Life, Connected by Ozzie Diaz

Too Strong to be Weak

2009-12-14T21:06:00.000-08:00

I've always been intrigued and fascinated by technology and how technologies are adopted by people. In the past I've written about the concepts of strong-specific and weak-general. These concepts are not mine (I wish they were). Instead they were originated by Bill Buxton who is currently a researcher at Microsoft Research. I first learned about Bill while reading a book called The Invisible Future: The Seamless Integration of Technology Into Everyday Life.

The reason for this momentary occurrence of awakedness (don't know if this is a word) to the strong-specific and weak-general concepts was from an article I recently saw in FastCompany called Tracing the Evolution of Consumer Electronics. What's Next? The article is really more of a set of family trees showing the apparent origin of certain products back in the days right after the primordial ooze. For example, the Kindle 2 traces back to the original days when, ahem, paper books and book presses were the hot thing...can you imagine that! There are many other interesting lineages for the iPhone, Blackberry, Wii/PS3/Xbox, and other devices.

The core question presented by this article is: will a single device ever unite them all? In my most humble opinion, NO FRIGGING WAY! I could be wrong on this and I'm sure there will be technological innovations that we can't even conceive of or imagine today.

I have an iPhone (3 in fact), Kindle (2 in fact), iPods, netbooks, media center PCs, PS3, laptops, Macbook Air, Razr's, PDAs, a drawer full of cellphones and smartphones (the graveyard of those that didn't pass muster), digital picture frames, cordless telephones, LCD TVs, LCD monitors, other MP3 players that came and went, and I'm sure a few other devices that I'm forgetting.

I believe the primary reason for why we will ALWAYS possess an array of strong-specific devices and NO ONE device will do all of what the FastCompany article devices do is due to how we interact with the devices and applications on those devices. For example, the way we interact (and expect feedback and interaction with us) with a music player is very different than how we interact and expect interaction with our senses with a cellphone. Granted, while the iPhone is supposedly a convergence of these functions and an adaptive screen and UI will present the varying forms of interaction, I'm one of many that will state the iPhone isn't much of a phone. If I wanted a real phone, I'd use my Razr. The iPhone is more of a weak-general device and we all know its weaknesses.

The size and Mobility Quotient are defining factors as well. If the size is larger than my cellphone (my Kindle for example) then I won't be taking this everywhere with me so don't bother putting music functionality (yes, it's in the Experimental section) or voice calling into it. If the Mobility Quotient is high, then I will generally interact with it on an on-demand, "snacky" basis rather than a more dedicated, in-your-face manner as I am doing right now on my Air. While I can write this blog entry on my iPhone, only large doses of mind altering drugs will compel me to do that.

'Nuf said. But am I all wrong on this? Can flexible or rollup displays create a truly useful weak-general, one-size-fits-all device? Can voice, gesture, or Vulcan Mindmeld new interaction models solve the "keyboard barrier" that so many devices suffer today? Are we headed towards a Nebulous Future, per the FastCompany article, where it's not about singularly and vertically designed devices but rather a distribution of functions that collectively create the experience? For example, the compute and connectivity is always in my wristwatch, but depending on what I am intending on creating or consuming the connectivity may be vectored towards a large display or interaction modality that matches my "intention". Who, what, or how will that "intention" be determined?

Who knows. For now, I'm just content to speculate about Apple's tablet device being announced around CES...I MUST HAVE ONE!

Catching a Phish with a Smartphone

2009-12-10T17:29:00.000-08:00

There was more news today in Dark Reading on the vulnerabilities of the Apple iPhone, RIM Blackberry, and Palm Pre as a result of spear-phishing tests using a phony LinkedIn email. The impact of this social engineering threat is two-fold:

1) There are so many people using their smartphones to view corporate and personal email that it's hard to guess whether anyone is safe from this sort of attack.
2) Social networking is becoming one of the killer apps on smartphones, especially when coupled with location (such as GPS) and the real-time web (such as Twitter). The attack preys upon the insatiable need to be connected to our communities, even though I have idea why Bill Gates would want to connect over LinkedIn.

According to Joshua Perrymon, CEO of PacketFocus, "he was able to get his spoofed message through 100 percent of the time." 100%!!!

How do you fix this? According to the article, "The trouble with socially engineered, targeted attacks is that there's no real "patch" to protect products and users from falling for them. Email authentication technologies like PGP are not widely adopted, and it's difficult for vendors to spot spoofed email messages, experts say."

The only resort is to rewind to the stones ages of landline and pen/paper. Highly unlikely so I foresee we're in for quite the Tsunami of Insecurity with infected mobile devices by the millions and billions.

Cellphone 'o Cellphone, Where Art Thou?

2009-12-07T10:43:00.000-08:00

ABI Research recently conducted a survey on the security issues of mobile voice calling. Specifically the concern that cellular voice calls can be either intercepted and decoded, or that the cellphones themselves can be infected and infiltrated with malware that can render it remotely accessible by a hacker or someone who wants to eavesdrop on conversations.

In Dark Reading, an article titled Most Enterprises Ignoring Mobile Voice Security, discusses the findings of the survey from ABI. It states that while mobile voice interception and its vulnerabilities are a high concern to the people surveyed, only 18% of respondents have actually implemented mobile voice encryption. One of the key triggers to this concern seems to be around the announced cracking of the A5/1 encryption for GSM voice from a hacker conference earlier this year. In addition, there will be equipment in the sub-$1000 range available to intercept and decode the over-the-air conversations.

I think there will be issues in the deployment of end-to-end mobile voice encryption.

1) The link layer encryption and authentication protocols will be in place and heavily invested by the carriers and handset OEMs.
2) Additional application layer encryption must be resident and match both ends of a voice conversation, especially in a cell-to-cell call. This will be a challenge given the plethora of handset OEMs and the additional plethora of handset models and OS variants they support.
3) The user experience will need to be completely transparent, including all the key exchange and mgmt. If the user has to doing anything more than pick the number and press Send, there will be significant user dissatisfaction. Ultimately the user just wants to have a call, not worry about security or encryption.

It seems to me that the true security concerns do in fact lay in the shoulders of the enterprise as the report states. The enterprise, whether a govt agency or a corporation, has sensitive information and communications that they can allow to be exposed due to regulatory or governmental policies, or even national security. Until the technology completely solves itself, evolves, and becomes easy to use and pervasive enough to be fully relied upon, all enterprises with this concern need to take the following measures.

A) Identify the physical areas throughout your offices and locations that represent the greatest threat if information or communications at those locations were to leak.
B) Implement a No Cellphone policy at those sensitive locations. They might include boardrooms, trading floors, stock exchanges, classified information facilities, call centers, security operations centers, executive offices or suites, etc.
C) Deploy a Cellular Location and Analytics system or service, such as from AirPatrol Corp., to detect, locate, and perform detailed analytics within a geo-fenced environment, i.e. the sensitive areas. This system can be deployed as an in-house system or service for 24x7 monitoring. Or can be selected as a one-time vulnerability assessment to take a snapshot over a short period to see how bad the problem may be.

At the end of the day, the enterprise needs to do what they can do. There will be an awful lot they won't get the wireless operators to do for them. Security is most definitely one of those things (the enterprise services "SI" part of a carrier corporation notwithstanding). Security adds friction to increasing ARPU. The enterprise needs to take ownership over everything occurring within the confines of their domain.

Do you agree with this? Would love to get point and counterpoint on this topic.

Always Connected Criminals

2009-11-27T10:04:00.001-08:00

I've written on the problem of contraband cellphones in the past and how bad of a growing concern (and public safety threat) this issue is to the respective corrections officials dealing with it. My recently, Richard Stiennon of ThreatChaos forwarded me an article Dawn.com who reports on a lot of news in Pakistan of how Omar Saeed Sheikh, a militant being held in Pakistan for, according to the article, his arrest in Feb 2002 for the murder of US journalist Daniel Pearl, threatened the President and Chief of Army Staff of Pakistan...using his cellphone in a Hyderabad prison!

The article titled, Jailed militant’s hoax calls drove India, Pakistan to brink of war, states "‘Omar Saeed Sheikh was the hoax caller. It was he who threatened the civilian and military leaderships of Pakistan over telephone. And he did so from inside Hyderabad jail,’ investigators said. The controversy came to light after Dawn broke the story, exactly one year ago, that a hoax caller claiming to be then Indian foreign minister Pranab Mukherjee was making threatening calls to President Zardari."

"The very next morning, Nov 29, Hyderabad jail was raided by intelligence agencies and over a dozen SIMs were recovered along with two mobile sets. Majid Siddiqui, the jail superintendent, was suspended. ‘I don’t know much but it is true that some mobile SIMs and mobile sets were recovered from Omar Saeed Sheikh when he was in Hyderabad jail."

