Tag Archive for IOT

| January 24, 2013
Comments Off on Another Net for IoT

Another Net for IoT

Another Net for IoTKevin Fitchard at GigaOM writes about the French start-up Sigfox that wants to take on the mobile service providers. Sigfox plans to build a new network just for the Internet of Things (IoT). Thomas Nicholls, Sigfox business development chief, and internet of things of evangelist said that cellular networks are built to connect humans, not objects. Sigfox is proposing to build an alternate wireless network dedicated solely to linking together the internet of things.

Sigfox logoThe Toulouse France-based start-up argues that the majority of objects linked to the network will connect rarely. A GPS tracker in a vehicle or shipping container may send out its coordinates just once a day. A smart meter may link back to its utility company’s servers once a week. Many of the sensors being embedded in devices from vending machines to security cameras only transmit when something goes wrong, meaning an M2M module may wait months if not years between connections to the Internet of Things. Connected home appliances like LG Electronic’s (LGLD) new Smart Thinq refrigerator, GPS tracking devices, smart meters and medical alert sensors are all the types of devices that Sigfox hopes to target.

Mr. Nicholls added that Sigfox thinks there’s a huge opportunity in the growing business-to-consumer connected device space. The assortment of gadgets and wearable devices making their way into the connected home and onto our bodies are typically connected by local area networking technologies like Bluetooth, Zigbee, and Wi-Fi. But he thinks there’s a big case to be made for replacing those technologies with Sigfox according to the article.

Wireless networkThe author claims that as Sigfox achieves economies of scale, its radio will not only shrink, their costs will fall to just a few dollars per module. Due to the huge efficiencies in running its network, Sigfox can support a device connection for little more than a dollar a year, Mr. Nicholls said. At those prices, gadget manufacturers can include IoT connectivity costs into the device costs without requiring customers to sign up for a subscription.

Not only would using Sigfox give these devices a range far beyond local networks, but they would also be “on” right out of the box, the Sigfox IoT evangelist said. It also wouldn’t require any signing up or logging on, as the machine-to-machine communication would just work out of the box.

Noisy networkTo host these devices over power-hungry and expensive cellular radios makes little sense, the business development chief said. The better course is to attach these devices to a network optimized for their use cases — one that can support billions of devices each sending relatively little data at distinct intervals, the start-up believes. “Our network is structured in a radically different way,” Nicholls claims in the GigaOM article. “There is really no notion of a network. You only connect when you have a payload to deliver.

Sigfox has developed a wireless architecture using ultra narrow-band modulation techniques that can theoretically support millions of devices with only a handful of network transmitters. Using the unlicensed frequencies commonly used for baby monitors and cordless phones (868 MHz in Europe and 915 MHz in the US), Sigfox says it can offer the same coverage with a single tower that a cellular network could provide with 50 to 100 cell sites. Sigfox is building a network covering all of France with 1,000 transmission sites, and Mr. Nicholls estimates that the company could do the same in the US with 10,000 transmitters.

size of two thumbnailsThe author describes the embedded radio modules as about the size of two thumbnails, and they transmit at power levels 50 times lower than their cellular M2M counterparts. Such low consumption levels mean that objects that normally have no external power supply could stay connected for as long as 20 years before their module batteries would need recharging, Mr. Nicholls said.

rb-

Apparently, Sigfox’s ultra narrow-band technology can only support bandwidths of 100 bps (YEAP THAT’S BPS, NOT KBPS) — which makes it far slower than even the poorest 2G data connection so it will be popular with wireless service providers who will try to connect everything to the Internet of Things.

Sigfox does not seem to be the answer for devices that send large quantities of data or keep up constant connections to the network like telemedicine aren’t the “things” that Sigfox intends to connect to the Internet.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| January 15, 2013
Comments Off on Internet of Things

Internet of Things

Internet of ThingsAdding computer communication to otherwise dumb devices isn’t new. As far back as the 1990s, a whole list of Internet-enabled Coke machines around the world had varying functionality. The granddaddy of all Internet of Things was the Coke machine at Carnegie Mellon University, set up in the 1970s.

Internet of Things vulnerable to false data injection

Smart meters vulnerable to false data injectionThe power grid delivers electricity to charge iPads and run data centers. The power grid connects users with electricity producers through interconnected transmission and distribution networks. In these networks, system monitoring is necessary to ensure reliable power grid operation. The analysis of smart meter measurements and power systems is a routine part of system monitoring.

