Withings
Show Hide image

This £160 "smart hairbrush" symbolises the big problem with the Internet of Things

Is it worth the risk of hacking - and the potential invasion of privacy - to find out if you're brushing your hair wrong?

Who wants a hairbrush that's connected to the internet? Well, its manufacturers - Kérastase, Withings and L’Oréal - seem pretty excited about it. They unveiled the gadget at the CES technology show in Las Vegas to great fanfare.

The £160 Hair Coach is part of the "internet of things" - devices that promise to be smarter and cooler because they are connected to the web. It contains a microphone that promises to record the sound of breaking hair, and multiple sensors that will send data about your brushing technique to an app on your phone. 

In the last year, the Internet of Things industry has boomed, with everything from smart kettles to smart dolls entering our homes. Unfortunately, many of these devices have been shown to be prone to security breaches. Recently, security researchers found that a connected cooking pot could be hacked to gain access to your phone.

“Any Internet of Things (IoT) device, if security hasn’t been considered properly during development, can be hacked,” says Ken Munro, a security entrepreneur from PenTest Partners, a company which carries out security tests on IoT devices. 

Munro hasn’t yet looked at the Hair Coach, but he speculates about the security of any IoT device with a microphone and internet connection. “Listening to hair breakage requires a microphone, so can it hear more than just breaks? It’s clearly very sensitive, so could it detect human voice and potentially become a spy bug?”

A spokesperson for Withings explained that the microphones are activated only when the user starts brushing their hair. The brush detects when it is being used and begins data collection automatically. The company then store 3-5 second audio recordings. Withings claim the microphone is not able to pick up conversations "unless the user is speaking really closely to the brush". The spokesman added that: "Furthermore, we will apply some filters to not record voice frequencies."

Ken Munro is sceptical that this is technically possible, however. “The manufacturer may counter that the microphone has been configured solely to listen to particular frequencies, but that’s often achieved in software rather than hardware. Hence, there may be potential to modify what it can hear and create that bug,” he says. Withings emphasises that all of its data is secure. "Even if someone achieves to hack the device, all our datas are encrypted," the spokesman said over email.

The brush might well be secure. But its price and its function make it a vivid symbol of the debate over the Internet of Things as a whole. Does every gadget need to be digital? Or is something else going on?

"This just smacks of a marketing team panicking about how to keep their product relevant in the digital age, but some products simply don't need to be digital to be relevant," says Renate Samson, the chief executive of privacy campaign group Big Brother Watch. "It's one thing to bung a sensor and microphone into a device and think your marketing solutions are solved, but what security protections are being installed?"

The rush to digitise has lead to mulliple security and privacy failures in other IoT products. Just last week, a Twitter user shared his experience of his new smart television being infected by ransomware, with hackers demanding $500 (£406) for him to get use of his TV back. In 2015, Munro managed to hack a connected children's doll and make it say swear words, and more recently, he discovered a flaw in the security of a WiFi enabled vibrator that meant anyone could discover which individuals used the device by discovering the location and name of their WiFi connection. "That’s probably not a feature that owners realised or would like!" he says. 

Concerns go beyond spying, however, as IoT devices can be used to carry out Distributed Denial of Service (DDoS) attacks. (Essentially, this is when a website's server is brought down by being hit with so many simultaneous requests for data that it cannot cope.) Last October, sites including Netflix, Twitter, and Spotify temporarily went down after hackers infected unsecured IoT devices with malware, then used them to make server requests. "There's this renewed urgency to talk about what happens when we connect all these things through the Wi-Fi without giving much thought to their security," said NPR technology reporter Alina Selyukh at the time.

But what can you do to keep yourself safe? Ken Munro advises that if you are purchasing an IoT device, you should check whether it needs a pairing PIN to connect to Bluetooth. Without a PIN or passcode, anyone nearby would be able to access the device. It's also important to investigate whether the product is properly encrypted between the app and the company's cloud servers. If not, your personal information about how you use the device could be open to hackers. Although it might not concern you to have data about your usage of your kettle, bin, or hair brush being disclosed, Munro emphasises that such flaws can also lead to your home network and phone being hacked. 