It's been said before that criminals would gladly conduct their illicit enterprises from within prisons using cellphones because it's the safest place to be. This certainly rings true of the case of Omar Saeed Sheikh whose cellphone had a SIM card from a UK wireless operator so looked like a UK cellular device roaming in Hyderabad. And over a dozen more SIMs were confiscated during a raid to obtain the contraband. This is only the scratch on the scratch of the tip of the iceberg. This problem will continue to grow without an effective technical solution to detect, track, and monitor or confiscate the contraband devices in all prisons worldwide. These Always Connected criminals will simply continue to easily obtain the same great devices and services that we as productive consumers enjoy and take for granted every day.

Biggest Security Threats to Federal Agencies

2009-11-20T12:50:00.001-08:00

Today an article in Dark Reading titled Federal Agencies: Online Collaboration, Cyber Terrorism, Mobility, Web 2.0 Their Biggest Security Threats outlines the results of a survey by the Ponemon Institute on what ails our government's agencies the most in terms of security threats and concerns. The survey of 217 senior-level federal IT executives yielded some pretty extraordinary findings.

Of particular concern to me is the results of the survey regarding wireless, "Wireless devices were the most serious target in their organizations, with 57 percent pointing them out as such..". I haven't read the report yet, but the cyber threat potential by the fast growing security threat to information, privacy, and national security since the Internet is showing no signs whatsoever of slowing down. The Mobilization Effect on every organization (business or governmental) on the planet is affected by the increasing and insatiable desire of people to be mobile, free of location specificity, yet maintaining access to all the same information when they were tethered.

This goes both ways. The legitimate AND illegitimate or malicious doers are taking advantage of the runaway adoption of wireless devices and technologies, in particular cellphones. This week there was increased coverage of a worm affecting unlocked iPhones apparently having started in Australia but now making its way around the world. Why would that matter to an IT security professional? These same iPhones (and the growing population of unlocked iPhones with SSH holes) are accessing organizational email, being connected to PCs/laptops for charging or tethering, storing and sending documents, having access to LDAP databases through ActiveSync, storing huge caches of contact information, on and on. Not too long ago these were some of the same reasons used for securing desktops then laptops afterwards. Yet the awareness or acknowledgement of the mobile problem, or Tsunami of Insecurity, is in an early stage...albeit growing rapidly!

What's the solution? Stay tuned for the next post on this topic...

Mob-Armageddon or Sign of the Times?

2009-11-01T09:37:00.000-08:00

Last week there were a couple of particularly interesting articles in Dark Reading relating to the emerging apocalypse of mobile bots and the potentially hundreds of millions or billions of infected cell phones conducting malicious activities on behalf of their hacker masters.

The first article discussed a warning issued by the US Computer Emergency Response Team (or US-CERT) on a new free and commercially available application that transforms a Blackberry into a bugging or listening device with no warning to the user. The article titled, US-CERT Warns of Blackberry Spying Application, quotes PhoneSnoop and the developer of the app, Sheran Gunasekera, as having been "surprised US-CERT identified his app in an advisory." In Sheran's defense, he appears genuinely interested in getting the word out regarding the vulnerability of the Blackberry mobile devices and its potential for abuse. This abuse can lead to incredible breaches of security and confidential/classified communications occurring in board rooms, government facilities, financial trading floors...anywhere.

The second article was focused around the vulnerability of smart phones, their rich web browsers, and how social engineering can open huge holes in their security. The article titled, iPhone, Blackberry, Palm Pre All Vulnerable to Spear-Phishing Experiment, describes an experiment conducted by PacketFocus with an opted-in group of users across various organizations. A spoofed LinkedIn invitation message made to look as if it came from Bill Gates was sent to all the users in the experiment. According to Joshua Perryman, CEO of PacketFocus, "the trouble with socially engineered, targeted attacks is that there's no real "patch" to protect products and users from falling for them." But the ONE thing that is the scariest to me (no post-Halloween pun intended) is that Joshua was successful in getting the targeted users to accept the spoofed LinkedIn message 100% of the time! How do you protect against that?

Indeed, how does an organization protect against these vulnerabilities affecting most of the increasingly popular and purchased smart phones on the market? I think there are a few things that can be done, for now:

1) Have full visibility and collect analytics on where these devices are within your organization and how they are being used. Why? You can't protect what you don't know is there.

2) Establish security and usage policies for these devices, especially when they are not necessarily used for business purposes.

3) Work with vendors and service providers to implement security and authentication mechanisms to at least minimize the impact of important information being lost or compromised.

In an increasingly mobile and connected society, this is certainly a sign of the times.

Mobility and Productivity...Enemies or Allies?

2009-09-16T12:52:00.000-07:00

Enterprises and government agencies are mobilizing at both a brisk and alarming rate. The adoption of mobile devices and applications by end users is far outpacing that of the IT and InfoSec organizations to certify or validate the information assurance and regulatory compliance with respect to the entirety of their respective enterprises. There are devices and services such as from Research In Motion that are more mature in the complexities of enterprise security and intranet application mobility. But at least as far as the press buzz is concerned (I'm sure data will support the buzz), rapid adoption of devices that were not designed with an enterprise security focus (such as Apple's iPhone) or mobile applications which have nothing to do with enterprise productivity or security (YouTube, Twitter clients, Facebook, and many social networking apps and services) will present ever-increasing risks to security and workplace productivity.

In a recent article in The Economist titled Big Brother Bosses, it is yet another chapter of how companies are concerned about what their employees are up to from an online perspective. Is it helping my company make money? Is it saving my company any money? Is it making the particular employee do his/her job better so there is a benefit to the company and its shareholders? In the case of a YouTube app streaming cool music videos on an employee's iPhone while they're taking an impromptu "break", the answer is no.

There are many perspectives to the mobile impact towards workplace productivity, information security and regulatory compliance.

The CFO: Am I getting the most from my workforce? How do I subsidize and who do I subsidize with implications of corporate liability exposure to whatever these employees do on their mobile devices? Mobility is intuitively a huge productivity enhancement, but only if I ensure that the RIGHT employees are using these types in the RIGHT way.
The CIO: How do I support the mobilization of my enterprise without sacrificing security and productivity AND not turn my infrastructure and management upside down? This includes both the mobile phones and mobile desktops (i.e., laptops and netbooks).
The CSO/CISO: Might be same as for the CIO, but usually with a stronger and deeper focus on security now and moving forwards. (Ed.: BTW, CIO <> CSO <> CISO).
The Employee: I want to be able to do my job anytime, anywhere, and on any device. But I also don't want my privacy intruded upon.
The HR Manager: How do I implement corporate policies that clearly articulate the right and wrong usages of mobile devices, services, and applications? More importantly, if we speculate there are issues, how do I enforce it without exposing the company to lawsuits by employees?
The Regulator: I know how to craft Sarbanes-Oxley et al requirements to the various corporations (public or private) that are bound to comply. But as perimeters break down, the IT network edge morphs, and mobile/wireless adoption continues to increase, how do I audit and verify compliance to the same regulations?

So what is the solution? There is no one-size-fits-all in terms of technology, rules of thumb, architecture or policy definition. It is literally the "it depends" answer. But here is what I recommend:

- Speak to your peers in other organizations about what they are doing about it?
- Get some free consulting from some of the private security consultants who are active in your industry/vertical?
- Ask your vendors for their opinions, but have a big grain of salt on the side.
- Read…a LOT! There are tons of information, white papers, blogs (like this one), trade rags, analyst reports, news/press, etc. Get informed so that you can refute or agree with the opinions you'll have blasted at you.

- Develop a strategy and solution that are end-to-end viable. What I mean by this is don't take an overly facility-centric viewpoint. You need to account for mobilization, information security, and regulatory compliance for when employees are BOTH on premise and on the road.

- Don't get enamored with technology religion and be flexible, but innovative. Take an inventory of what are the devices, services, and applications that are impacting me. Yesterday it was WiFi and hotspots. Tomorrow it's going to be mobile broadband and the "anywhere office"...in a BIG way!
- Don't forget common sense! This is self explanatory.

I would love to hear your comments, flames, rhetoric, opinions, and general feedback on these topics.

Mobile Hacking Tool...that you can't see

2009-08-10T14:13:00.000-07:00

Amid all the recent buzz on iPhone 3.0 SMS vulnerability and other security concerns around the iPhone, one of the scarier stories revolves around the iPod Touch and how to turn it into a mobile penetration test tool.

The article dated August 5th in Dark Reading, describes the notion of "weaponizing" the iPod Touch. The weaponization according to Thomas Wilhelm from Colorado Technical University, "The iPhone Touch can also perform ARP spoofing and force nodes to use it as a gateway. "The coolest thing with the iPod Touch is that it can tell every computer in the network that it's the gateway, and that when you talk to Google, you have to go through it," Wilhelm says. "Then it captures all of the packets that go across the network."" Why the iPod Touch? Because it's small and can be carried into ANY facility without anyone knowing it.

Furthermore, it can be installed in stealth with some Home Depot parts that Wilhelm instrumented to give it infinite power, "It's basically an electric box with an empty faceplate affixed to a wall to hide the iPod, which is plugged into the wall outlet."

How do you solve this problem? Because the iPod Touch must connect wirelessly to the network, it will be transmitting so can be detected and located by a WIDLS (Wireless Intrusion Detection and Location System) like AirPatrol.

