IOT | Bach Seat

Tag Archive for IOT

RB | September 25, 2014

Comments Off

Internet of Things Full of Holes

The Internet of Things, is big and heading towards huge. The Internet of Things (IoT) is a system where unique identifiers are assigned to objects, animals, or people. These “Things” then transfer data over a network without requiring human-to-human or human-to-computer interaction. Whatis.com says IoT evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS), and the Internet.

Business Insider believes that the IoT will be the biggest thing since sliced bread. They claim there are 1.9 billion IoT devices today, and 9 billion by 2018, which roughly equal to the number of smartphones, smart TVs, tablets, wearable computers, and PCs combined. Gartner (IT) predicts that there will be 26 billion IoT devices by 2020. Based on a recent article in InfoSecurity Magazine is a very scary thing.

The InfoSecurity article says HP (HPQ) found 70% of the most common IoT devices have security vulnerabilities. HP used its Fortify On Demand testing service to uncover security flaws. HP detected flaws in IoT devices like TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales, and garage door openers as well as their cloud and mobile app elements according to the new study.

HP then tested them with manual and automated tools and assessed their security rating according to the vendor neutral OWASP Internet of Things Top 10 list of vulnerability areas. The author concludes that the results raised significant concerns about user privacy and the potential for attackers to exploit the devices and their cloud and app elements. Some of the results are:

A total of 250 security concerns were uncovered across all tested devices, which boils down to 25 on average per device,
90% of devices collected at least one piece of personal information via the device, the cloud, or its mobile application,
80% of devices studied allowed weak passwords like 1234 opening the door for WiFi-sniffing hackers,
80% raised privacy concerns about the sheer amount of personal data being collected,
70% of the devices analyzed failed to use encryption for communicating with the Internet and local network,
60% had cross-site scripting or other flaws in their web interface vulnerable to a range of issues such as the Heartbleed SSL vulnerability, persistent XSS (cross-site scripting), poor session management and weak default credentials,
60% didn’t use encryption when downloading software updates.

Mike Armistead, VP & General Manager, HP Fortify, explained that IoT opens avenues for attackers.

While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface … With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.

HP urged device manufacturers to eliminate the “lower hanging fruit” of common vulnerabilities. They recommend manufacturers, “Implement security … so that security is automatically baked in to your product … Updates to your product’s software are extremely important.”

Antti Tikkanen, director of security response at F-Secure, told InfoSecurity said the problems HP uncovered in this report were just the tip of the iceberg for IoT security risks.

One problem that I see is that while people may be used to taking care of the security of their computers, they are used to having their toaster ‘just work’ and would not think of making sure the software is up-to-date and the firewall is configured correctly … At the same time, the criminals will definitely find ways to monetize the vulnerabilities. Your television may be mining for Bitcoins sooner than you think, and ransomware in your home automation system sounds surprisingly efficient for the bad guys.

rb-

I covered the threats that IoT or “smart” devices presented back in 2012. I don’t know where HP (or the rest of the security community) has been.

The current generation of “smart” devices does not seem to have any security. Most likely the manufacturer did not consider basic security or worse calculated it was better to ignore the secure design in their rush to gain market share.

It is also annoying that HP did not reveal the details on the products they tested.

Internet of Everything Is Hackable (inventorspot.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2014, Bitcoin, Business Continuity, Cloud computing, CSS, Disaster recovery, Encryption, Gartner, Heartbleed, HP, HPQ, Internet of Things, IOT, Malware, Mobile, Network, Password, Ransomware, Security, Wi-Fi, Wireless

RB | December 10, 2013

Comments Off

6LoWPAN ?

BYOD, BYON, IoT, IPv6, SaaS, SDN, MDM, M2M, TCP/IP, IEEE, EIEIO, IMHO, tech is drowning in drowning in acronyms. And now Stacey Higginbotham at GigaOM explains 6LoWPAN. 6LoWPAN stands for IPv6 over Low-Power Wireless Personal Area Networks. 6LoWPAN is the lightweight version of traditional internet protocol (IP) designed for the internet of things.

