Chaos Lever Podcast

Welcome to this week’s Tech News of the Week! Join us as we break down the most fascinating and sometimes ridiculous tech stories making headlines. Let's dive in! 🎙️

🚨 **Cyber Trust Mark Labels**  
Starting in 2025, new "Cyber Trust Mark" labels will appear on IoT devices, supposedly ensuring better security standards. But will this label actually mean anything, or is it just marketing fluff? Introduced by the FCC in 2023 and overseen by UL Solutions, this program outlines six key security capabilities, like software updates and data protection. Look for this label when buying smart devices in the future! 🔐 Learn more here: https://techcrunch.com/2025/01/07/us-government-set-to-launch-its-cyber-trust-mark-cybersecurity-labeling-program-for-internet-connected-devices-in-2025/

🚗 **Goodyear’s Smart Tires Initiative**  
Forget smart cars—Goodyear says smart *tires* are the future! At CES, they unveiled their Tire Intelligence Platform (Sightline), which monitors tire performance, weather conditions, and driving history to improve vehicle handling. They’re even working on embedding sensors directly into the tires themselves. Looks like your tires may soon know more about the road than you do! 🌧️ Learn more here: https://www.wsj.com/articles/self-driving-cars-dont-do-snow-goodyear-says-the-solution-is-smarter-tires-6ccf0e85

👶 **CES Worst in Show Awards**  
The "Worst in Show" awards are back, calling out the worst tech products in terms of security, privacy, and environmental impact. This year's highlights:  
* 📷 *Least Private:* The Bosch Revell Smart Crib—because who doesn’t want a crib spying on their baby?  
* 🔓 *Least Secure:* TP-Link Archer BE900 Router, flagged for reporting security issues to the Chinese government before telling customers.  
* ❄️ *Worst Overall:* The LG AI Home Inside 2.0 Refrigerator—because apparently knowing what's inside requires AI and an invasion of privacy. Get the full rundown at WorstInShowCES.com! Learn more here: https://www.worstinshowces.com

🌐 **China’s Silent Telecom Cyberattack**  
A chilling report reveals China-backed hackers, Salt Typhoon, infiltrated US wireless networks and political campaigns. The group accessed over a million user accounts through known software vulnerabilities that weren’t patched. No ransoms, no bragging—just quiet, calculated spying for months. The US government is finally urging everyone to adopt end-to-end encryption for calls and texts. Irony, anyone? 🕵️‍♂️ Learn more here: https://www.wsj.com/tech/cybersecurity/typhoon-china-hackers-military-weapons-97d4ef95

That’s all for this week’s tech roundup! Thanks for tuning in—and don’t forget to patch your software. Bye! 👋

What is Chaos Lever Podcast?

Chaos Lever examines emerging trends and new technology for the enterprise and beyond. Hosts Ned Bellavance and Chris Hayner examine the tech landscape through a skeptical lens based on over 40 combined years in the industry. Are we all doomed? Yes. Will the apocalypse be streamed on TikTok? Probably. Does Joni still love Chachi? Decidedly not.

[00:00:00.10]
Announcer: Welcome to Tech News of the Week with your host, Mickey Mouse, the, public domain 1. Please don't sue me.

[00:00:09.08]
Ned: Welcome to Tech News of the Week. This is our weekly tech news podcast where Chris and I analyze 4 stories that jumped out at us in the news. Chris, I'm gonna kick this 1 off. You did so much work with our forthcoming encryption part 3 episode that, that that I'll I'll give you a moment to catch your breath. Cyber trust mark label launch.

[00:00:32.03]
Ned: Starting in 2025, some devices will begin to carry the new cyber trust mark label on their packaging. Does this label actually mean something, or is it like the all natural or multigrain labels, marketing terms that have no legal or official designation? Well, the US Cyber Trust mark was introduced back in June of 2023 by the FCC as a voluntary labeling program for wireless IoT devices. The program will be administered by UL Solutions, formerly known as Underwriter Laboratories, and ensure that vendors adhere to, quote, robust security standards. The standards in question are defined in NIST document internal report 8425, which I had to dig through 3 layers of government documents to figure out.

[00:01:30.23]
Ned: And because I did all that work, I am now going to read the entire 30 page report in full or just summarize it. Better. They identify 6 IoT product capabilities that must be met, asset identification, interface access control, product configuration, software update, data protection, and cybersecurity awareness. Sound like good things. Each of these capabilities has a desired outcome associated with it, meaning that NIST isn't saying how to do something, just what the end result should be.

[00:02:10.20]
Ned: For instance, under interface access control, they say that the IoT device must control access to and from all interfaces whether externally accessible or not. So that hidden Ethernet port or serial console inside the plastic shell, that needs to be secured in addition to the Wi Fi. There's a lot more to this standard, which I think we should explore in greater detail later. So I'll just say that the cyber trust mark is a good thing, and you should look out for it on future IoT device purchases.