What if this were the iPhone instead of the iPod? Then any vulnerability scans can be immediately offloaded over the 3G network, undetected by ANY of the WIDS systems available in the market today unless it could also detect and locate cellular signals as well. Again, see AirPatrol.

Mobility Paradise or Cyber-Apocalypse?

2009-06-15T20:20:00.000-07:00

A couple of very interesting articles made e-headlines last week. NextGov's article titled Cell phones, other wireless devices next big cybersecurity targets, and GovInfoSecurity's article titled (very appropriately, if I do say so) Tsunami of Insecurity: Safeguarding Mobile Devices brought to light what I've been saying for several months now...mobile devices will be the next generation of cyberthreats and cyberattack targets in a magnitude never before experienced in the information or Internet ages!!!

According to Seymour Goodman, professor of international affairs and computing at Georgia Institute of Technology, "Concern over the vulnerabilities has increased as more users worldwide shift to mobile devices in favor of desktop and laptop computers. More than 3.5 billion cell phones are now in use, vastly outnumbering traditional Internet users".

Let's do the math (these forecasts are per IDS, Gartner, and other analysts):
- About 150,000,000 new laptops and netbooks are forecasted for sale in just 2009.
- About 1,400,000,000 new mobile devices are forecasted for sale in just 2009.
- Approximately 20% of the new mobile devices are smartphone-class devices with powerful processors, operating systems, memory, and ALWAYS CONNECTED.
- So...there are almost twice as many smartphone-class mobile devices flooding the market this year than all the laptops!
- And yet the remaining 1,120,000,000 mobile devices are still quite capable of capturing pictures, storing megabytes and gigabytes of data, and recording audio quite easily.

Alan Paller, director of research at the security SANS Institute, a cybersecurity research and education group in Bethesda, Md., said mobile devices could become a target for hackers, although computer networks remain the subject for traditional cyberattacks. "It's true that we all carry these devices, and I see a rapidly increasing number of attacks against these devices, particularly to make them zombies to complement the PC bots," which spam or send viruses to other computers on the Internet, he said.

With the botnet dream-state of billions of mobile devices making themselves available to new, yet-to-be-discovered forms of malware, the scenario whereby no network or data is safe is rapidly becoming a reality. The only question is:

What are we going to do about it?

Excuse my poor speling and grammer

2009-05-23T15:46:00.001-07:00

Recently I've been noticing a lot of signatures on mobile emails and replies from mobile devices effectively "excusing" the author of poor spelling and grammar due to the email being written on a mobile device.

Is that what we've evolved to as a connected society? I'm in too much of a hurry to write a thoughtful message that includes some semblance of 4th grade spelling and grammatically correct prose? As I write this post, I'm on an iPhone with an incredibly poor virtual keyboard highly prone to errors.

Is the Always Connected society headed towards a new era of idiocy and "deproductivity" as a result of our beloved mobile devices, seemingly fast paced and ADD-riden lives, and an alure towards 100s of "friends" on Facebook rather than 10 more valuable face-to-face relationships?

This notion of Deproductivity is a brick wall we're headed towards at the speed of light. Stay tuned for more evidence of such...

My Board Member Almost Killed Me

2009-04-24T16:43:00.000-07:00

This week at RSA was mostly business-as-usual. Met some great new people, partners, and customers. Saw some interesting security products and systems...although the robot arms pouring beer is just THE killer present for Christmas this year for parties.

One very interesting and "bizarre moment" at RSA really had nothing to do with RSA, but I was walking to the Moscone Center at the time. I had just parked my car in one of the parking garages and headed to the expo. My head was down and I was very immersed in an writing an email on my iPhone (damned virtual keyboard requires eyeballs on it constantly), so wasn't paying the best of attention. I can imagine the criticism from my wife about this along with driving while texting (Disclaimer: haven't done it...I've just heard about such things).

I was walking on the sidewalk and ended up cutting off a car about to turn right into another parking garage, presumably headed to RSA as well. He honked his horn...I didn't hear him. He then rolled down his window and yelled "Ozzie!" I finally dug my face out of the iPhone screen and turned around to see one of my board members.

I wonder what the D&O insurance policy for my company says about this scenario:
- CEO of AirPatrol immersed neck deep in emails on iPhone
- Hit by car driven by a member of the Board of Directors of AirPatrol
- Board member is Bill Crowell (former Deputy Director of the NSA)

Bill's a connected Blackberry guy, so he understood my mesmerized stupor with the mobile device. Thanx, Bill! We had a great breakfast, great show, and no injuries...at least none to attribute to RSA.

To Jam or Not To Jam

2009-04-13T18:21:00.000-07:00

Today I commented on TechDirt's article by Carlo Longino on cellphone jamming and how "no one should profit from criminals", namely the carriers. There are not too many ways that the carriers would be able to discriminate from all the calls coming from within a correctional institution which ones are known legitimate and which ones are known or suspected illegitimate. The problem is contraband cellphones is an incredibly hard problem to solve throughout the entire world! My own company, AirPatrol Corp, is involved with channel partners in the US, Canada, South America, Western Europe, and part of AsiaPac on sales opportunities to correctional institutions for a geo-fencing system to detect and locate cellphones throughout a prison with the intention of then dispatching correctional officers to the specific locations where violations are occurring.

My specific comment on TechDirt involved an ideal solution of detect, locate, then intelligently jamming (if it's possible) the violating cellular devices. Indiscriminate jamming won't solve anything as it's reactive, short term, and harmful to a huge array of authorized cellphone users both within the prison facility and possibly outside. It's no wonder the FCC has not come up with a response to the varying pleas from correctional institutions to legalize it, or at least provide a process by which they can apply jamming on a needed basis. BTW, if a process is required to get permission to apply jamming for each occurrence determined to be warranted, then it's already too late!

This is certainly not an easy problem to solve, but I strongly believe that a proactive sensing, location, and focused cell signal "quieting" system which can also record forensic information for prosecutorial purposes would be preferred over nondiscriminate jamming.

Open Mobile Platforms and Security

2009-03-28T10:55:00.001-07:00

There will be an interesting intersection between open mobile platforms and network/information security looming in the not-too-distant horizon. In particular, security engineers and architects, threat analysts, or general enthusiasts for network and information security have a lot on their plates today on the vulnerability of compute endpoint devices and their subsequent infection with malware that have the potential of creating huge botnets fueling the "snowball effect" of malware propagation and disruption to networks.

Now with the advent of mobile platforms and last years craze on "who's more open then who" in terms of the mobile OS platforms, this starts to illustrate the next major inflection point of potential for vulnerable endpoints, their sheer magnitude, and botnets like the Internet has never seen. Let's look at the numbers. Gartner, IDC and other analysts have forecasted on the order of 100-120 Million new PCs to be sold in 2009. This is mostly laptops with a growing number of netbooks sprinkled in there. ALL of the laptops and netbooks will be equipped with WiFi, likely Bluetooth, and an increasing percentage of 3G mobile broadband. OK, so that is certainly a decent target addressable market (TAM) to go off and provide a security solution for any technology vendor.

But the REAL numbers are in the forecasts for mobile devices...on the order of 1.3-1.4 Billion new devices sold just in 2009! So PCs are just a rounding error when you compare that with new cellular mobile devices. And forecasts for smartphones vary greatly, anywhere from 15-20% in 2009 with a trend towards 25-30% by 2012. These smartphones are small compute devices generally with open OS's, multinetwork connectivity (3G, 2G, WiFi, Bluetooth), and are Always Connected.

We are increasingly using our mobile handsets for what previously was done only on a laptop or PC. We check and write emails, update our Facebook, visit numerous other social networking sites, perform searches for all sorts of things from restaurants to doing research, take pictures and post them to some of the same social networking sites, read RSS or blogs, download files to do what I refer to as "mobile snacking" of the content (scan through a document or Powerpoint pitch for a quick read). Would a security architect or analyst agree that every single one of these actions on a PC would be considered at threatening, hence the need for malware, content, connectivity protection? You bet! And yet these handheld devices and the networks they connect to have generally ZERO protection from the threats!!

So how interesting would a botnet size of rather than 1, 5, or 10 Million endpoints but 10, 50, or 100 Million endpoints be to a malicious code writer or some aggressive government elsewhere in the world looking to put another chink in the economic armor of the US? I don't know...you do the math.

Farewall, Jim Bound!

2009-03-03T11:04:00.000-08:00

I'd like to dedicate this post to a great colleague and better friend who I've known going on 8 years now. Jim Bound was an HP Senior Fellow (only 4 such people in that huge company), a tremendous advocate for IPv6 (he was CTO of the IPv6 Forum and Chairman of the North American IPv6 Task Force, among many other fora he was personally involved with) and the "greater good". What I mean by the "greater good" is that Jim's passion was in serving whatever the needs of our Marines/soldiers, public safety officials, and emergency responders throughout the world. He believed in his heart that through the novel use of technology some of us could actually create systems that would make these people's jobs and lives a bit better and safer. Back in 2006 we collectively published a paper with a small team of industry subject matter experts with this express mission in mind (see the Navel Post Graduate School site for document).

