Subscribe to our Newsletter | To Post On IoT Central, Click here


Cloud Platforms (149)

Can AI Replace Firmware?

Scott Rosenthal and I go back about a thousand years; we've worked together, helped midwife the embedded field into being, had some amazing sailing adventures, and recently took a jaunt to the Azores just for the heck of it. Our sons are both big data people; their physics PhDs were perfect entrees into that field, and both now work in the field of artificial intelligence.

At lunch recently we were talking about embedded systems and AI, and Scott posed a thought that has been rattling around in my head since. Could AI replace firmware?

Firmware is a huge problem for our industry. It's hideously expensive. Only highly-skilled people can create it, and there are too few of us.

What if an AI engine of some sort could be dumped into a microcontroller and the "software" then created by training that AI? If that were possible - and that's a big "if" - then it might be possible to achieve what was hoped for when COBOL was invented: programmers would no longer be needed as domain experts could do the work. That didn't pan out for COBOL; the industry learned that accountants couldn't code. Though the language was much more friendly than the assembly it replaced, it still required serious development skills.

But with AI, could a domain expert train an inference engine?

Consider a robot: a "home economics" major could create scenarios of stacking dishes from a dishwasher. Maybe these would be in the form of videos, which were then fed to the AI engine as it tuned the weighting coefficients to achieve what the home ec expert deems worthy goals.

My first objection to this idea was that these sorts of systems have physical constraints. With firmware I'd write code to sample limit switches so the motors would turn off if at an end-of-motion extreme. During training an AI-based system would try and drive the motors into all kinds of crazy positions, banging destructively into stops. But think how a child learns: a parent encourages experimentation but prevents the youngster from self-harm. Maybe that's the role of the future developer training an AI. Or perhaps the training will be done on a simulator of some sort where nothing can go horribly wrong.

Taking this further, a domain expert could define the desired inputs and outputs, and then a poorly-paid person do the actual training. CEOs will love that. With that model a strange parallel emerges to computation a century ago: before the computer age "computers" were people doing simple math to create tables of logs, trig, ballistics, etc. A room full all labored at a problem. They weren't particularly skilled, didn't make much, but did the rote work under the direction of one master. Maybe AI trainers will be somewhat like that.

Like we outsource clothing manufacturing to Bangladesh, I could see training, basically grunt work, being sent overseas as well.

I'm not wild about this idea as it means we'd have an IoT of idiots: billions of AI-powered machines where no one really knows how they work. They've been well-trained but what happens when there's a corner case?

And most of the AI literature I read suggests that inference successes of 97% or so are the norm. That might be fine for classifying faces, but a 3% failure rate of a safety-critical system is a disaster. And the same rate for less-critical systems like factory controllers would also be completely unacceptable.

But the idea is intriguing.

Original post can be viewed here

Feel free to email me with comments.

Back to Jack's blog index page.

Read more…

7811924256?profile=RESIZE_400x

 

CLICK HERE TO DOWNLOAD

This complete guide is a 212-page eBook and is a must read for business leaders, product managers and engineers who want to implement, scale and optimize their business with IoT communications.

Whether you want to attempt initial entry into the IoT-sphere, or expand existing deployments, this book can help with your goals, providing deep understanding into all aspects of IoT.

CLICK HERE TO DOWNLOAD

Read more…

Edge Products Are Now Managed At The Cloud

Now more than ever, there are billions of edge products in the world. But without proper cloud computing, making the most of electronic devices that run on Linux or any other OS would not be possible.

And so, a question most people keep asking is which is the best Software-as-a-service platform that can effectively manage edge devices through cloud computing. Well, while edge device management may not be something, the fact that cloud computing space is not fully exploited means there is a lot to do in the cloud space.

Product remote management is especially necessary for the 21st century and beyond. Because of the increasing number of devices connected to the internet of things (IoT), a reliable SaaS platform should, therefore, help with maintaining software glitches from anywhere in the world. From smart homes, stereo speakers, cars, to personal computers, any product that is connected to the internet needs real-time protection from hacking threats such as unlawful access to business or personal data.

Data being the most vital asset is constantly at risk, especially if individuals using edge products do not connect to trusted, reliable, and secure edge device management platforms.

Bridges the Gap Between Complicated Software And End Users

Cloud computing is the new frontier through which SaaS platforms help manage edge devices in real-time. But something even more noteworthy is the increasing number of complicated software that now run edge devices at homes and in workplaces.