Misco reports that Internet-connected devices will number 9.6 billion by the end of 2013 and the figure will jump to 28 billion by 2020. Currently, the 9.6 billion Internet-connected devices connect to another device, a phone, or a corporate gateway. In order for a true internet of things to emerge, these devices should have the ability to connect directly to a web service.

Device to cloud

Instead of device-to-device, it’s device to cloud. The article surmises that since most of today’s devices use IP to connect to the web, engineers would like to use IP to connect devices to the web as well. The only problem is that IP is a heavy, energy-intensive beast. This is one that reason, the Internet’s standard’s setting organization, the IETF, proposed 6LoWPAN in 2004.

The numeral 6 in the standard, is short for IPv6. Ms.Higginbotham explains that if you’re envisioning tens of billions of connected sensors then IPv6 is the way to go. However, supporting the 128-bit numbering system required by IPv6 also takes computing and memory overhead that tiny sensors don’t have. It also requires longer packet headers and such that can clog low bit-rate networks. Since the 6 is IPv6 and the Lo references the low-power aspect of the protocol.

The WPAN or Wireless Personal Area Network is a nod to the wireless mesh network that the protocol supports. Because this isn’t directly analogous to the traditional network stacks, it’s hard to limit the technology to a particular layer in the network.

Sensors in a connected network can run the gamut from a video camera that’s plugged into a wall to a battery-powered water sensor hiding under the washing machine. GigaOM says the standard is flexible enough that some nodes might be able to do more than just send information. Others can be designed to sleep until an event wakes them for a data transmission. In short, it’s complicated, which makes defining a network stack or standards for the internet of things tough.

6LoWPAN will use multiple radio protocols

The WPAN in 6LoWPAN will use multiple radio protocols. It can work over several radio networks that use the IEEE 802.15.4 standard, the most popular being ZigBee. The IETF is also working with the Bluetooth Special Interest Group to build 6LoWPAN support for the Bluetooth protocol.

GigaOM notes that the Bluetooth SIG already has taken steps to cut power consumption to meet the demands of the internet of things, so it clearly is also aware of the need for the IPv6 addressing scheme if every bra, door lock, or porta-potty is going to hop on the InterTubes without a phone or computer.

Charles McLellan at ZDNet explains that IBM (IBM) has teamed up with wireless sensor network specialist Libelium to deliver a wireless sensor platform starter kit comprising IBM’s Mote Runner SDK and Libelium’s Waspmote sensor platform, Waspmote Mote Runner development platform allows researchers to explore the benefits of 6LoWPAN.

Tech titans betting on 6LoWPAN

Ms. Higginbotham says that IBM getting behind the standard with this announcement is just one more big-name betting on 6LoWPAN as the communications protocol for the internet of things. She says a few months ago ARM purchased Sensinode, a company that has literally written the book (MP4) about 6LoWPAN. Cisco (CSCO) has an investment in 6LoWPAN with its 2010 purchase of Arch Rock, for its smart grid initiative.

Platforms such as Electric Imp, Ayla Networks, and ThingSquare, all of which offer modules and services to connect devices directly to the internet, are also gaining ground with test programs and early adopters, helping make the case for 6LoWPAN. So as devices start going directly to the cloud and bypassing phones and computers, having a protocol that supports modern addressing at relatively low power and low overhead will become more important. And that’s what this terribly awkward acronym provides.

rb-

6LoWPAN is what will drive the rapid growth of the IoT. The Business Insider says that IoT grows from 1.9 billion devices today, to 9 billion by 2018. To put that in perspective, BI claims that by 2018 IoT will be roughly equal to the number of smartphones, smart TVs, tablets, wearable computers, and PCs combined.

You can insert your own joke about the feds collecting data from a porta-potty.

What do you think? Is 6LoWPAN the best way to connect IoT devices to the cloud?

Discovering new IoT hardware development scenarios (sensos.wordpress.com)

Category: Uncategorized | Tags: 2013, 6LoWPAN, ARM, Bluetooth, Cisco, Cloud, CSCO, IBM, Internet of Things, IOT, IPv6, Libelium, Sensinode, WPAN, ZigBee

RB | November 29, 2013

Comments Off

Activity Tracker For Dogs

Fitbark is one of a small number of startups working to support and even improve the health of dogs. Business Insider reports that Fitbark just raised $80,000 on Kickstarter from 697 backers — more than double the amount it was seeking to support its product and mission of fun and responsible dog parenting.