Jim himself was a former Army vet from the Vietnam War era. I am a former Marine. As you can imagine, when two very blunt and straightforward guys get in a room, there is bound to be some friction and "excitement" in the conversation. I've had some of the most heated discussions of my career with Jim Bound. But ultimately they were the most fulfilling as anytime one's passion is applied to what we do in our daily grind, it makes it that much more pallatable if not downright satisfying.

Jim, many of us who have had the pleasure of knowing you and interacting with you on the many projects for public safety, Always Connected, US Northern Command, or the "intricacies" of office politics at HP will miss you tremendously! The world is a lesser place without Jim's character and honest, sincere personality in it.

Farewell and now you can rest, my friend!

GovTrip Hacked

2009-02-24T19:34:00.000-08:00

The US governments travel site (GovTrip) was hacked with a URL redirect method and there is fear malicious code was introduced into user's computing devices, according to ComputerWorld and Network World articles. This site is used by several government workers in the following agencies and departments, among others: Environmental Protection Agency, the Department of Energy, the Department of Health and Human Services, the Department of the Interior, the Department of Transportation and the Treasury Department. The site is used by workers for travel planning and travel expense reimbursements.

The simultaneously novel and threatening approach taken here is that it is not the typical frontal assault at the most secure agencies of national and information security (DoD, NSA, etc.) but rather towards a seemingly benign website but one that is used by enough government workers throughout enough of the key departments, such as Energy and Treasury, to have a potentially huge impact. Don't confuse this as admiration for the perpetrators, but rather acknowledgment of how many "holes" exist in the fabric of the US government and economy's information infrastructure.

There are both intranet and public Internet access to this site. If any of the computing devices accessing this site from the public Internet side also have access to classified or secure networks in their respective agencies, there is where the greatest threat to the information and network security lay in the event malicious code is propagated. Imagine a botnet running without the Department of Energy network where nuclear site protection and operating procedures are stored...no, I don't want to imagine.

U.S. Congressman Twitters in Iraq

2009-02-11T10:16:00.001-08:00

So when can someone be TOO connected? There are those that would argue U.S. House Representative Pete Hoekstra is too connected. According to a recent article in Security Magazine, Rep. Hoekstra sent tweets during his recent trip to Iraq. Some of the tweets include: "Just landed in Baghdad. I believe it may be first time I've had bb service in Iraq. 11th trip here." and "Moved into green zone by helicopter Iraqi flag now over palace.Headed to new US embassy Appears calmer less chaotic than previous here."

I'm a huge fan of the Always Connected User Experience. I'm also a huge fan of social networking and it's inevitable that we are all living more connected lives than ever before. In fact, my children struggle to remember when they were not connected early in the childhood years. My grandson will never know a time when he, his family, friends, and all those around him were connected especially over ever-present mobile technologies. This also creates what is undoubtedly the BIGGEST threat potential to our security, identities, and privacy.

One of the many great things about President Obama's administration and his philosophy is that of the first Connected White House. The U.S. government and its many agencies will for the first time collide with the connected lifestyle enabled by social networks and mobile technologies. It will also need to figure out fast how to balance the new Life, Connected a growing population of its members and the need for secrecy and national security, as well as the security of others we are protecting around the world.

Will this drive the need for capabilities in monitoring, detection, policy enforcements, and possibly surveillance of these always-connected mobile devices? Growth of the mobile phone market is estimated at 8% for 2009, according to Gartner. This is based on a slowdown of the market in 2009, but still a growing demand for mobile devices and services. In 2008, 1.28 billion mobile handsets were sold just in that year. So this will mean almost 1.4 billion more mobile handsets will be sold this year alone!

As was the case with Barack Obama's "blackberry", new and innovative measures will need to be taken in areas where government, defense, and intelligence security are mandated. The optimal solution does not exist today, so the private sector and high tech industries must work hard and fast to solve the vulnerabilities that exist and are growing, but may not be fully apparent to the evildoers and malicious intentions. My company, AirPatrol Corp., is one of these companies that is trying to offer up the balance of a connected environment with the ability to Detect/Locate/Enforce where security and intrusion policies mandate.

What do you think should be done and who is responsible for making sure it happens?

Mobile Exabytes...that's a LOT of zeros

2009-02-11T09:31:00.000-08:00

According to an article on GigaOm, by 2012 mobile will generate up to an exabyte of traffic per month! Just to illustrate, this is an exabyte: 10,000,000,000,000,000,000 bytes. The prediction is part of Cisco's Visual Networking Index which offers up many dimensions of how the Internet will grow and what will drive that growth.

This is all fine and dandy, but Om also makes the same observation that I've written about several times as the biggest barrier to the emerging Exabyte Age...the carrier business model and economics. The carriers have yet to make a quantum leap in how they charge for mobile data and are still generally hovering at hard limits for monthly usage on mobile data plans, Cricket Wireless Unlimited 3G Broadband notwithstanding. The tier-1 carriers in North America (ATT, Verizon Wireless, T-Mobile, Sprint) can't seem to figure out the attractiveness of family plans for mobile broadband. They don't seem to be doing the price elasticity analyses on how they will get more subscribers with more of an appetite to consume new services and value-add applications (see ANY iPhone Appstore article) thereby creating an additive effect for ARPU which would probably yield more positive results than they're seeing today. In fact, it's ALL about the services and apps to drive adoption from the Average Joe mobile subscriber who, even in a down and miserable economy, still seems to prioritize his mobile services above other everyday conveniences, like his morning latte at Starbucks (sorry, Starbucks).

When will the operators wake up and smell the coffee (to extend the frivolous pun already constructed)? Maybe it's just a matter of time. Such as when 4G gets deployed offering better price/performance/bit economics for the operators. But are they really that concerned with the load on their 3G networks? Is this reality or a smokescreen?

Kindle v2.0

2009-02-09T17:37:00.001-08:00

New Kindle is coming out! Yay, or neh? Somewhere in the middle. It's lighter, faster, better battery, and has a cool new "Read to me" feature which will turn it into the biggest iPod ever (READ: can't I just use the audiobook version of a particular book instead of a robotic voice?). Although it's not necessarily cheaper at $359. So hurry up and get your order in...they'll start shipping February 24th.

A couple of really, really nice-to-have features would include: color display and touch screen. Apparently there is no color for eInk technology (though, read the article from eInk), though the new display goes from 4 shades of grey to 16. But touch screen would be such a great feature to more mimic the actions of flipping pages on a book, use a multi-touch gesture to zoom in and out...OH WAIT, isn't that the iPhone/iTouch without the big screen?!?! Somehow it always digresses to an iPhone discussion.

And yet, Amazon announced they'll be making Kindle content available on smartphones, like the iPhone. I'm not sure the "user experience" of reading a book on a 5 inch screen would be an enticement to buy more content, but the rest the iPhone has going for it. The Holy Grail of ebook reading and consumption hasn't been cracked yet, IMHO. While I own a Kindle and love it, I love it more for the _connected_ experience hence readily available selection of tons of content. It's all about the connected experience, isn't it? If the iPhone were not connected, wouldn't it just be an iPod?

The President's "Blackberry" Revealed

2009-01-27T23:22:00.001-08:00

Here is a peak at the President's "Blackberry", although it's not your granddad's Blackberry. Quite the secure piece of hardware and has all the right certifications so that his email musing on foreign policy don't end up on weezer_fiend's blog or Facebook Wall.

I'm not entirely enthused about it being a Microsoft Windows Mobile platform, especially after the news where Microsoft stated there will be fewer WinMo devices in the market looking ahead. Well, I guess one more won't hurt, especially if it's in the hands of the leader of the free world.

The device has a certain robustness that might make Clint Eastwood wanna become a gadget guy like me. i also noticed the "IPv6 upgradeable" feature. I'm a big fan of IPv6 and a member on the Steering Committee of the North American IPv6 Task Force. It makes me wonder when the wireless carriers will get serious about IPv6 given both the greatest growth will continue to be in mobile, but also the greatest threat to information security and compliance regulations. These problems can do with a bit more robust end-to-end security and QoS with IPv6.

But I digress...Mr. President, happy texting!

Wireless Hacking and Intrusions

2009-01-26T23:19:00.000-08:00

Lay's potato chips has nothing on this Pringle's can used for directionally aiming a wireless receiver towards a wireless network, thereby extending the range of the receiver. I've tried this in the past and it actually works. No, I didn't hack a network, just wanted to see if it would actually work. Which is what I believe to be most of the attempts, but you just never know these days with desperation kicking in to high gear with corporate espionage, insider trading, or other less-than-noble attempts at making a fast buck or skirting regulations. Check out the video on YouTube.

Pringle's tube wireless hacking

Here's also another interesting YouTube video on a somewhat detailed procedure of how to "read" the 128-bit AES encryption key for a wireless network over-the-air. I should provide the usual disclaimer that neither myself nor my company condone the use of such techniques for any purpose.