Edge device management, therefore, ensures everything runs smoothly. From fixing bugs, running debugging commands to real-time software patch deployment, cloud management of edge products bridges a gap between end-users and complicated software that is becoming the norm these days.

Even more importantly, going beyond physical firewall barriers is a major necessity in remote management of edge devices. A reliable Software-as-a-Service, therefore, ensures data encryption for edge devices is not only hackproof by also accessed by the right people. Moreover, deployment of secure routers and access tools are especially critical in cloud computing when managing edge devices. And so, developers behind successful SaaS platforms do conduct regular security checks over the cloud, design and implement solutions for edge products.

Reliable IT Infrastructure Is Necessary

Software-as-a-service platforms that manage edge devices focus on having a reliable IT infrastructure and centralized systems through which they can conduct cloud computing. It is all about remotely managing edge devices with the help of an IT infrastructure that eliminates challenges such as connectivity latency.

Originally posted here

Read more…

In the era of digitalization, IoT is fostering the upcoming revolution in mobile apps. The ways companies used to provide mobile app development are changing because of IoT. After helping thousands of corporates to deliver extraordinary user experiences, IoT is all set with some new and advanced mobile app development trends. 

The tech world is the one that is continuously evolving. Every year and each day, innovations come to light. Each of them is revolutionizing our lives in one or the other ways. From the first wheel to smart cities, humans have come a long way.

The evolution and foundation of smart cities is the result of IoT or the Internet of Things. IoT has definitely stirred quite an uproar in the digital world with the mass potential it has. It can bring everything and everyone online. 

As per the latest mobile app development stats, IoT will become a more significant player in the mobile app development industry. The market share of IoT is going to increase more than double in 2021 with a staggering amount of 520 billion USD. While four years back in 2017, this number was 235 billion USD. 

Soon the IoT mobile app development will face new trends in the coming year and beyond.

Let us take a look at the top IoT mobile app development trends.

IoT App Trend #1: Cybersecurity for IoT

With an increase in the number of devices online, cybersecurity is the top priority for all businesses as IoT gains popularity. The network is expected to expand in the coming years, and so the data volume will also increase. All this draws attention to more information to protect.

IoT security will see an exponential rise as more users will store their data over the cloud. From banking details to home security, everything is easily breached if the security firewall is weak in IoT applications. 

Therefore mobile app development companies need to work upon the up-gradation of their IoT enabled mobile apps. 

IoT App Trend #2: Roaring Popularity of Smart Home Devices

When smart home devices were launched, many mocked them by calling them unrealistic toys for lazy youngsters. Now, the same people are finding it increasingly difficult to resist the charm of IoT devices. 

IoT devices are expected to be very popular in 2021 and the years to come. The reason behind their growing popularity is that the IoT devices are becoming highly intuitive and innovative. They are extended not only to the comfort of home automation but also to home security and the safety of your family.

Another great advantage of implementing smart IoT development adoption is the need to save energy. The intelligent lights or intelligent thermostats help in conserving energy, reducing bills. These reasons will lead to more and more people to adopt smart home devices.

IoT App Trend #3: Backed by AI and ML

Artificial Intelligence and Machine Learning both are thriving technologies. Both of these are the facilitators of automation. We all know how Artificial Intelligence has touched millions of lives around the globe. 

Together with IoT, AI and ML are unique data-driven technologies shaping the future of human-machine interactions. The developers set up a combination of IoT and Artificial Intelligence that helps automate the routine tasks, simplifies work, and gets the most accurate information.

IoT App Trend #4: IoT and Healthcare

With the revolution in the health-tech industry, healthcare companies are turning towards mobile platforms. IoT enabled apps to open up new opportunities to improve the medical sector.

IoT has immense applications that are already running in the healthcare field and is expected to increase by 26.2% 

Healthcare apps featuring IoT technology are expected to reform the world of medical sciences. These IoT mobile apps can even help doctors and medical professionals treat their patients even from a distance.

Smart wearables and implants will be able to record diverse parameters to keep the patient’s health in check. By integrating sensors, portable devices, and all kinds of medical equipment, real-time updates of a patient’s health can be recorded and sent to the concerned person. 

IoT App Trend #5: Edge Computing to Overtake Cloud Computing

This is a change where we have to be careful. For the past many years, IoT devices have been storing their data on cloud storage. However, the IoT developers, development services, and manufacturers have started thinking about the utility of storing, calculating, and analyzing data to the limit.