Privacy is also a concern when it comes to data collected by IoT devices. Many IoT companies will share your data with third parties such as advertisers or law enforcement. Last month, Amazon refused to hand over voice recordings from their “constantly listening” Amazon Echo to the police when asked to in order to aid a murder case, but not all companies will resist such requests.

All of these problems are solvable, but the bigger question is - are the gadgets involved worth the bother? A parody account on Twitter, @InternetofShit, reveals the ways that IoT devices actually make our lives worse, not better. Among their recent posts they have chronicled theromstats that show you adverts, alarms that can't be turned off, and a dollhouse where the doors won't open.

If we continue the trend of connecting everything we own to the internet, it's only a matter of time until we become unable to use every day objects due to unforseen faults and flaws, like the person with a "smart lock" unable to open their own front door. Smart devices are going to have to get, well, a little bit smarter. 

Amelia Tait is a technology and digital culture writer at the New Statesman.

Flickr: M.o.B 68 / New Statesman
Show Hide image

“I begged him to come home”: Breaking the taboo around texting the dead

Many people text dead loved ones to cope with their grief – but trouble arises when they get an unexpected reply. 

A month after Haley Silvestri’s dad died from a heart attack, she texted him begging him to come home. In the middle of the night Silvestri’s 14-year-old sister had found their father, with his lips and mouth blue, lying on the kitchen floor. “There was nothing there anymore, just a dead body,” Silvestri says. “My father had his first heart attack months before and seemed to be doing OK. Then, this happened.”

In the very first episode of CSI Miami’s seventh season, the protagonist – Horatio Caine – fakes his death. For the first 15 minutes of the episode, the viewer believes the character is truly dead, as the camera lingers on Horatio’s body face down on the tarmac.

Silvestri and her father used to enjoy watching the show together. After he had passed and she realised she would never see her “best friend” again, she picked up her phone. “I texted my dad begging him to come home,” she says. “I begged my dad to please be ‘pulling a Horatio’.”

"My heart was broken and I was bawling as I texted her over and over" 

In texting her father after he had died, Silvestri is by no means unusual. No official figures exist for the number of people who use technology to message their deceased loved ones, but Sara Lindsay, a professional counsellor, clinical supervisor, and trainer, says it is “more common than we think”.

“I see it as a modern and contemporary part of the grieving process,” she says. “I think in a way it's very similar to visiting a graveside, in that the bereaved are reaching out, particularly in the early days, because it takes a long time for people to process the reality that this person has now gone.”

Karlie Jensen, 18, texted her friend immediately after she found out she had died in a car accident. “I texted her as soon as I woke up to the news from my mom that she had passed. My heart was broken and I was bawling as I texted her over and over waiting for a text saying it wasn't her, that my mom didn't know all the facts, and maybe she was just hurt.” Jensen also called her friend and begged her to respond. “I did it because I couldn't let go and couldn't accept she was gone from my life forever,” she says. Karlie continued to text her friend while also calling her voicemail in order to hear the sound of her speaking again. 

Karlie (right) and her friend

After her first text to her deceased father, Silversti also began texting him once a week. She fell into depression, and on her worst days messaged the number. “I think it helped initially because it felt like I was personally writing a note to him, that I knew he only was gonna see,” she says. “I did it because it was my attempt at pretending he was still here and could text me back.”

Lindsay, who has over a decade’s experience of bereavement counselling, emphasises that this behaviour is in no way unhealthy. “I think on the whole it's a very healthy part of grieving, particularly in the first year where the bereaved faces agonising days without their loved ones,” she says. “There is just so much loss and change in their life that’s out of their control, I see this aspect of texting as a small way of being able to reach out and alleviate that pain. That person is suddenly now not there but how they feel about that person hasn't changed.”