Wireless WEP Key Hacking

Future War & Peace...No, not a new book

2009-01-23T19:21:00.001-08:00

You may ask what does Thomas Barnett's TED Talk on a new map for war and peace have to do with mobile, wireless, and security threats. It's a bit of a stretch, but mobile and wireless technologies would play a huge role in his plan.

- commanding remote UAVs and UOVs (Unmanned Ocean Vehicles)
- Net-centricity: the network enabling all communications, control, command, computing, and intelligence (C4I)
- The Leviathan and System Administrative equivalent of cyber warfare (take down the enemy's systems, economies, and infrastructure) and cyber security (rebuild the new peaceful government's same)

Besides, I love the TED Talks for their unique and brutally honest speakers and content! Enjoy...

Victory for Obama...Again!

2009-01-23T16:37:00.000-08:00

So it seems that the Prez has won the battle of keeping his Blackberry. He says it's not up and running yet, but I imagine that there is some imaginative thinking going on with regards to how to secure it beyond anything the US Secret Service, the White House staff, and of course, Research In Motion have ever had to deal with.

What are some of the most critical characteristics of a mobile device that open up security issues for the President? Of all of the issues, location of the device in the carrier RAN and HLR are of particular noteworthiness. If there is one thing that I would not want any unscrupulous characters knowing is the real-time location of my new President!

But having some very recent experience as Hewlett-Packard's Mobile & Wireless CTO, there are a number of features that most of the enterprise-class mobile email devices implement. Remote lock and wipe, enforced password policies, mobile VPN/encryption, two-factor authentication, etc. According to the article on CBCNews from Canada there is speculation as to whether the actual device is a Blackberry irrespective of Blackberry being used throughout the US and other government agencies. "There has been speculation from security analysts that the device Obama will use would be one already approved by the National Security Agency, such as the Sectera Edge, designed by General Dynamics Corp. and L-3 Communications."

There are threats galore to the average Joe (no, not the Plumber) with regards to mobile and wireless access to information and networks. The article goes on to say, "Even the most secure network isn't perfect and even the most complex security algorithms can potentially be hacked, said Schneier, and he says no shortage of potential groups — from criminals to the spy agencies of other nations — might try to access a device used by the president of the United States."

I wish my Facebook friend Pres Barack O the best of success in keeping his emails inaccessible to others and stay "connected"!

The "Connected" White House

2009-01-20T21:32:00.000-08:00

Now that officially President Obama is in the oval office, we have for the first time in the history of US government a "connected" President and White House. According to Wired, while the new Prez may not be allowed to keep his Blackberry, he is certainly one of the more tech savvy individuals to occupy the Oval Office. However, "aides say that Obama is determined to be the first President to use a laptop in the Oval Office". Good for him and for the spirit of what he is trying to establish, which is to at least run the White House like a new age startup...leveraging all the tools for engaging his "customers" (i.e., the people who elected him...even those that didn't) and listening to them for building and steering his "business" (i.e., the Executive Branch of the US Govt). It's a far cry from having been run like a business, but we all have high hopes for him.

If in fact he gets his wish to be a "connected" President with his laptop, how will his tech staff secure his information and access to networks, secured or the open Internet? If it somehow gets lost or misplaced, how will they be able to track and locate it for recovery. Those questions certainly wait to be answered and many of us in the tech industry (i.e., geeks) await with bated breath!

Accessing Internet via Mobile...Duh!

2009-01-16T12:00:00.000-08:00

A recent article in Online Media Daily (http://www.mediapost.com/publications/?fa=Articles.showArticleHomePage&art_aid=96642) states that the Pew Internet & American Life Project (what does mobile have to do exclusively with America escapes me!) report, "Future of the Internet III", concludes that "most will access the Internet via mobile by 2020". There is a certain obviousness to this conclusion. A. The Internet or any connected experience first via mobile is being experienced by many emerging countries today. B. 2008 will be the year of about 4 billion mobile devices. C. Unless the PCs or laptops (and their connectivity and pricing plans) experience a major disruption and innovation in the coming years, they won't be the majority of Internet access to a mass market of users. D. There is one particular nuance which I did not see in the article and intend on searching out in the report, and that is, WHICH Internet is going to be accessed via mobile devices by 2020? If this is the same Internet mature markets are experiencing through PCs or high end mobile devices, then I may disagree with the reports conclusions. But if it's tailored web services from tailored client applications (widgets et al), then I may tend to agree with the report's high level thesis. Don't get me wrong. I know there is but ONE Internet. It's only a matter of how the information accessed or retrieved from an inquiry is presented to the end devices. There would be rendering, device specific characteristics, mashups handled at the service side and/or device side, etc., etc. An analogy is: I can access the Internet via the Safari browser on my iPhone. This is very much a PC-like experience unless the page or content is developed specifically for rendering on the iPhone. But if it's not, it's the same as on a PC, generally speaking and browser specific configurations notwithstanding. But the many apps that I have loaded on my iPhone that make web services calls to some web service in the Internet deliver to me a very optimized experience of "Internet content" without the delay and drudgery of a full browser experience. So the latter will be hope looking towards the future. Another statement from the article that I am particularly interested in point out, ""If the carriers continue to own the market, network access through mass adoption of the mobile will be far slower than if governments would begin blanketing their land with WiFi (or network access on other spectrum channels) as a public-good infrastructure project," she told the Pew researchers." She is Danah Boyd, social media researcher at Harvard. I don't agree with blanketing ANY land with WiFi, but do agree with the stranglehold of the carriers being a limiting factor to rapid adoption of mobile services. How about this for a suggestion? Have the carriers divest themselves of their network infrastructure and operations, turn it over to the government to be managed as a "public resource" same as our asphalt highways, then compete with other content and service providers for the walletshare of the customer base. I'm certainly NOT for more or big government, but from time to time, the government does do something well for the public well being. Agree or disagree? Or, what's a better idea?

Netbooks, and who pays for what

2009-01-16T11:59:00.002-08:00

There is an awful lot of attention lately on netbooks (the small mini laptops with lightweight operating systems - presumably - and lighter weight hardware architectures - presumably). Most of the PC OEMs have one available in the market. The first of any notoriety was the Asus EeePC and several followed suit afterwards. We're now seeing several netbooks being subsidized by carriers as far down as to the tune of $99 with a multi year contract to be signed by the user. In a recent article in FierceBroadbandWireless (http://lists.fiercemarkets.com/c.html?rtr=on&s=69l,13t6s,8mf,b5mx,in61,4hnu,ir9d), AT&T is subsidizing an Acer network down to $99 available at RadioShack. Wow! Less than a hundred bucks for a computing device far more capable than a typical cell or smartphone is a decent deal, especially in a down macroeconomic environment. So the netbook-for-customers acquisition model seems to be taking off in the US, and has been for a little while now in Europe. Now a new feature is being introduced into netbooks, and that is embedded 3G data modems. That is a whole different dimension to the value proposition for the end user. Because the problem lay in that someone (the carrier, the OEM, the end user themselves, or some combination of retailers+content providers+aforementioned folks) has to pay for the embedded modem, say nominally anywhere from $50 to $100. In Dean Bubley's recent blog post on Who Pays for an Unused 3G Module in a Laptop (http://disruptivewireless.blogspot.com/2008/12/who-pays-for-unused-3g-module-in-laptop.html), he does a nice job is breaking down the ecosystem players, the costs associated with the embedded modems, a range of gross margins for different laptop types, and his conclusion that he foresees slow uptake on embedded 3G modems in laptops. Might the answer lay in more disruptive pricing plans to end users in the form of try-before-buy, session based pricing (pay only when needed), or subsidized connectivity (through advertising and other enticements from content providers, such as AOL or Google)? Given the fact that the 3G modems are not going to be free anytime soon (unless a well known company in San Diego, Finland, or Stockholm relinquish their stranglehold on IP royalties), there will need to be novel ways of getting paid but at the same time enticing the user (in a controlled fashion) to actually use the connectivity service much as they do with WiFi today. And with the proper connectivity and session management, I think a way bettter user experience can be created. Given today's parameters for the pricing plans and royalty streams throughout the ecosystem, there is NO WAY that what we have now will drive adoption to the kinds of mass market numbers many of us in the mobile industry are looking for. We all need to work together and come together with innovative business and pricing models!!! No one company will be able to do it all by themselves, but it's not solely an operator, OEM, or chipset company's problem to solve. Agree or disagree?

Navigation...Appliance or General Purpose

2009-01-16T11:59:00.001-08:00

I've been pretty silent on the blog due to a ton of family related matters, not the least of which is the birth of my first grandson (Ed.: yeah, I know...grandson?). But it was this experience of moving my daughter, son-in-law, and grandson to Southern California from the San Francisco bay area that I was pondering the notion of whether standalone, dedicated navigation/GPS devices or nav/GPS-capable smartphones (or other combo devices) will reign supreme.

My experience basically entailed using my iPhone (or any other GPS-equipped device would suffice) plugged into the cigarette lighter (darned battery life!) and I used Google Maps to effectively travel from San Francisco, through the CA Central Valley, to Los Angeles (visit USC), and ending up in San Diego. We did a LOT of traversing through neighborhoods as we had several stops to see other people in LA and San Diego.