“We looked around and realized there’s a black hole in the way we track the health and activity of our dogs throughout time,” Fitbark co-founder Davide Rossi tells Business Insider. “If you cannot measure it, you can’t improve it.”

Daily goals dogs

New York-based FitBark recommends daily goals for your dog based on breed, weight, size, and age. From there, a dog owner can tweak those recommendations. The article says FitBark aims to provide rich information with actionable insights for dog owners. That way, owners can quickly gauge what kind of day their dog is having, even if they’re away from him or her. They can also use that data to share with the veterinarian at their dog’s next check-up.

FitBark’s “Bark charts” let owners know if their dog is moving less than normal, which could mean the dog is sick. Owners can also gain better insight into how their dog acts around different people. The author says the data can be used to suggest that their dog is more active with one pet sitter than the other. Or maybe one boarding home makes their dog exercise more than the other.

BI reports that if FitBark notices that a dog is nowhere close to hitting his or her daily goal, the owner may get a notification suggesting to take their dog on a walk. But if the dog is with a pet sitter, the owner could call and check-in.

How it works

The FitBark device attaches to a collar and collects data on the dog’s activity levels 24/7 and sends the information it collects to FitBark servers when the wearable device is within range of an authorized smartphone or a FitBark base station. Once this occurs, the dog’s data is analyzed and sent back to the owner’s phone. Owners can then compare his or her dog’s actual activities levels to the dog’s daily fitness goals.

Down the road, Fitbark envisions trainers or even veterinarians tapping into its API to help carry out a custom exercise plan. “Trainers will complain that they prescribe or recommend a program for dogs and owners, but there’s no way to monitor compliance,” Rossi says.

Another application could be for lifestyle recommendations. So a developer could make an app to suggest certain types of pet foods, sync that up with Fitbark, and see if there are any noticeable changes in activity.

GigaOm points out that Fitbark pulled an earlier attempt at crowdfunding the device to rethink the business model, scrapping the monthly subscription fee and opting for a fixed price tag of $69 via Kickstarter or $99 for general retail.

Wearable tech market

Broadcom (AVGO) CEO Scott McGregor has announced its entry into the wearable tech market with the company’s low-cost, low-power Wireless Internet Connectivity for Embedded Devices (WICED) hardware platform for connected mobile devices. PCMag reports that Broadcom sees a lot of potential for simple, inexpensive, purpose-built products that use one or more connectivity technologies like FitBark.

rb-

I covered a similar product called Tagg back in 2012 here. A lot of things have changed since then. Machine to Machine communications and the Internet of Things is all the rage. The Cloud is a viable business model. Big-data analytics is allowing the NSA to spy on the world. And now all of that has come together, M2M dog tags run thru big-data analytics stored in the public cloud so the NSA can spy on U.S. dogs. What a country!

The 5 PetTech Sites That Your Pet Wishes You Were Visiting (alleywatch.com)

Category: Uncategorized | Tags: 2013, BRCM, Broadcom, Cloud, Computing, Dogs, Fitbark, Internet of Things, IOT, Kickstarter, M2M

RB | September 10, 2013

Comments Off

Is Connected Car Data Worth $1,400 Annually?

Michael Strong at TheDetroitBureau.com reports that Continental AG and Cisco (CSCO) recently demoed a highly connected car using the internet to improve vehicle safety and infotainment options at the recent Center for Automotive Research Management Briefing Seminars in Traverse City, MI.

The firms believe they’ve produced a connected car that provides a balance between giving consumers a safe, connected driving experience while providing companies with a chance to offer services that enhance the driving experience: for a price.

According to the article, the companies involved in bringing the Internet to cars collect an enormous amount of information about drivers. This presents a variety of challenges when it comes to privacy, who owns the information, how can or should it be used and what’s it worth?