So basically this means, in place of sending the entire data from IoT devices to the cloud, the data is first transmitted to a local or nearer storage device located close to the IoT device or on the edge of the network. 

This local storage device then analyzes, sorts, filters and calculates the data and then sends all or only a part of the data to the cloud, reducing the traffic on the network avoiding any bottleneck situation.

Known as “edge computing”, this approach has several advantages if used correctly. Firstly, it helps in the better management of the large amount of data that each device sends. Second, the reduced dependency on cloud storage allows devices and applications to perform faster and also reduce latency.

Being able to collect and process data locally, the IoT application is expected to consume lesser bandwidth and work even when connectivity to the cloud is affected. After seeing these positive aspects, state-of-the-art computing is looking forward to better innovation and broad adoption in IoT, both consumer and industrial.

Reduced connectivity to the cloud will also result in fewer security costs and facilitate better security practices. 2021 will see better state-of-the-art IT in IoT.

IoT App Trend #6: Are You Excited About Smart Cities?

Well, all of us are super excited to witness smart cities. Smart cities are one of the significant accomplishments of IoT and modernization. Integrated with IoT-powered devices, smart cities promise improved efficiency and security for the common folk on the streets and inside their homes.

With superfast data transfer supported by 5G, public transportation will also see a massive change in the way they work. 

By now, we know that IoT will focus on developing smart parking lots, street lights, and traffic controls. To add up to this, with IoT and fast internet, we will live inside a world where our refrigerators will be aware of what food we have inside.

IoT will impact traffic congestion and security. It will also help in the development of sustainable cities leading us to a green future.

IoT App Trend #7: Blockchain for IoT Security

Many financial and governmental institutions, entrepreneurs, consumers as well as industrialists will be decentralized, self-governing, and be quite smart. Most of the new companies are seen building their territory on the entanglement of IOTA to develop modules and other components for firms without the cost of SaaS and Cloud.

IOTA is a distributed ledger especially designed to record and execute transactions between devices in the IoT ecosystem.

If you are in this industry, then you should prepare to see the centralized and monolithic computer models that are separated in the jobs and microservices. All this will be distributed to decentralized machines and devices. 

In the coming future, IoT will penetrate the disciplines of health, government, transactions, and others that we cannot think of right now. Such types of IoT technology trends will create significant effective differences.

IoT App Trend #8: IoT for Retail Apps

The eCommerce industry will also get benefited from IoT integration. Retail supply change will be more efficient after the incorporation of IoT mobile apps. It is expected to improve the online shopping experience for individuals across the globe.

Also, IoT will make the retail experience more personalized for each customer with in-app advertisements based on the user’s shopping history. We already get notifications once we purchase a product from a particular eStore. With IoT enabled mobile apps, the app will guide us to our favorite store using in-site maps.

IoT App Trend #9- Will IoT Boost Predictive Maintenance?

Yes, it will. In 2021 and beyond, the smart home system will notify the owner about plumbing leaks, appliance failures, or any other problem so that the house owner can avoid any disaster. Soon these intelligent sensors will enter our houses.

In response to these predictive skills of IoT, we can expect to see home care offers as a contractor service. If there will be a need for any emergency action, your presence in the house will not be necessary. 

IoT App Trend #10: Easy and Better Commuting

IoT mobile applications are expected to make commuting easier for students, the elderly, the business person, and many more. Today, due to heavy traffic, commuting is a significant issue for most of us. With major innovations in technology and integration of IoT, mobile applications will make traveling a breeze for everyone.

Here are some of the conventional ways that commuting will change:

  • Smart street lights will make walking on the road safe for pedestrians
  • Finding parking spaces will be a lot easier and seamless with data-driven parking apps. 
  • In-app navigation and public transportation will definitely make public transit more reliable 
  • IoT powered mobile apps will also improve routing between different modes of transfer.

With so many innovative ideas and benefits for iOS and android based IoT mobile apps, the mobile app development market will see an influx of transportation apps in the years to come.

IoT App Trend #11: Sustainable-as-a-Service Becomes the Norm.

While talking about the IoT trends, SaaS or Sustainable-as-a-Service is considered as one of the hot topics for the estimated market. Because of the low cost of entry, SaaS is quickly getting to the top list for being the favorite firm in the IT gaming sector. 