"I was going through my phone and I saw his number – I wanted to delete it, but I hesitated I thought maybe I could send a text"

Despite being normal, however, using technology to talk to the dead is a behaviour we rarely – if ever – hear anything about. If the words “texting the dead” make it into the media, they are usually followed by a far more sensationalist “and then they text back!!!!”. Yet although messaging the deceased is popularly seen as the stuff of horror movies and trashy headlines, in reality it is simply a new, modern way to grieve.

Via Mirror.co.uk

“The first time I texted him I was on my bus on the way to school,” says now-20-year-old Dylan Campbell about his cousin Josh, who passed away from leukaemia. “I didn't have many friends so I had no one to talk to. I was going through my phone and I saw his number – I wanted to delete it, but I hesitated I thought maybe I could send a text and someone would reply or I would get something out of it.”

Campbell continued to send his cousin texts for a few weeks, “kind of like a diary”. He says he did so because he regretted not seeing Josh more up until his death, and “had a lot of things to say” that he’d never had the chance to. Linsday says texting in this way is a very healthy way of completing unfinished business. “There might have been something they've never said to their loved one that they want to be able to say and texting is a very normal place to do that.”

"Begging for a dead person to reply to you hurts since you won't ever get what you want in return"

Nonetheless, Lindsay notes that texting the dead can become unhealthy if grief becomes “stuck”, and the texting replaces normal communication or becomes a long term compulsion. Unlike Silvestri and Campbell, Jensen continued to text her friend in the hopes she would text back. She admits now that she was in denial about her death. “Begging for a dead person to reply to you hurts since you won't ever get what you want in return” she says. “I don't know if it helped trying to contact her or hurt worse because I knew I'd never get a reply. I wanted a reply.”

Quite frequently, however, this reply does come. After a few months – but sometimes in as little as 30 days – phone companies will reallocate a deceased person’s phone number. If someone is texting this number to “talk” to their dead loved one, this can be difficult for everyone involved.

“This story doesn't have a happy ending,” says Campbell. “After a few months someone from that number called me and yelled at me to stop bothering them – it was really heart breaking.” When Silvestri texted her father to wish him a happy birthday (“Saying I hoped he was having a great party up in heaven”) someone replied telling her to never text the number again. “I was pissed off,” she says. “Just block my number if it was that serious. This was a form of therapy I needed and it got taken away because someone couldn’t understand my hurt.”

Indeed, behind the sensationalist tabloid headlines of "texting back" is a more mundane - and cruel - reality of pranksters pretending to be the dead relatives come back to life.

"Visiting a grave is a clear recognition that the person visited does not exist in the normal day-to-day state of life, whereas texting allows for a suspension of that reality"

Silvestri, Jensen, and Campbell have never spoken to anyone else about the fact they texted their dead loved ones. Lindsay says that a fear of seeming “mad” combined with cultural phenomena – like the British stiff upper lip – might make people reluctant to speak about it. There is also a stigma around the way much of our modern technology is used in daily life, let alone in death.

This stigma often arises because of the newness of technology, but Christopher Moreman, a philosophy professor and expert on death and dying, emphasises that texting the dead is simply a modern iteration of many historical grieving practices – such as writing letters to the dead or talking to them at their graves. “I don't think the process of grieving is much changed, even if new modes of grieving come about due to new technologies,” he says. In fact, if anything, the differences between old and new ways of grieving can be positive.

“One important difference is in the sense of proximity,” explains Moreman. “I can text a loved one from anywhere in the world, but I can only visit their grave in one specific location. In another way, texting has the same structure whether I am texting someone who is alive or dead, so a sense of proximity also exists in the experience itself.

“Visiting a grave is a clear recognition that the person visited does not exist in the normal day-to-day state of life, whereas texting allows for a suspension of that reality. Some people may complain that new technologies allow us to ignore the reality of death, but there isn't any evidence that one way of grieving is more or less healthy than another.”

Amelia Tait is a technology and digital culture writer at the New Statesman.

0800 7318496