The Google Maps experience was not perfect. There were no turn-by-turn directions. There was no voice turn directions. There was lots of user intervention as the iPhone screen would blank out, Google Maps would crash from time to time, and any route recalculations had to be manually done on the fly. BUT, it's free and all network related transactions are part of the iPhone data plan so no additional service fees as would be on something like the Dash Networks connected nav device (the device is basically a brick without the service...too bad!).

There are 2 meaningful trends going on today. Standalone navigation devices are getting increasingly "connected" to the Internet for location and context searches, as well as possibly updates to mapping data. And smartphones are increasingly being GPS equipped and have Google Maps or other mapping software installed. Yes, the experience of the standalone, dedicated nav devices are their differentiator as their focus is NOT web surfing, messaging, or phone calls...it's navigation. But will the "it's good enough" nature of the GPS capable smartphones as a converged, single device that we all have with us all the time ultimately overwhelm the dedicated nav devices? In a depressed or down economy where consumer spending on new, cool gadgets will definitely take a hit AND it appears that the core mobile devices are still enjoying top-of-the-list for consumers' disposable income, dedicated nav devices will be impacted by the mass market lack of adoption. Niche use cases such as outdoors or other hardcore navigation-heavy scenarios will still go for dedicated nav.

Is this sentiment shared by the market? There is definitely a lot of rhetoric in the marketplace with mobile advertising, mobile marketing, location-based services related to other user experiences. It would seem to me that we'll continue to see nav applications move more towards smartphones and converged devices.

What's THE killer combo? Google Maps (free) with turn-by-turn on a converged device with voice prompts! When will we see that?

TMO Femtocell

2009-01-16T11:58:00.000-08:00

Today there was an article in FierceBroadbandWireless on T-Mobile's release of a 3G/WiFi "docking station" for the 3G modem. BTW, this is not T-Mobile USA, although I can imagine it would be a good offering for TMO USA sometime during the buildout of their 3G network.

The 3G/WiFi docking station is effectively an 802.11 access point with a 3G backhaul. There are a couple of references to it in the article as "femtocell-like". I think this is a good characterization although it's not the classical femtocell which is instead a 3G/cellular front access for phones and mobile broadband equipped laptops and a wired backhaul (typically over the end-users home broadband access lines...backhaul subsidies NOT provided by the operator).

The TMO docking station concept makes sense for 2 reasons. The first is it offers a "migration strategy" for non-3G adoptive users. My wife would not conceive of having a full time mobile broadband account for her own use. But she and I being able to share one makes a lot of sense from an economic perspective. We can both share the 3G backhaul if we did not already have wired broadband service at home, thereby not requiring mobile broadband accounts or multiple of each others devices needing a dedicated mobile broadband data plan. The competition against home DSL or cable broadband is along the lines of what some Clearwire users are doing here in the US. They have a WiMax modem in their home for wireless broadband connectivity, but apparently also take with them to other locations outside the home to re-use the same WiMax data plan rather than dealing with a plethora of one-off WiFi hotspots around their areas. Makes total sense to me.

The second is that it enables many WiFi-equipped devices to connect over a wireless WAN link for connectivity to networks and content. One example is my digital camera has an Eye-Fi wireless SD memory card with an embedded 802.11 radio. This enables me to take a picture and immediately have the pictures uploaded to my Snapfish, Flickr, Picassa, or whatever picture sharing site that has available APIs to the Eye-Fi cloud service. When I'm on the road, I perform this with a similar device to the TMO docking station called a PHS (personal hotspot) from a company called Cradlepoint. They have a unit with an internal battery that takes any of my 3G mobile broadband USB modems to have an instant connected hotspot wherever I am. In my case, it's to quickly upload and share the pictures that I've taken with my digital camera. There would be many other devices that may take a while, if ever, to have 3G embedded radios.

The notion of a 3G router access point has been around for a long time. There are 2 things needed to enable this concept to take off faster than it is today. One is to have an insanely simple experience of activation to the mobile broadband network and subsequent connectivity of the WiFi devices to the 3G router. The second item is an economically compelling value proposition from the carriers to the users. For example, rather than trying to force fit a $40-55 a month plan for each device, incent the user to use the 3G router and pay a base $40 a month for the data plan (including up to 2 devices or 2 users) with each additional device/user connected for $3-5 per month extra. I would argue that if done properly from a technical and marketing perspective, this would be very attractive to several segments of the mass market (business travels, students, young professionals, vertical applications, prosumers/SMBs, etc.).

Good call, TMO! Now when will it be available in the US for some of us to kick the tires?

Health Effects of Wireless, version

2009-01-16T11:57:00.000-08:00

So we have a continuation of the saga of the effects of wireless radiation on the human body. Just today, an article by FierceWireless on a study from the Center for Reproductive Medicine at the Cleveland Clinic (yes, that's Reproductive) states that "link between cell phones and sperm damage. Specifically, the study said, when in close range to the testes and in talk mode, the cell phones damage sperm." Now these sorts of suggestions really hit below the belt (ed.: gratuitous joke opportunity).

These sorts of studies have been going on for quite some time. I remember back in the late 80s and early 90s when the first of the "brain cancer" studies were commissioned by some of the early pioneers in the cellular industry such as Motorola leading to several inconclusive conclusions. I think the problem is that no one wants to take a firm stance and basically state that, "YES, persistent radiation from RF transmitters do in fact cause health issues...because health research is as much an art than a science, we can't tell you exactly what will cause what, but we know it's probably bad and unpredictable."

Legal disclosure: the author of this blog is not a licensed healthcare professional, nor makes any claims or relations between wireless RF radiation and health effects to humans!

There is one thing for sure. We will have more and more RF radiation surrounding and penetrating our bodies as each year passes! More cellphones, more cellular/wireless infrastructure throughout countries and cities (3G, WiMax, LTE, ...), more WiFi access points (2.4GHz, i.e., 802.11b/g/n, is also the more popular microwave oven operating frequency per Wikipedia), more wireless in our home connecting our media entertainment systems as well as wireless home automation and appliances, more wireless in our cars (wireless routers with 3G backhaul are starting to emerge for connected automobiles), more wireless in our pockets and purses (Bluetooth, WiFi, 3G headsets and accessories for communicating, working out, and overall connecting with networks and cloud services), on and on. This is no end in sight!!!

So let the studies kick into high gear! Tell us what we already intuitively know. But tell us in the most certain and objective terms. We can't protect against anecdotes or "linkages" between apparent causes and effects. We KNOW too much RF radiation is bad. If we were intended to be exposed to so much radiation, God would have covered us in copper instead of skin! Hmm, sounds like an interesting opportunity for cloning or stem cell research...

Smart Devices or Better Systems?

2009-01-16T11:56:00.000-08:00

This will actually be my shortest post to-date. Rather than write about the commentary I have on Andy Seybold's Fierce MobileContent, "Wireless Phones are more than mobile phones", I'm going to use a new cool tool a friend turned me on to (thanx, Russ ;-) called Flowgram. So, here it is...just click the link and you'll be taken to my flowgram with audio commentary and highlights on the actual webpage of the article. In case there are problems with the Flowgram widget,

http://www.flowgram.com/p/mfjrme4wtdtnf6/

Leaky WiMax

2009-01-16T11:55:00.000-08:00

In an article today on WiMax Trends Newsletter, there was a website leak from Clearwire's website discovered by a reader from Engadget Mobile on the Xohm WiMax devices. According to the article, the devices are:
Nokia's N810 WiMAX Edition.
XOHM USB (ZTE's TU25) modem.
XOHM Express Card (Samsung's SWC-E100) modem with optional PCMCIA adapter.
XOHM Modem (ZyXel's MAX-206M2) Ethernet hub / router with optional 4-hour battery, but XOHM will not offer static IP addresses at this time.
The XOHM portal supports both Windows and OS X. That said, the modems listed above and Sprint's XOHM Connection Manager software are PC-only, so, tough luck for Mac owners it looks like.
Now, THIS just makes a lot of sense to me (albeit not sure about the N810 WiMax Edition)! As was the case with WiFi, somewhat still the case with 3G (but moving fast to embedded, though not free or commodity such as WiFi), new radio access interfaces to devices go through their infancy of PCMCIA, USB, ExpressCard, or other form of external radio link adaptation before making their way into the devices. For the device OEMs (though Nokia seems to think otherwise), it's an expensive and speculative proposition of burdening the BOM with new, unproven (both technology and business models/ROI) radio interfaces. This way us users get to kick the tires on the service, pricing, mobility, whatever new features are offered, etc. Service providers get to kick the tires of their network planning, billing, subscriber management and support, etc., etc. And device OEMs just get to watch from the sidelines until they decide to either join the "attachment" bandwagon or begin to embed the radio technologies in their respective devices according to their respective pain thresholds of technology and business model adoption.
The Nokia N810 experiment should be interesting, especially given that WiMax is, for all intents and purposes, a one-trick pony in the US as opposed to many other countries where there are multiple operators (incumbent or greenfield) trialing or rolling out WiMax networks. We'll keep our eyes peeled for some semblance of a killer value proposition and matching profits from Clearwire and their WiMax rollouts.