While privacy and data ownership issues are still up in the air thanks to the U.S. government. Andreas Mai, director of product management at Cisco, believes data generated by a connected car is worth about $1,400 a year. He breaks it down this way:

Drivers can save $550 through better fuel economy, less time stuck in traffic, lower insurance rates, etc.
Society can save $420 by employing car platoons to speed up traffic and increase a road’s capacity.
Service providers can earn $150 by providing traffic guidance, navigation, parking, emergency services, etc.
Automakers can save $300 in lower warranty costs, profitable apps, etc.

The key, according to the article, is to maximize the information that can be collected (and re-sold) is convincing drivers that they get a tangible benefit from releasing the data, such as shorter commutes or lower insurance rates (thanks Flo). According to a survey by Cisco, 74% of drivers were willing to share vehicle information. However, who or what owns that information still needs to be sorted out, he said. They must balance all of those things against the driver’s wants and needs: connectivity, infotainment, and cutting-edge safety features.

Continental and Cisco teamed up to keep the bits flying. As a vehicle moves it needs to prioritize the critical needs of drivers and passengers for network connectivity, according to the article. Digital Trends explains that Continental will supply the hardware and Cisco will provide the software. The car can switch between 3G, 4G, WiFi, and Dedicated Short Range Communication (DSRC) on the go, depending on service quality and cost to the customer. DSRC system is part of the emerging vehicle-to-vehicle (V2V) technology system that allows cars to communicate with each other directly – and autonomously.

A Cisco software router loaded in Continental hardware performs the network switching. The router sends signals first to a Cisco-managed “Connected Car Cloud,” which then relays information to whatever network appears optimal at the moment.

The Cisco on-board software system can seamlessly switch between available 3G, 4G, and other wireless networks based on cost and quality of service preferences. “Connected vehicles are opening up a vast field of opportunities for services to make driving safer, more efficient, and more comfortable,” said Ralf Lenninger, head of innovation and strategy, Continental’s Interior Division. “This is why we are looking at ways to connect the moving vehicle in a highly secure, fast, and reliable way.

The Cisco and Continental proof-of-concept connected car show how auto manufactures can provide the same amount of network security that is available at home (oh NO!) or in the office. Cisco provides one highly secure software gateway that delivers Cisco’s core networking capabilities and optimizes multiple communication links and mobility services to and from the vehicle. Security against cyber attacks will become more important as more vehicles include connected functions.

rb-

I recently covered Ford’s efforts to understand connected cars by studying the commlinks of space-based robots here.

The savings claims seem suspicious to me. The “lower insurance costs” are just cash savings. ~~Oh, yeah Walmart is still in business.~~ What is going to be the costs to the drivers after the insurance companies get their Hadoop big data analytics on the data from the magic boxes they are installing? Will they use the data you provided them to change the rules on your policy to raise your rates? It only takes a small leap to think about what the NSA could do with the data.

Just in case someone at Cisco or Ford or anybody else is reading this, here are some suggestions from Veracode to secure connected cars..

Infographic by Veracode Application Security

Cisco’s remedy for connected car security: Treat the car like an enterprise (gigaom.com)

Category: Cars | Tags: 2013, Automobile, Cisco, Cloud, CSCO, Insurance, IOT, M2M, Michigan, PII, Privacy

RB | May 23, 2013

Comments Off

Internet of Things Comic Book

Symplio is a firm that focuses on the merger of social networks and the Internet of Things. They point out the comic book “Inspire the Internet of Things” (PDF). The comic book is from Mirko Presser, a member of Alexandra Institute. It explains the concept of IoT, challenges, problems, and benefits. It also encourages people to think of new scenarios for this technology. The author considers it essential to involve the public and businesses with the issue of developing the Internet of Things.

Mr. Presser says, the IoT comic book is aimed at everyone. The idea is that anyone can read the stories presented in the book and form an opinion. In addition to using it as a basis for deeper discussions or simply as inspiration to think about the Internet of Things.

The comic book has an introduction by Gerald Santucci. It has 15 scenarios where technology can be applied to the Internet of Things. There are alsomore than 25 concepts of IoT and four interviews with experts in this field.

What is the Internet of Things (IoT)? (c24.co.uk)

Category: Uncategorized | Tags: 2013, Comic book, Internet of Things, IOT, Symplio

« Older Entries Recent Entries »

Bach Seat

Tag Archive for IOT

Internet of Things Comic Book

Related articles

Meta