Out of these emerging technological IoT trends, Software-as-a-service will make the lives of people better than ever.

IoT App Trend #12- Energy and Resource Management 

Do you know what affects energy management the most? Well, energy management majorly depends on the acquisition of a better understanding of how to consume resources. IoT mobile app-based electronics are expected to play a significant role in the conservation of energy. 

All of these IoT trends can be integrated into resource management, making lives more accessible, more comfortable, and responsible.

Automatic notifications can also be added to the mobile app in order to send information to the owner in case the power threshold exceeds. Various other fancy features can also be added to these IoT mobile apps such as sprinkler control, in-house temperature management, etc.

Conclusion

We all know that IoT has great potential to bring revolutionary changes in the present mobile app development industry trends. It is expected to open up immense possibilities for every business or individual related to this field. Directly or indirectly, IoT will drive the future of almost every industry.

The above mentioned are some of the trends that will dominate the IoT app development ecosystem in the years to come. Amid all these predictions and trends, the future is promising and worth the wait. 

 

 

 

 

Read more…

Industrial Prototyping for IoT

I-Pi SMARC.jpg

ADLINK is a global leader in edge computing driving data-to-decision applications across industries. The company recently introduced I-Pi SMARC for Industrial IoT prototyping.

-       AdLInk I-Pi SMARC consists of a simple carrier paired with a SMARC Computer on Module

-       SMARC Modules are available from entry level PX30 Rockchip to top of the line Intel Apollo Lake.

-       SMARC modules are specifically designed for typical industrial embedded applications that require long life, high MTBF and strict revision control.

-       Use popular off the shelve sensors and create prototypes or proof of concepts on short notice.

Additional information can be found here

 

Read more…

By: Kelly McNelis

We have faced unprecedented disruption from the many challenges of COVID-19, and PTC’s LiveWorx was no exception. The definitive digital transformation event went virtual this year, and despite the transition from physical to digital, LiveWorx delivered.

Of the many insightful virtual keynotes, one that caught everyone’s attention was ‘Digital Transformation: The Technology & Support You Need to Succeed,’ presented by PTC’s Executive Vice President (EVP) of Products, Kevin Wrenn, and PTC’s EVP and Chief Customer Officer, Eduarda Camacho.

Their keynote focused on how companies should be prioritizing the use of best-in-class technology that will meet their changing needs during times of disruption and accelerated digital transformation. Wrenn and Camacho highlighted five of our customers through interactive case studies on how they are using PTC technology to capitalize on digital transformation to thrive in an era of disruption.

6907721673?profile=RESIZE_400x

Below is a summary of the five customers and their stories that were highlighted during the keynote.

1. Royal Enfield (Mass Customization)

Royal Enfield is an Indian motorcycle company that has been manufacturing motor bikes since 1901. They have British roots, and their main customer base is located in India and Europe. Riders of Royal Enfield wants their bikes to be particular to their brand, so they worked to better manage the complexities of mass customization and respond to market demands.

Royal Enfield is a long time PTC customer, but they were on old versions of PTC technology. They first upgraded Creo and Windchill to the latest releases so they could leverage the new capabilities. They then moved on to transform their processes for platform and variant designs, introduced simulation much earlier by using Creo Simulation Live, and leveraged generative design by bringing AI into engineering and applying it to engine and chassis complex custom forged components. Finally, they retrained and retooled their engineering staff to fully leverage the power of new processes and technologies.

The entire Royal Enfield team now has digital capabilities that accelerate new product designs, variants, and accessories for personalization; as a result, they are able to deliver a much-shortened design cycle. Royal Enfield is continuing their digital transformation trend, and will invest in new ways to create value while leveraging augmented reality with PTC's Vuforia suite.

2. VCST (Manufacturing Efficiency, Quality, and Innovation)

VCST is part of the BMT Group and are a world-class automotive supplier of precision-machined power train and brake components. Their problem was that they had high costs for their production facility in Belgium. They either needed to improve their cost efficiency in their plant or face the potential of needing to shut down the facility and relocate it to another region. VCST decided to implement ThingWorx so that anyone can have instant visibility to asset status and performance. VCST is also creating the ability to digitize maintenance requests and the ability to acquire about spare parts to improve the overall efficiency in support of their costs reduction goals.

Additionally, VCST has a goal to reach zero complaints for their customers and, if any quality problems appear to their customers, they can be required to do a 100% inspection until the problem is solved. Moreover, as cars have gotten quieter with electrification, the noise from the gears has become an issue, and puts pressure on VCST to innovate and reduce gear noise.