Help Net Security reports that most energy security professionals told nCircle they did not believe smart meters are secure enough. When asked, “Do smart meter installations have enough security controls to protect against false data injection?” 61% of the 104 energy security professionals said “no”. False data injection attacks introduce arbitrary errors into state variables while bypassing existing techniques for bad measurement detection to exploit the power grid.

Patrick Miller, the founder, CEO, and president of EnergySec noted, “Smart meters vary widely in capability and many older meters were not designed to adequately protect against false data injection. It doesn’t help that some communication protocols used by the smart meter infrastructure don’t offer much protection against false data injection either.”

… we need to make sure that all systems that process usage data, especially those that make autonomous, self-correcting, self-healing decisions, assure data integrity,” Miller added.

Related articles
  • Not-so-smart meters costly | Herald Sun

Railroad Sensors Predict Derailments Wirelessly

Railroad Sensors Predict Derailments WirelesslyUnion Pacific (UNP), the nation’s largest railroad company, has deployed Internet of Things technology throughout its network. according to Dailywirless.org, the IoT can predict certain kinds of derailments days or weeks before they are likely to occur. This will improve safety and avoid millions of dollars in damages.

According to the article, Union Pacific, which moves 900 trains a day, started using acoustic sensors 10 years ago to monitor noises from vibrations of ball bearings in train wheels. This allows the company to get trains off the track before a faulty bearing causes a derailment. More recently, the company started using visual sensors that can detect when wheels begin to flatten–another factor that can cause accidents on the rails.

Lynden Tennison, CIO at Union Pacific, told CIO Journal, that the company can now check 40 million patterns every day and can alert the train operators of any anomaly in a bearing within five minutes. “Our goal was to design a system that requires very little maintenance,” he said.

To do this, Union Pacific worked with Intel (INTC) which addressed some of the unique challenges of designing a wireless sensor network for a rail system (pdf). The blog states that to overcome the battery-life issues, Millennial Net paired its i-Bean wireless technology with “energy harvesting” technology from startup Ferro Solutions. An inductive vibration generates power to send [battery free] at 115 Kbps over a distance of 30 m,” said Tod Riedel, cofounder and vice president of business development at Millennial Net.

Related articles

Are you ready for appliances that are smarter than you?

LG Smart Thinq refrigeratorStacey Higginbotham at GigaOM asks “Are you ready for appliances that are smarter than you?” She points out that LG has introduced its first connected appliance, a Smart Thinq refrigerator that knows what’s inside it. The appliance can communicate with your phone. Your kitchen is about to get a similar level of connectivity as your living room.

The Smart Thinq refrigerator got a lot of press at the Consumer Electronics Show in Las Vegas as smart appliances were all the rage. The Android-based OS that enabled the fridge to communicate with your smartphone and share information like the contents of the fridge excited the press. The idea, according to the author, was that when someone got home from the grocery store they could choose to tell the fridge what was inside using a touchscreen or they could scan a bar code on their receipt that would contain the information about their purchases.

In this ideal world, the fridge would then be able to suggest recipes for the family based on their weight goals, age, gender, and whatnot. If the consumer selected a fridge-offered recipe the appliance could shoot the recipe to the Smart Thinq oven and it could preheat. All of the connectivity occurs via Wi-Fi and is controlled by the phone and the touchscreen.

The article explains that other features include such as calorie counting and notifications of expiration dates. And if grocery stores take part – then the fridge could show when certain items are out and order them for home delivery.

Is Your Dishwasher Really Yearning for the Internet?

Is Your Dishwasher Really Yearning for the Internet?Is Your Dishwasher Really Yearning for the Internet? A startup called Ube thinks so. The firm is betting that smart devices and smartphone apps will make home automation cheap and easy.

In MIT’s Technology Review article “Is Your Dishwasher Really Yearning for the Internet?” Glen Burchers Ube’s chief marketing officer says that more and more home gadgets will ship with microprocessors, enabling the automation and remote control of everything from your lights to your laundry. Until this is a widespread reality, he’d like to sell you a wall outlet.