Roaming Rates and Data Plans

2009-01-16T11:54:00.002-08:00

I’ve written a bit about per-device data plans being a pain (especially for those of us with multiple devices) and roaming rates. Just today Joannie Wexler of NetworkWorld published an article on the nightmarish bills received by some executives from a large multinational corporation for the “complementary” iPhones they received. Apparently the bills ranged from $4000 to $5000 apiece! Not a surprise at all given that I encountered over $1000 for 2 days in Paris, France, while connecting to my corporate email with a mobile broadband module in my laptop last year.
The multi-billion dollar question is: When are the wireless operators going to “get it” in terms of not putting their subscribers through the wringer in terms of exorbitant roaming rates or multiple data plans when the user can’t possibly be consuming of all the data plans simultaneously? The answer is: NEVER.
The reason for stating never is that the operators have no incentive to let up on these prehistoric, telecom business models. In addition, the negotiation of roaming rates between carriers remain one of those mysteries in the wireless industry. Granted, the roaming rates are mandated by the regulators to be made public by the carriers and even that process is a chore to gather, especially for the poor IT telecom manager for a multinational that has to develop contracts with all the various operators their company’s employees connect with or are increasingly accountable for estimating the costs as their business becomes ever-more mobile and disconnected from their offices.
In the case of the EU, the EU Commission had to step in and place caps on roaming fees that carriers can charge their users. Roaming is almost a way of life in Europe, but represents a markedly representative example of just how lucrative the roaming business model is for the wireless operators. Hence why they have no incentive whatsoever to make roaming “reasonable” or even promoted for their subscribers. Sure, AT&T has international roaming packages of $24.99/month for 20MB of data usage with overage rates of up to $.0195 per KB in some countries and $59.99/month for 50MB of data usage with overage rates of up to $.0195 per KB in some countries. But the issue is one of TERRIBLE USER EXPERIENCE!!!
If a plan exists, it’s not necessarily visible by the customers. If users having a high frequency of roaming, the operator isn’t necessarily proactive of taking care of their customers to avoid $4000 monthly bills (in all fairness to AT&T, I’ve had occasions where they made major concessions when I’ve had overages along the lines of my Paris debacles…but I’m not your typical user). If the Fetch setting in the iPhone was easy enough to find, the typical user has no idea whether Fetch, Push, Manually, Every 15 Minutes, or whatever other setting are the right ones they need to select when getting off the plane at Heathrow Airport.
While the iPhone may be an attractive, easy-to-use device, the wireless network connectivity and billing models undo whatever Apple may have innovated on the device. It’s obviously not exclusive to the iPhone and will put a dampener on ANY mobile device usability and usage.
Let me know your thoughts on this matter as I imagine we have all experienced or know first-hand someone who has or is experiencing these issues. Will we as users simply just deal with whatever is dealt to us by the carriers because “that’s the way it is”? What can we do otherwise that would signal a demand to move from the telecom business model to something more akin to the Internet business model, aka, no borders, no roaming, the world is our oyster?

iPhone "nano" rumor surfaces...again

2009-01-16T11:54:00.001-08:00

So the iPhone nano rumor has surfaced in the UK, according to London's Daily Mail (also in CNN Money). Apparently the iPhone nano will be available this coming Christmas from O2 for about 150 British Pounds. No other details are available. Don't know if the rumor will in fact manifest itself from Santa in a few months on the other side of the pond (ed.: that's the Atlantic ;-), but Apple had filed a patent last year for a clamshell looking device that looked like a nano. It also makes sense to continue to build out the iPhone portfolio with varying prices and capabilities, but it appears too early given the very recent launch of the 3G iPhone. Which leads me to my prediction of the next product from Apple.
The iPhone Dust!!! This product has been rumored (although not nearly as top of mind as the mainstream iPhone's) for quite some time. There is mild speculation that this product will actually be seen on Apple store shelves somewhere in the lifetime of any of the iPhone mainstream products. The only problem is that an iPhone box doesn't sit on a store shelf long enough to reveal the elusive iPhone Dust phenomenon.
Sorry...I had to say it ;-)

The New iPhone 3G...eh

2009-01-16T11:53:00.001-08:00

The new iPhone 3G has logged over 1M unit sales this past weekend as some of us spent a "bit" of time lining up for one. I was in line on Friday morning for about 2 hours when at approximately 10:30am the AT&T store in the mid-peninsula of the San Francisco bay area ran out of 16G models! Needless to say if you want to see some serious inventory go to an Apple store. That's what I did on Saturday evening when in Los Angeles for the weekend. There were no lack of any color or model. So I'm now the proud owner of the 3G iPhone in nice shiny black! Well, it's not entirely uneventful. - While the 3G speeds definitely improve the already stellar web browsing experience (when you can get 3G coverage), Safari crashed no less then 6 times while trying to access my Facebook account. - The device runs a bit hot on the backside probably where the 3G radio module is sitting. - From time to time, the performance exhibits some delays in launching or shutting down an app. - The embedded GPS is a great feature coupled with Google Maps. I tried the performance of the GPS tracking while traveling northbound on I-5 from Los Angeles to San Francisco (not the whole way, about the last 150 miles). The GPS tracked nicely but Maps accessing refreshed map views kept the cellular radio on and nice and toasty on the back of the iPhone. - The Activesync support for synchronizing with my company's Exchange server is extremely useful and performs well...for now. - The device is lighter than the 1st gen iPhone and slimmer around the edges giving the appearance that it's actually thinner overall. But THE killer feature is the App Store!!! The iPhone has finally arrived at its ideal state of mobile computing! There are for-fee and free apps available on the store. You can find cheap gas nearby, duel with the PhoneSaber (iPhone version of the Star Wars lightsaber...pretty fun though!), find restaurants nearby, locate the nearest Starbucks for that espresso jolt, sign on to a social networking site so your buddies can find where you are and what you're doing, post a blog entry or picture, get the name and artist of a song on the radio (Shazam, this is my favorite), update your Salesforce.com CRM, race a car while holding the iPhone like the steering wheel, on and on and on. Keep in mind that App Store is NOT a 3G iPhone feature, it's an iPhone 2.0 software update feature. So my wife's 1st gen iPhone is also enjoying the App Store experience albeit not downloading over a 3G air interface, but WiFi is available on all iPhones. Overall though the iPhone 3G will have a more expensive total cost of ownership on a monthly basis. The mandatory dataplan with AT&T went from $20/month to $30/month. Text messaging is no longer bundled and the minimum package is 200 messages for $5/month (it goes up from there). Yes, the iPhone itself is subsidized at $299 for the 16G model, but the data plan, voice plans, and text messaging are the same price no matter what hardware purchase model you choose. So AT&T seems to be saying, "it's our turn now Apple!" All in all, the device is decent, but not stellar in comparison to its predecessor. The 3G performance speeds will definitely improve the network connectivity for some of the apps and the Safari browser (as long as it doesn't crash on you...this is the FIRST time I've had so many crashes in any one day on an iPhone). But the real extensibility features are enjoyed with App Store and Activesync/Exchange...have some serious fun and have some serious productivity, respectively.