VCST has again relied on ThingWorx and Windchill to collect and share data for joint collaborative analysis to innovate and reduce gear noise. VCST also plans to use Vuforia Expert Capture and Vuforia Chalk to train maintenance workers to further improve their efficiency and cost effectiveness. The company is not done with their digital transformation, and they have plans to implement Creo and Windchill to enable end-to-end digital thread connectivity to the factory.

3. BID Group Holdings (Connected Product)

BID Group Holdings operates in the wood processing industry. It is one of the largest integrated suppliers and North American leader in the field. The purpose of BID Group is to deliver a complete range of innovative equipment, digital technologies, turnkey installations, and aftermarket services to their customers. BID Group decided to focus on their areas of expertise, an rely on PTC, Microsoft, and Rockwell Automation’s combined capabilities and scale to deliver SaaS type solutions to their own industry.

Leveraging this combined power, the BID Group developed a digital strategy for service to improve mill efficiency and profitability. The solution is named OPER8 and was built on the ThingWorx platform. This allowed BID Group to provide their customers an out of the box solution with efficient time-to-value and low costs of ownership. BID Group is continuing to work with PTC and Rockwell Automation, to develop additional solutions that will reduce downtime of OPER8 with a predictive analytics module by using ThingWorx Analytics and LogixAI.

4. Hitachi (Service Optimization)

Hitachi operates an extensive service decision that ensures its customers’ data systems remain up and running. Their challenge was not to only meet their customers uptime Service Level Agreements, but to do it without killing their cost structure. Hitachi decided to implement PTC’s Servigistics Service Parts Management software to ensure the right parts are available when and where they are needed for service. With Servigistics, Hitachi was able to accomplish their needs while staying cost effective and delighting their customers.

Hitachi runs on the cloud, which allows them to upgrade to current releases more often, take advantage of new functionality, and avoid unexpected costs.

PTC has driven engagement and support for Hitachi through the PTC Community, and encourages all customers to utilize this platform. The network of collaborative spaces in a gathering place for PTC customers and partners to showcase their work, inspire each other, and share ideas or best practices in order to expand the value of their PTC solutions and services.

5. COVID-19 Response 

COVID-19 has put significant strain on the world’s hospitals and healthcare infrastructure, and hospitalization rates for COVID brought into question the capacity of being able to handle cases. Many countries began thinking of the value field hospitals could bring to safely care for patients and ease the admissions numbers of ‘regular’ hospitals. However, the complication is that field hospitals have essentially no isolation or air filtration capability that is required for treating COVID patients or healthcare workers.

As a result, the US Army Corp of Engineers has put out specifications to create self-contained isolation units, which are fully functioning hospital rooms that can be transported or built onsite. But, the assembly needed to happen fast, and a group of companies (including PTC) led by The Innovation Machine rallied to help design and define the SCIU’s.

With buy-in from numerous companies, a common platform was needed for companies to collaborate. PTC felt compelled to react, and many PTC customers and partners joined in to help create a collaboration platform, with cloud-based Windchill as the foundation. But, PTC didn’t just provide software to this collaboration; PTC also contributed with digital thread and design advice to help the group solve some of the major challenges. This design is a result of the many companies coming together to create deployments across various US state governments, agencies, and FEMA.

Final Thoughts

All of the above customers approached digital transformation as a business imperative. They all had sizeable challenges that needed to be solved and took leadership positions to implement plans that leveraged digital transformation technologies combined with new processes.

PTC will continue to innovate across the digital transformation portfolio and is committed to ensuring that customer success offerings capture value faster and provide the best outcomes.

Original Post Link: https://www.ptc.com/en/product-lifecycle-report/liveworx-digital-transformation–technology-and-support-you-need-to-succeed

Author Bio: Kelly is a corporate communications specialist at PTC. Her responsibilities include drafting and approving content for PTC’s external and social media presence and supporting communications for the Chief Strategy Officer. Kelly has previous experience as a communications specialist working to create and implement materials for the Executive Vice President of the Products Organization and senior management team members.

 

Read more…

Helium Expands to Europe

Helium, the company behind one of the world’s first peer-to-peer wireless networks, is announcing the introduction of Helium Tabs, its first branded IoT tracking device that runs on The People’s Network. In addition, after launching its network in 1,000 cities in North America within one year, the company is expanding to Europe to address growing market demand with Helium Hotspots shipping to the region starting July 2020. 