The wall outlet includes an ARM processor, runs Google’s Android mobile operating system, and can connect to the Internet. This means anything you plug into it can be controlled via your smartphone, and it will also track how much power your devices are consuming.

According to TR, the startup plans to sell the outlet along with a “smart” dimmer switch and plug for $60 to $70 apiece. The Austin, TX firm also plans to offer a free smartphone app that can control these and other Internet-enabled devices.

The blog reports that the Ube app will access a Wi-Fi network to scan for nearby Internet-enabled devices it can manage and lets you know what it can control. Mr. Burchers says the app can control more than 200 devices, most of which are gaming systems, set-top boxes, and TVs.

Mr. Burchers believes that Ube’s first products are just the beginning. He told TR most new electronics will be able to connect to the Web, and home builders will offer smart dimmers to new home buyers as they do granite countertops.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| October 25, 2012
Comments Off on Attacking Electronic Door Access Control Systems

Attacking Electronic Door Access Control Systems

Attacking Electronic Door Access Control SystemsDarkReading pointed out research by independent security researcher, Shawn Merdinger, into vulnerabilities within embedded door access control systems. The researcher investigated the inner workings of electronic door access controls (EDAC). Mr. Merdinger disclosed some of his findings at the 2010 CarolinaCon conference.

S2 Security logoThe DarkReading article Attacking Electronic Door Access Control Systems reports that the researcher found several flaws in the S2 Security NetBox. According to the firm’s website, more than 9,000 customers in 50 countries worldwide use S2 Security Corporation’s integrated security management platforms. Among the flaws in the system, he found an unauthenticated factory reset and unauthorized access to backup data. The author says the first issue is obviously a pretty serious one that could lead to a potential denial of service, but it’s the last one that turns heads.

According to the CarolinaCon presentation, the backup files are stored in a location with predictable file names that do not need authentication to access. Inside a software dump of the electronic door access control system, an attacker can find goodies like the configuration and something that might come in handy like the administrator’s password hash. From there, the attacker can do pretty much anything he or she wants, including unlocking doors at will.

door access control system, administrator’s passwordThe article further states that Mr. Merdinger found that the door access control database also has the user names, passwords, and IP addresses for the network cameras and digital video recorders (DVRs). Now the attacker can watch the facility, learn traffic patterns, and plan for a physical penetration of the facility. The stolen credentials will allow the attacker to turn off cameras and/or recordings during their assault on the facility. To make matters worse, Mr. Merdinger points out that marketing folks for these products will actually state that it’s safe to put these management systems on the Internet. And apparently, people do, because in the presentation he demonstrates production systems that are online with a Shodan search.

DarkReading acknowledges that the presentation doesn’t stop at showing the scary stuff. It takes the next step that most audiences are dying to see, but don’t always get, and that’s how to fix these things as both the vendor and the customer. The blog recommends the video, the detailed paper, and his updated presentation from Hack in the Box 2010 (in Dubai) on attacking electronic door access control systems.

Related articles
  • New Access Control Technology Holds the Key to Safer Schools: Unique RFID-based System Addresses the Shortcomings of Expensive and Inefficient Alternatives (prweb.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| October 2, 2012
One comment

Texas School ID Cards Track Students

Updated 07-27-13 According to Chron, Northside Independent School District Texas spokesman Pascual Gonzalez said the microchip-ID program turned out not to be worth the trouble.

Family claimed the RFID tag is “the mark of the beast”Updated 01-19-13 The student lost her lawsuit against the district. The student and her family had sued the district, claiming that her first amendment rights were being violated (she claims the RFID tag is “the mark of the Beast”), but the school removed the RFID chip from her ID and the court found that that was a reasonable accommodation.

Updated 12-02-12 A self-described teen-aged Anonymous hacker claims to have hacked the website of Texas’s Northside Independent School District in support of a student who refuses to wear an RFID ID badge according to the San Antonio Express-News. The district’s site was never compromised, Northside spokesman Pascual Gonzalez said.

In a statement posted on Twitter, the teenaged hacker wrote: “Now it is your school and your rules, but you seen what I did to your website, and have a simple deal for you, weather you accept it or not, is up to you,” the statement reads. “If you still want to do this tracking idea on the students, at least have a meeting with each and every students parents, so they know what is going on.”

Updated 11-21-12 It is not surprising to me that Wired is reporting that the school district is being sued over the program. According to Wired, the family claims that the student refuses to wear the badge because it signifies Satan.

Texas School ID Cards Track StudentsA Texas school district is putting tracking chips into new, mandatory student IDs to keep tabs on students’ whereabouts while on campus. According to Sophos’ Naked Security blog, Texas’s Northside Independent School District‘s John Jay High School and Anson Jones Middle School are performing a pilot test of the technology.

Sophos logoFOX 29 TV in Texas reports that students will be required to wear the cards on a lanyard around their necks and will be charged a fee for losing them. Their location will be beamed out to electronic readers throughout the campuses.

The one-year pilot program, which will cost the district $261,000, is also expected to increase attendance, and could bring an extra $2 million to the district in state funding as a result, District spokesman Pascual Gonzalez said. He stated that the program will be re-evaluated next summer.

RFID chipIn a letter to parents, school administrators stated that the ID cards will store no personal information and that they’ll work only on school grounds. “Think how important this will be in the case of an emergency,” the letter reads. “In addition, the ‘smart’ student ID card will be used in the breakfast and lunch lines in the cafeteria and to check out books from the library. Because all students will be required to wear their ‘smart’ ID, staff will be able to quickly identify Jay students inside the school.”

FoxNews reports that a coalition of privacy and civil liberties organizations and experts have called for a moratorium on the technology, including the American Civil Liberties Union.

RFID tags eveywhereThe Sophos blog reports that some parents are protesting, comparing the tags to RFID tags used to track cattle. Steven Hernandez, a father of a student who attends the school and the only local parent to attend a protest late last month, told KSN News that the new badges amount to “a spy chip”.

His daughter, Andrea, a sophomore, told KSN that she’s decided to wear her old photo ID even though students were told the new micro-chip ID is mandatory: “It makes me uncomfortable. It’s an invasion of my privacy.

Northside ISD’s Gonzalez rejected that criticism, saying the pilot program and the “smart” ID cards have been used successfully in Houston’s Spring Independent School District for at least the past five years. “This is non-threatening technology,” he said. “This is not surveillance.”

rb-

Chip readerThere is a great deal of bluster around this article on the blog. Look around people, your passports and driver’s licenses have RFID tags. What about proximity card readers? Have you checked the Visa in your wallet? Isn’t near field communications (NFC) the hot topic in the VC world?

I will bet a cookie that some of the same folks blustering about ID tags also favor gutting public education funding, yet the object to efforts to increase alternate sources of revenue for Texas schools by using chips in student ID cards.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| June 19, 2012
Comments Off on Attackers Attack Emerging Technologies

Attackers Attack Emerging Technologies

Help Net Security reports that attackers continue to focus on social engineering attacks and circumventing legacy enterprise security systems according to a recent report by Zscaler. The Sunnyvale, CA-based firm reported shifts in the sources of enterprise web traffic, and that some popular sites attempt to improve user security. Here are some of the top findings detailed in the report:

  • Local apps are generating more direct HTTP and HTTPS traffic
  • Not all web traffic comes from browsers, and as this traffic shifts, web threats have a new attack vector
  • Internet Explorer 6 is on the decline in the enterprise. While this mitigates the security risks of the old browser platform, it could lead to a shift in attacks.
  • Google (GOOG) is actively attempting to thwart search engine optimization (SEO) spam and fake AV attacks, the topmost Internet threats today. However, most users remain exposed to these threats.
  • More sites, like Facebook (FB) and Gmail, are moving to HTTPS delivery. This is good for preventing sidejacking, but it allows savvy attackers a way to bypass traditional network-based security controls like IDS/IPS, which cannot decrypt traffic for inspection.

Internet of Things“Attackers know the limits of traditional security solutions,” says Michael Sutton, VP of Security Research at Zscaler. “But they are also very good at taking advantage of emerging technologies and new vectors for attack. Standalone user applications, social engineering attacks, and the move to HTTPS all have the potential to introduce new threats. Now more than ever, enterprise security solutions must inspect traffic in real-time, all the time, regardless of source, to provide true protection.”

RB-

I have covered IOT for a while here and here. I wrote about the big sites moving to HTTPS a while ago here and even wrote about HTTPS Everywhere here. And I am sure I don’t cost as much as an engagement with these firms.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »