If you haven’t heard by now, the internet was under attack thanks to insecure “internet of things” (IoT) devices. The weapon of choice was the Mirai botnet, which crippled well known sites like CNN, Netflix, Twitter, etc. to a grinding halt. But how exactly did insecure IoT devices help the largest to date cyberattack experienced in the Western hemisphere?
The source of the outage was a distributed distributed denial of service (DDoS) attack, which leveraged a network of IoT devices infected with special malware, known as a “botnet”. The botnet was orchestrated to bombard a server with traffic until it collapsed under the strain. The IoT devices included Xerox, Panasonic and Samsung printers, as well as an array of Chinese manufactured short circuit TVs, DVRs, etc.
Botnets are not new, unfortunately. But a botnet comprised of IoTs is what makes last week’s massive DDoS jaw dropping and terrifying. Why should you or anyone care, especially if technology is not in your wheelhouse? Think of finding out that your garage has served as shelter for a terrorist, who is part of a much larger cell, ready to take down half the country. The terrorist was able to get into your garage easily because you don’t secure it. Guess what? You’re one of the most vulnerable targets if the attack goes down.
Now, bring this back to the IoT framework. Many households are moving toward an connected, IoT world–from refrigerators, thermostats, security systems and security cameras. When everything goes smoothly, we forget how much rely on our IoT devices. It’s only when they’re compromised do we then realize that we may have a big problem.
The crux of the data security challenge that faces us all is that the Mirai botnet revealed how vulnerable we are because of insecure IoTs. The Mirai attack exploited 100,000 connected devices or “malicious endpoints,” which resulted in an epoch attack of 1.2 terabytes/second. Your DVR or short-circuit camera may have served as an unwitting accomplice in the now legendary DDoS attack.
True to my technophile self, I’ve embraced all the latest advances in automobile technology. I was driving a few friends back from lunch a few days ago, and they were aghast at how I didn’t even turn my head as my car backed into a tight space. So, the news of the fatal crash involving a Tesla-S in self-driving mode (aka “Autopilot”) broke my heart. I pictured the proud Tesla owner, Joshua Brown (a tech consulting firm owner) who had grown accustomed to trusting his car to drive him in stop and go traffic. That fateful day was sunny, exceptionally bright, when a tractor-trailer turned left in front of the Tesla driver.
The Tesla news release explained:
Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied. The high ride height of the trailer combined with its positioning across the road and the extremely rare circumstances of the impact caused the Model S to pass under the trailer, with the bottom of the trailer impacting the windshield of the Model S. Had the Model S impacted the front or rear of the trailer, even at high speed, its advanced crash safety system would likely have prevented serious injury as it has in numerous other similar incidents.
While my enthusiasm for autonomous cars remains in high gear, this tragedy highlights the fact that the engineers need to reexamine their algorithms to uncover any other possible scenarios where sensors may not react quickly enough to keep all of the passengers safe.
Autopilot is getting better all the time, but it is not perfect and still requires the driver to remain alert. Nonetheless, when used in conjunction with driver oversight, the data is unequivocal that Autopilot reduces driver workload and results in a statistically significant improvement in safety when compared to purely manual driving.
This begs the question: Why have an Autopilot function if an alert driver is constantly required to oversee the Autopilot? Human nature will result in drivers allowing themselves to get distracted, once putting their cars into self-driving mode. What’s the purpose of an autonomous car, if the human behind the steering wheel cannot let her mind wander for even a moment?
In my hometown of Pittsburgh, Uber is working with my alma mater, Carnegie Mellon, to test its driverless cars. A little over a year ago, Uber’s Advanced Technologies Center opened in partnership with Carnegie Mellon University. Since then, Uber has been revving up its autonomous car testing team. Now, you can find its Self Driving Vehicle (SDV, a.k.a fully autonomous vehicles, i.e. driverless cars) out on the roads of the Steel City to test its real world capabilities.
While driverless cars seems like a solution for Uber, legal issues remain. Sure – SDVs may omit all of the driver-related legal issues that continues to haunt Uber. Bur new and not fully resolved issues emerge. For one, NHTSA has considers the “driver” of SDVs to be the system itself. Thus, in response to Google’s own inquiry (a different project than Uber’s) NHTSA indicated that for Google’s SDVs, the system is deemed the “driver”. This leads us back to the question of who or what is the driver of an SDV.
How might this get parsed for insurance coverage? Good question. The insurance industry will get back to us on that.
According to a McKinsey & Company report suggested how they might do so:
Car insurers have always provided consumer coverage in the event of accidents caused by human error. With driverless vehicles, auto insurers might shift the core of their business model, focusing mainly on insuring car manufacturers from liabilities from technical failure of their AVs, as opposed to protecting private customers from risks associated with human error in accidents. This change could transform the insurance industry from its current focus on millions of private consumers to one that involves a few OEMs [original equipment manufacturers] and infrastructure operators, similar to insurance for cruise lines and shipping companies.
In all probability, liability arising from a car crash with a driverless system will trace back to the manufacturer. This concern may discourage a lot of potential manufacturers from leading the race to develop the best autonomous systems. But, Google, Uber and GM–among other companies–are certainly investing a lot of time and money into developing SDVs.
Remember, too, that Google’s self-driving cars have already gotten into a few minor accidents. As we all know, technology is not perfect. And when technology fails, the SDV manufacturers will be the ones burdened with huge liabilities. Time for them to start getting more insurance, while perhaps not so much for individual consumers.
Maybe owners of Chrysler, Dodge, Jeep and Ram are just too busy or don’t care if they might lose control over their steering or have a defective rear axle. But their problem is exponentially greater because tens of thousands of owners have not responded to recall notices to fix their vehicles for faulty steering and/or suspension parts. It hasn’t helped that Fiat Chrysler dragged their feet in issuing recalls of over 11 million cars and trucks. Thus, this past July, Fiat Chrysler agreed to pay a record $105 million penalty and to take steps following a government investigation of the company’s handling of 23 recalls involving the >11 million vehicles.
The National Highway Traffic Safety Administration demanded that consumers be able to sell their vehicles back to the company if repairs haven’t been completed. Fiat Chrysler has estimated that more than 60 percent of the estimated 500,000 vehicles have already been repaired, leaving them ineligible for a buy back.
Owners of the 1993-1998 Jeep Grand Cherokee and 2002-2007 Jeep Liberty who hadn’t taken their SUVs in for recall repairs for a faulty gas tank by July 24 are eligible for a $1,000 credit that can be applied toward the purchase of a new Fiat Chrysler car or truck at a dealership. Owners who want to keep their vehicles get a $100 prepaid credit card after their repairs are complete.
Some of the $105 million penalty levied against Fiat Chrysler will go to offering buybacks, trade-in incentives or even cash to some drivers affected by the recalls. The company agreed to make all of these deals available in the next few weeks.
If you drive one of several Ram pickup models, or a 2009 Dodge Durango, a 2009-2011 Dodge Dakota or a 2009 Chrysler Aspen, your car qualifies for a buyback if it hasn’t been fixed yet. Eligible Ram pickups include the 1500 from model years 2008-2009 and the 2500, 3500, 4500 and 5500 from model years 2008-2012. Chrysler said that there are less than 200,000 of these vehicles on the roads.
Why Fiat Chrysler got in trouble: Those models were recalled two years ago for steering issues or loose rear axles. Either problem could cause the driver to lose control of the vehicle. To make matters worse, Chrysler didn’t make enough replacement parts or failed to provide “effective” parts after the initial recall, said Gordon Trowbridge, spokesman for the National Highway Traffic Safety Administration.
Other Ram pickups have also been recalled for steering issues, but Trowbridge said that many more of those vehicles were fixed, so they’re not included in this program.
Solution: Whether you bought your vehicle new or used, bring it into a dealer. They’re required to buy the car back from you at “fair market value,” and to throw in a 10% premium. You can walk away with the all that money in cash, or use the money toward purchasing a new vehicle.
“Fair market value” is the original sticker price of the vehicle minus depreciation. The dealer will negotiate that value with you when you take it in. Check Kelly Blue Book or another used-car value benchmark to see what yours is potentially worth.
Who is eligible for a trade-in bonus
Older Jeep Grand Cherokee models are eligible for a trade in at above-market value. If you have a 1993-1998 Jeep Grand Cherokee and you haven’t fixed the fuel tank problem it was recalled for, Fiat Chrysler is required to let you trade in your vehicle and give you a $1,000 credit. These Jeeps were recalled back in 2013 for fuel tanks that can leak after a rear-end collision. That issue has been linked to more than 75 deaths.
The fix: Take your SUV to a dealer and trade your Grand Cherokee in for a new car. The trade-in price will again be for “fair market value,” and the $1,000 can only be used toward purchasing another Fiat Chrysler vehicle or dealer parts and services. If you’d rather keep your Grand Cherokee, Fiat Chrysler must give you a $100 gift card (that you can use anywhere) when you take your SUV in to be fixed.
Who is eligible for a $100 gift card: Some Jeep owners can take their car in for a fix and get a $100 gift card. You can also get a $100 gift card for bringing in a 1999-2004 Jeep Grand Cherokee or a 2002-2007 Jeep Liberty for a fix. Those vehicles also had concerns about faulty fuel tanks and were involved in recalls or “safety campaigns” by Fiat Chrysler. Solution: Take your SUV to a dealer, have your vehicle fixed or inspected, and get a $100 gift card that you can spend anywhere.
What a night at this evening’s 2015 Public Justice Gala in Montreal, Canada. More to come in future posts. However, I wanted to share with you the amazing moments between the new President of Public Justice, Brad J. Moore, and SKW partner Keith L. Kessler. The room was filled with dedicated advocates, who have fought tirelessly for consumer rights. I could go on and on right now, but it’s late. So, I will just put up a couple of wonderful photos.
The first photo (see top of this post) is of Brad Moore and Esther Berezhovsky (outgoing PJ president) on stage.
The next one is of Brad and Keith. Can you see the joy and pride in Keith’s eyes? What a proud father and tremendous mentor…
Brad’s mother, former State Senate House Majority Leader Lynn Kessler, did me the honor of sitting next to me and sharing a little about Brad before he started practicing law. I am truly proud to be a part of such a remarkable firm. We will continue to champion the rights of consumers everywhere.
This summer is looking like it’s going to be a hot and dry one in the Pacific Northwest. Boating and aquatic sports enthusiasts are planning their trips already. Many of you might have plans to buy a jet ski to add to your list of summer toys. However, as our clients have learned the hard way, it’s important to take some extra time to research the jet ski that you’re eyeing. Recalls involving dangerous problems with specific makes and models of jet skis are often under the radar as these don’t make the headlines. News reporters are more focused on the massive recalls, such as the history-making Takata airbag recall.
But remember that these recalls involving popular lust-worthy jet skis, such as the 2015 Sea Doo Spark 2up can and have caused serious injuries. Sadly, we have seen this up close.
Contact us at firstname.lastname@example.org or at 206.448.1777 if you believe that your jet ski injury is the result of a recall that your dealer failed to inform you about.
Ahead of next week’s advisory panel convening, the FDA released some eye opening details related to the superbug outbreaks linked to dirty duodenoscopes. Reports of these outbreaks occurred at hospitals across the country, including Virginia Mason Medical Center in Seattle, WA
Federal regulators disclosed additional clues about the potential harm to patients from a controversial medical scope, providing 142 reports of contaminated devices and possible patient infections since 2010. This came out via a May 7, 2015 LA Times article.
The Food and Drug Administration (FDA) had previously said it received about half that many reports, 75, on duodenoscopes that caused patient infections in 2013 and 2014.
The number of patients involved could be far higher than 142 given that one adverse event report may include many individual procedures/people.
The FDA panel of medical experts is expected to recommend additional steps to regulators, device manufacturers and hospitals. These are steps needed to protect patients undergoing a procedure known as endoscopic retrograde cholangiopancreatography, or ERCP.
Officials report that 669,000 ERCP procedures were performed last year on patients battling cancer, gallstones and other digestive issues.
As we have seen in the news, advocates and lawmakers are directing harsh criticism at the FDA and Olympus Corp., maker of duodenoscopes. Why did they not sooner and more emphatically to report these hospital outbreaks? This would have alerted the broader medical community about the risks of the scope procedure.
Investigations have revealed that patients were infected even when medical centers followed the manufacturers’ (Olympus, Pentax Medical, and Fujifilm) cleaning instructions. Health officials learned that deadly bacteria are easily trapped at the tip of these duodenoscopes.
“The transmission of infectious material from patient to patient during ERCP, although uncommon, represents a serious public health concern,” the FDA states in its latest report.
Federal officials acknowledged that their surveillance system for medical devices has limitations and that incidents can be underreported by manufacturers.
Trek Bicycles is recalling nearly 1 million bikes in the US and almost 100,000 in Canada for a safety issue that resulted in one rider becoming paralyzed.
The Trek bike recall involves a “quick release” lever on the front wheel. The quick release lever is a problem in that it can interfere with the disk brakes, which would cause the wheel to stop turning or to separate from the bike frame, according to the Consumer Product Safety Commission.
Trek said it is aware of three incidents where the problem caused riders to be injured, including one that resulted in quadriplegia. The others involved facial and wrist injuries.
The Trek bikes are from model years 2000 to 2015 and were sold nationwide beginning in 1999. The bikes, made in Taiwan and China, were sold at prices between $480 to $1,650. Trek, a Wisconsin-based bike company, has offered to replace the quick release lever free of charge. It is also offering a $20 coupon good for bike accessories made by Bontrager.
“We sincerely apologize for the inconvenience this has caused you,” Trek says in a notice announcing the recall. “We value you as a customer and want you to safely enjoy cycling on your Trek bicycle.”
Weeks ago, Stritmatter Kessler Whelan attorneys filed a lawsuit in Seattle for a patient, Lisa Miller, who died following a procedure where doctors used an Olympus TJF-Q180V duodenoscope at Virginia Mason Hospital in Seattle. Today, an article appeared in Seattle Times that reports how Olympus issued warnings as far back as January 2013 to hospitals in Europe about the potential for infection when using the exact same scope.
The sealed elevator wire channel in the specialized endoscope is now linked to CRE superbug infections in patients around the country. Reports were made public regarding infections linked to the device in Seattle, Los Angeles and Pittsburgh. Patients died in both Seattle and Los Angeles – the infections have a mortality rate as high as 50 percent due to their antibiotic resistance.
To review your potential case related to a serious injury or death linked to an Olympus scope procedure, please contact us at 206.448.1777 and ask for Karen Koehler or Catherine Fleming.
For additional information, please read our previous blog posts and these Seattle Times articles: