Site icon Sophos News

This wristband gives you an electric shock when you overspend

Rebecca K. has a problem with road rage.

I mean, sheesh, cruising as slow as frozen molasses in the passing lane? “If you’re not passing,” she fumes, “GET OUT of the lane!” Not to mention “those of you waiting until the last minute to move to the lane in which you need to be, turning from the wrong lanes, pushing your way in to others’ buffer zones …”

Whoa! She’s out of control! Quick, somebody grab your phone and …. ZZZZZZZZZZZTTT!!!!

Ahhhh! That’s better. Nothing like a 255-volt shock to snap you out of whatever nose-picking, hair-twirling, tongue-chomping, horn-blaring habit you’ve spiraled into yet again!

There were no cattleprods involved in that re-enactment. Rather, it was a Fitbit-like wrist device called Pavlok that, as Rebecca K. wrote in her recent Amazon review, has shocking-ish results.

And now, thanks to the gloriously security-addled Internet of Things (IoT) and a platform that calls itself the first IoT bank, those shocking results may soon be coming to a wrist near you, ready to fry you if you spend too much money.

The banking platform, dubbed Interact® IoT, was launched on Thursday by Intelligent Environments: the same outfit that thinks that emoji passwords are a good idea.

Interact® IoT will link one of those shocker wristbands to a bank account.

Rebecca K.’s iteration of Pavlok involved self-inflicted shocks. And, well, shocks administered by people she’d shared access with so they could download the app on their phones and shock her for laughs.

Terrible drain on the battery, that:

It does happen to run down fairly quickly when I’m around friends/family who think it’s hilarious to connect to my Pavlok through the app on their own phones, and then shock me out of the blue for my reaction… Which looks something like a scared, jumping cat from a YouTube video.

I have to take it off.

In contrast, the banking platform’s signals to sizzle your wrist will be automatic. Spend too much, your account balance dips too low, and you’ll find yourself dancing a little jig when you pay up for your Douche Burger.

Oh, and it can turn down your heat, too, with a Nest thermometer. Because millennials.

From the press release:

With a third of millennials too scared to check their bank account, a British technology firm has developed the world’s first Internet of Things bank account. The IoT bank automatically detects overspending, then gives users an electric shock or turns their heating down to save hundreds on heating bills.

This will all happen in four easy steps, Intelligent Environments says:

  1. Customers login to their credit card or bank account.
  2. They connect their Pavlok device and set a spending limit.
  3. When they near their self-imposed spending limit, their phone will display a notification.
  4. If they go over their limit, Pavlok will give them an electric shock.

The company says it’s “anticipating” conversations with banks and credit card companies to bring the IoT banking platform to customers “in the near future.”

It also says that “security is key.” Hence, the Interact IoT conforms to “bank-grade” security to protect accounts, regardless of which smart devices are connected.

The details, links added:

…Interact IoT and the devices that connect to it use AES 128-bit encryption and Transport Layer Security 1.2 (TLS 1.2). To enhance security, Interact IoT server talks to verified smart devices that are encrypted. Furthermore, like a one way street, these devices can only respond to the money in customers’ accounts. They will never be able to communicate with the platform to get access to money.

As far as Rebecca’s quickly draining battery goes, well, she might be wearing another version of the device: one that features an open application program interface (API) that developers are free to use to integrate the device with other sensors/programs, as Pavlok explained in an answer to an Amazon question about how it knows you’re in the middle of, say, biting your nails.

…developers are free to create integrations between our device and other sensors/programs, like GPS, accelerometers, proximity sensors, and browser activity (to name just a few). Already we’ve seen people create integrations that zap you when you say a bad word, remind you to get up if you’ve been sitting too long, or zap you if you visit a web page you want to spend less time on (like facebook). In the future we’ll have integrations that can detect when you are smoking or biting your nails, getting a late night snack that you shouldn’t be having, and many many other bad habits.

I reached out to Pavlok to ask about how they’re securing personally identifiable information like location data, and I’ll update the story if I hear back. Granted, it might be irrelevant with regards to the wristband being used for Interact IoT, or the security of the platform itself might make the question moot.

But considering that it’s an Internet of Things thing, it’s worth asking a lot of questions.

As it is, vendors of IoT devices haven’t always done the due diligence to make sure these devices are secure before they invite us to hook them up to the internet.

From baby monitor webcams with well-known default passwords to drug pumps with no network passwords at all, computer security often takes second place in the IoT.

Too bad we can’t strap Pavloks onto IoT vendors and give them a bit of Pavlovian feedback when we hear news like that!

Exit mobile version