[00:02:48.04]
Chris: Forget smart cars, Goodyear says. What we need is smart tires. I don't know where you would put the smart tires without the smart anyway.

[00:03:01.04]
Ned: Okay.

[00:03:02.10]
Chris: There's an old saying for anyone that has ever driven or had feet. Tires and shoes, they are the only part of the person or vehicle that makes contact with the ground, so don't cheap out on them. After all, losing contact with the ground unexpectedly often causes pain. Just ask Ned.

[00:03:24.14]
Ned: It's it's not so much losing contact with the ground. It's gaining way too much contact with the ground.

[00:03:32.02]
Chris: This week, famous blimp company and sometime tire manufacturer Goodyear came out with an interesting statement. Self driving cars are great and all, but they've only been tested really in nice weather.

[00:03:46.05]
Ned: Mhmm.

[00:03:46.24]
Chris: What's gonna happen when it snows or rains or snow rains? If you live in the northeast, you know what I'm talking about, and they're all good questions.

[00:03:57.27]
Ned: Yes.

[00:03:59.06]
Chris: If you drive in a region with changing weather, you know that the amount of time it takes your car to stop can vary immensely, not even from day to day, but from street to street on the same trip. To help with this, Goodyear has announced the Tire Intelligence Platform at CES, AKA Sightline. The tool is intended to work alongside automatic automated vehicle intelligence, taking into consideration specific information about the road and weather conditions to determine external factors, but also the model and age of the tire along with the vehicle's driving history to help fine tune based on the tire's age and performance ability. In the future, Goodyear would also like to embed sensors directly into the tires themselves for more accurate readings, but this appears to be further down the road.

[00:04:58.06]
Ned: I'll allow it. Yes. You're very smart. Speaking of CES, there's more awful things. The worst in show CES awards are presented by a collaboration between ifixit, the Electronic Frontier Foundation, consumer reports, and a few other organizations.

[00:05:19.11]
Ned: The point is to highlight products that are terrible in regards to security, privacy, repairability, and environmental impact. This year, there were some good good ones, some doozies. The least private award goes to the Bosch Revell Smart Crib. It's smart crib for collecting data on babies using its camera, microphone, and radar sensor. This 1 really preys on the fears of new parents, but trust me, you don't need any of this.

[00:05:54.07]
Ned: Babies are real good at letting you know when they're upset. Trust me. The least secure award goes to TP Link Archer BE 900 Router, which makes me a little nervous since I have TP Link devices in my house. The reason for the award is because TP Link has to report all security vulnerabilities to the Chinese government before announcing them publicly. Looks like I've got some Wi Fi shopping to do.

[00:06:27.20]
Ned: And the worst overall award was the LG AI Home Inside 2 dot o refrigerator with ThinQ, a stunning mass of words to describe a product that is stunningly wasteful, insecure, expensive, and inefficient. Fridges need to keep things cold. That's about it. If you need to know what's in your fridge, I don't know, maybe open it. You can check out more about each of these products and the other awards at the linked post, or go to worst in show ces.com.

[00:07:08.09]
Chris: Worst in shows. Yeah. The full story of China's attack on US telecoms is starting to emerge, and it's pretty scary. This report involving investigators from both the government and the private sector show pretty clearly that the hacking group, code named Salt Typhoon, had access into wireless networks, court surveillance networks, and more. The attacks were both personal, as in private citizen, as well as political, as in political citizens.

[00:07:46.22]
Chris: Oh, politicians. That's what they're

[00:07:47.28]
Ned: called. Yeah.

[00:07:49.26]
Chris: And the attacks took data from more than a 1000000 users of US wireless companies in addition to targeting those aforementioned politicians and their political campaigns. Cool. This was based this was based on the evidence unquestionably a state sponsored attack. It was not a hit and run. There was no ransom.

[00:08:13.17]
Chris: There was no media. There was no bragging on the dark web. It wasn't even a 4 chan post. The attackers appear to have been in the system for months on end, moving extraordinarily slowly as to gather information without being caught. The primary way in, it seems, is so so banal.

[00:08:38.00]
Chris: Known software flaws on Internet facing network equipment that hadn't been patched. Mhmm. The access to these endpoint routers allowed the attackers to attack other routers, which as is also frustratingly common, failed to be adequately monitored for logins and east west traffic requests. This is the only info that's been made publicly available. Based on the hyperbole that's coming out from senators in the know, however, it is likely that the damage was worse, and the cause for the damage was even dumber.

[00:09:14.20]
Chris: Ironically, for a country that seems hell bent on ruining the power and efficacy of encryption, the US government is now recommending end to end encryption for all communications. Many lawmakers have already stopped using standard cell phone calls and have started using more secure communication systems like signal. Interesting. Isn't it? When all of a sudden privacy becomes important?

[00:09:42.22]
Ned: How about that? Alright. That's it. We're done. Go away now.

[00:09:48.00]
Ned: Bye.