularity? There are only so many television channels – so many amateur donkey chefs. Wrong. The internet has enabled a Ramsay resurgence, the second act of a play overflowing with blood, sweat, and French onion soup.

Wow.

We all, of course, know about Gordon’s Twitter account. Although started in 2010, the social media profile hit the headlines in February this year when Ramsay began rating food cooked by the world’s amateur-amateur chefs. But other elements of Ramsay’s internet celebrity are more miraculous and mysterious.

His official YouTube channel uploads, on average, three videos a week. Decades old clips from Kitchen Nightmares accumulate over three million views in as many days. A 15,000 follower-strong Facebook fan page for the show – which premiered in 2007 and ended in 2014 – was set up on 19 June 2017.

Wow, wow, wow, wow. Wow.       

A Google Trends graph showing an April 2017 surge in Ramsay's popularity, after a decline in 2014.                                      

What makes a meme dank? Academics don’t know. What is apparent is that a meme parodying Gordon Ramsay’s fury over missing lamb sauce (first aired on Hell’s Kitchen in 2006) had a dramatic upsurge in popularity in December 2016. This is far from Gordon’s only meme. Image macros featuring the star are captioned with fictitious tirades from the chef, for example: “This fish is so raw… it’s still trying to find Nemo”. A parody clip from The Late Late Show with James Cordon in which Ramsay calls a woman an “idiot sandwich” has been watched nearly five million times on YouTube.

And it is on YouTube where Ramsay memes most thrive. The commenters happily parrot the chef’s most memable moments, from “IT’S RAW” to the more forlorn “fuck me” after the news something is frozen. “HELLO MY NAME IS NINOOOOO!” is an astonishingly popular comment, copied from a clip in which a Kitchen Nightmares participant mocks his brother. If you have not seen it – you should.

But what does all this mean for Ramsay’s career? His YouTube channel and Facebook page are clearly meticulously managed by his team – who respond to popular memes by clipping and cutting new videos of classic Ramsay shows. Although this undoubtedly earns a fortune in ad revenue, Ramsay’s brand has capitalised on his internet fame in more concrete ways. The chef recently voiced Gordon Ramsay Dash, a mobile game by Glu Games Inc in which you can cook with the star and he will berate or praise you for your efforts. Ten bars of gold – which are required to get upgrades and advance in the game – cost 99p.

Can other celebrity chefs learn from Ramsay? A generation will never forgive that twisted, golden piece of meat, Jamie Oliver, for robbing them of their lunch time Turkey Twizzlers. But beyond this, the internet’s love is impossible to game. Any celebrity who tried to generate an online following similar to Ramsay’s would instantly fail. Ramsay’s second coming is so prolific and powerful because it is completely organic. In many ways, the chef is not resposible for it. 

In truth, the Ramsay renaissance only worked because it was - though the chef himself would not want to admit it - completely raw.

Amelia Tait is a technology and digital culture writer at the New Statesman.