Wireless Operators Getting the Runaround

2009-01-16T11:52:00.000-08:00

FierceMobileContent published an article today about a report from Pioneer Consulting discussing how mobile operators are facing peer-to-peer pressure. Specifically they refer to the incredible growth in user-generated content on mobile phones and people effectively bypassing the operators networks to distribute and share this content with their family, friends, and social circles. This content is the usual of what you can imagine with multimedia capabilities on mobile phones improving as they have: pictures, audio clips, video clips, music, ringtones, etc.
The article states, “a significant percentage of multimedia content on mobile handsets is either user-generated or just stored on the device, Pioneer reports that a growing number of subscribers are now exploiting alternative technologies like Bluetooth, WiFi and WiMAX to effectively bypass operator networks when sharing their content with friends, family and social networking contacts. The study suggests subscribers who circumvent the traditional content value chain could rob operators of as much as $16.4 billion in potential annual revenues by 2012, more than a quarter of the projected total revenue for the year in question.”
More than a QUARTER of the projected total revenue for the year!!! That’s $16.4 billion with a B! If I were any one of the usual suspects (AT&T, Verizon, Vodafone…BTW, check out this article also on FierceMobileContent where Verizon is pressuring Vodafone to sell its 45% stake in Verizon, where it looks like Verizon wants a bit more autonomy to be “the hunter” and own its own destiny), I would take serious note of these stats and projections.
The only thing that is sad about the article is that users are forced to use highly user-unfriendly technologies like Bluetooth and WiFi. I don’t buy the WiMax part given that there is no such peer-to-peer capability in the WiMax spec (802.16j is not fully ratified, to my knowledge) and besides, there aren’t enough WiMax capable handsets or devices connected to WiMax networks to share a picture with anyways. But Bluetooth and WiFi are certainly capable whether direct mobile-to-mobile (for Bluetooth) or via an access point to a PC or other mobile WiFi-capable device (for WiFi). The sheer pain of dealing with “bonding”, SSIDs, and associating with APs are about as easy for users as a self-driven root canal or impressing Gordon Ramsey on Hell’s Kitchen with my “gourmet” frozen burgers on a rusty BBQ grill. But it appears that the Control by the Consumer trend continues to escalate with increasingly noticeable impact to the wireless operators prehistoric business models and walled gardens.
I wrote a while ago about a company named TerraNet who was doing a GSM phone hack to make them capable of communicating peer-to-peer and bypassing the operator radio network effectively forming ad-hoc networks of GSM phones. Similar to mesh networking where mesh nodes discover each other and form their ad-hoc network for communicating with each other (see a former startup of mine, Firetide, for an example of mesh networking infrastructure). TerraNet has a darn good start to making the user experience of direct mobile-to-mobile communications easy…and they’ve done it via the GSM radio of the handset.
What I’d like to see more of are easy to use and intuitive software apps and UI’s on handsets that use the Bluetooth and WiFi radios in them to facilitate the peer-to-peer communications and sharing that Pioneer Consulting warns operators that they need to realize and find a way of embracing, else major hemorrhaging of value-add services revenue.
One operator who does seem to have a clue on making use of these non-cellular radios in handsets is T-Mobile USA in their Hotspot@Home with unlimited calling while at home connected over their WiFi access point connected back to the T-Mobile core network. In essence a “femtocell” without the pain of the frequency planning or spectrum management. But taking the same advantage of femtocells and using the customers Internet access link at home for “free” backhaul to the core network…FABULOUS model of eliminating a BIG CAPEX problem for themselves.
Hey, TMO! How about a cool Java app that does photo or music sharing over the same WiFi radio you’ve enabled on your dual-mode phones that customers can use all they want? This could create some serious stickiness and up the Cool factor! Actually this call-to-action goes out to all our favorite wireless operators…might be a good time to think about how to embrace the Customer Owns Their Content trend.

Femtocells…v2.0?

2009-01-16T11:51:00.000-08:00

I’ve written about femtocells in the past, but not about how impressed I was with some of the early usages for them. However recently there was a writeup in FierceWireless on Comcast’s announcement of their planned deployment of femtocells from Clearwire for reaching new customers and offering them services over the fixed WiMax links to homes. Now THIS makes a lot of sense to me and falls within a couple of well known business models…wholesale network infrastructure for Clearwire and end-user services for Comcast.
Now the question is: What services will Comcast offer over the WiMax link through the femtocells? Certainly voice over IP which they already offer through their ATA boxes for their cable service customers. Internet access? Sure, that’s a given. IPTV? Hmm. Now is where we have to better understand the QoS services Clearwire will make available to the femtocell point-to-point links and if Comcast would invest in an IPTV infrastructure.
My recommendation to Comcast (or any other MSO) is to do a LOT of lab trials given the “success” the industry has experienced with IPTV. I’m currently a Comcast customer and the digital cable, VoD, and other interactive features of their system. I have to say that my experience with cable these days are dramatically different than the early days of cable (“oh, the cable’s out again…so what else is new?”). They don’t want to take 2 steps back with the 1 great step they’ve made with quality of the service and improvement in their brand.
Depending on the number of channels made available to the femtocells, there is also an opportunity to exercise DOCSIS 3.0 over the WiMax link. This affords an opportunity to take advantage of the management over IPv6 in the spec, as well as channel bonding for offering tiered bandwidth services which can be offered to small and medium businesses. There may also be interest for in-home tiered services such as gaming and multimedia services.
To summarize, I think this is a great application for WiMax at this point in time until the notion of mobile WiMax is further vetted and improved (although I’ve heard some anecdotes of impressive experiences…more to come later). I wish the new Clearwire success in helping to bring Internet services to markets that truly have a need for them, and not try to compete in major metro areas where there are already too many choices. Choice is good for competition, but too much confuses the customers and creates a commodity model where the only area left to compete is on price.
BTW, should Comcast be calling the box a CPE as opposed to a femtocell? Maybe it’s just semantics and “femtocell” is a cooler buzzword than CPE ;-)

Free Broadband Wireless

2009-01-16T11:50:00.000-08:00

This morning in an article on Fierce BroadbandWireless, Rep. Anna Eshoo (D-CA) is introducing the Wireless International Nationwide for Families Act as legislation driving the FCC to auction the 2155 – 2180 MHz spectrum for a “free wireless broadband network that reaches 95 percent of the U.S. population within 10 years.” Hmm, where do I begin?
The article goes on to mention M2Z’s proposal to the FCC and linking it with Rep. Eshoo’s own proposed legislation. While the article does state that Rep. Eshoo “evidently had conversations with M2Z”, the proposed legislation is for an auction, not to give away the spectrum which is a wider swathe of spectrum than what M2Z had petitioned the FCC to freely grant them for supposed deployment of a free, “nearly nationwide” service (see Engadget, Sept 2007). Rep Eshoo wants the winner (seems to imply only one) to install a network and deploy the nationwide service as a free service.
So two things. Firstly, this is on the tail of the close of the 700 MHz spectrum auctions, we have winners for most of the spectrum, but no solid published plans for building a network (or modifying an existing network) to support the new spectrum footprint. In the lesser attractive, 2155 MHz spectrum, all this does is create more confusion as to the viability for a path to deploying a real network. For example, if there is such a thing as an operational model for a wireless network that can sustain free, nationwide service (albeit with lesser radio propogation), what is the incentive for any of the many 700 MHz auction winners to build yet-another nationwide network that would presumably charge for their service? Verizon, maybe you should hurry up and get going on the 700 MHz network buildout.
Secondly, Rep. Eshoo doesn’t have very good technology and business advisors if she is promoting a free, nationwide service. The “free” model is a tough one when a service provider needs to come up with money to install a network and operate it over the long term…all the while making money to keep their investors happy. Do an Internet search on “wireless mesh networks” or “municipal WiFi networks” for a few examples of what I mean. I’ve already written about this on my blog back in April and September 2007. If she wants this to actually go through and get promoted by operators (existing or new) with real money along with attracting an ecosystem to fuel the network services, she should rethink the details.BTW, where does the International part of the name come into play here? This is by no means International. So there are a few bugs with the proposal that need ironing out. But hey, it’s probably election year, right?

Femtocells on my DSL Line?

2009-01-16T11:49:00.000-08:00

I wrote about the femtocell phenomenon on my 27 Sept 2007 blog posting and how femtocells relate to WiFi access points, who will provide wireless communications in our homes, and how will these offers be priced. Well, to throw more fuel on the fire, Verizon Wireless announced today on FierceWireless that they will “begin offering femtocell products and services plans sometime this year”, according to Verizon Wireless CTO Tony Melone. I’m less interested in the notion of the femtocell device (there are plenty of spectral and traffic engineering hurdles that need solutions) but considerably more interested in how the femtocells will connect to the wireless operators core.
In a more detailed article on AP, there is the following excerpt:
“Perhaps best of all, the device sends all calls over the subscriber's home broadband connection, usually DSL or cable, so the carrier doesn't have to pay to carry the traffic from the femtocell to its network. "Backhaul" traffic, which runs calls from cellular towers to the wired network, is a major cost for carriers.”
Hmm. Let me think now. T1/E1 backhaul is one of the largest (if not THE largest) recurring expense for wireless operators today. Wireless operators pay the wired landline carriers for their backhaul from cell sites to the core site. Femtocells in our homes connected to our DSL or cable modems where we get our Internet access from the local access provider. We all pay the local access provider for the “backhaul” of our WiFi access points, home routers, PCs, etc. Hence we are subsidizing the backhaul of the femtocell for the wireless operator to obtain coverage footprint in our homes. And yet, Sprint is charging $50 for their femtocell (from Samsung) and $15 per month service for unlimited calls from home…I assume only for handsets on the particular calling plan, not EVERY Sprint subscriber who happens to be in my home or connecting to my femtocell. And it IS my femtocell if I’ve paid $50 for it, right?
So should I be negotiating a “leased line” rate with Verizon to have them connect their femtocell from my home to their core network? I’m sure Comcast (my local access provider and ISP) would have something to say about that as I don’t have a reseller agreement with Comcast to resell the access line. And I haven’t read anything about Verizon, Sprint, or T-Mobile (they have Hotspot@Home for WiFi-cell handovers) negotiating new broadband leased line rates with the access providers for the home subscribers they are selling their home cellular service plans.
I’ve heard the press announcements talk about better coverage while at home and reduced load on the wide-area cellular network. So why would have I have to pay anything for backhauling the femtocell to Verizon’s core network on behalf of Verizon given that they don’t incur ANY of the backhaul costs they do from standard cellular sites?What are your thoughts on this? Does it matter since we’re in the “new” Internet model and the traffic that would originate from a femtocell on my broadband access line would be miniscule or insignificant? Or we missing something here?