Since its launch in June 2019, Helium quickly grew its footprint with Hotspots covering more than 700,000 square miles across North America. Helium is now expanding to Europe to allow for seamless use of connected devices across borders. Powered by entrepreneurs looking to own a piece of the people-powered network, Helium’s open-source blockchain technology incentivizes individuals to deploy Hotspots and earn Helium (HNT), a new cryptocurrency, for simultaneously building the network and enabling IoT devices to send data to the Internet. When connected with other nearby Hotspots, this acts as the backbone of the network. 

“We’re excited to launch Helium Tabs at a time where we’ve seen incredible growth of The People’s Network across North America,” said Amir Haleem, Helium’s CEO and co-founder. “We could not have accomplished what we have done, in such a short amount of time, without the support of our partners and our incredible community. We look forward to launching The People’s Network in Europe and eventually bringing Helium Tabs and other third-party IoT devices to consumers there.”  

Introducing Helium Tabs that Run on The People’s Network
Unlike other tracking devices,Tabs uses LongFi technology, which combines the LoRaWAN wireless protocol with the Helium blockchain, and provides network coverage up to 10 miles away from a single Hotspot. This is a game-changer compared to WiFi and Bluetooth enabled tracking devices which only work up to 100 feet from a network source. What’s more, due to Helium’s unique blockchain-based rewards system, Hotspot owners will be rewarded with Helium (HNT) each time a Tab connects to its network. 

In addition to its increased growth with partners and customers, Helium has also seen accelerated expansion of its Helium Patrons program, which was introduced in late 2019. All three combined have helped to strengthen its network. 

Patrons are entrepreneurial customers who purchase 15 or more Hotspots to help blanket their cities with coverage and enable customers, who use the network. In return, they receive discounts, priority shipping, network tools, and Helium support. Currently, the program has more than 70 Patrons throughout North America and is expanding to Europe. 

Key brands that use the Helium Network include: 

  • Nestle, ReadyRefresh, a beverage delivery service company
  • Agulus, an agricultural tech company
  • Conserv, a collections-focused environmental monitoring platform

Helium Tabs will initially be available to existing Hotspot owners for $49. The Helium Hotspot is now available for purchase online in Europe for €450.

Read more…

The Anti-Quality Movement

by Jack Ganssle

[email protected]

Recently our electric toothbrush started acting oddly – differently from before. I complained to Marybeth who said, “I think it’s in the wrong mode.”

Really? A toothbrush has modes?

We in the embedded industry have created a world that was unimaginable prior to the invention of the microprocessor. Firmware today controls practically everything, from avionics to medical equipment to cars to, well everything.

And toothbrushes.

But we’re working too hard at it. Too many of us use archaic development strategies that aren’t efficient. Too many of us ship code with too many errors. That's something that can, and must, change.

Long ago the teachings of Deming and Juran revolutionized manufacturing. One of Deming's essential insights was that fixing defects will never lead to quality. Quality comes from correct design rather than patches applied on the production line. And focusing on quality lowers costs.

The software industry never got that memo.

The average embedded software project devotes 50% of the schedule to debugging and testing the code. It's stunning that half of the team’s time is spent finding and fixing mistakes.

Test is hugely important. But, as Dijkstra observed, testing can only prove the presence of errors, not the absence of bugs.

Unsurprisingly, and mirroring Deming's tenets, it has repeatedly been shown that a focus on fixing bugs will never lead to a quality product - all that will do is extend the schedule and insure defective code goes out the door.

Focusing on quality has another benefit: the project gets done faster. Why? That 50% of the schedule used to deal with bugs gets dramatically shortened. We shorten the schedule by not putting the bugs in in the first place.

High quality code requires a disciplined approach to software engineering - the methodical use of techniques and approaches long known to work. These include inspection of work products, using standardized ways to create the software, seeding code with constructs that automatically catch errors, and using various tools that scan the code for defects. Nothing that is novel or unexpected, nothing that a little Googling won't reveal. All have a long pedigree of studies proving their efficacy.

Yet only one team out of 50 makes disciplined use of these techniques.

What about metrics? Walk a production line and you'll see the walls covered with charts showing efficiency, defect rates, inventory levels and more. Though a creative discipline like engineering can't be made as routine as manufacturing, there are a lot of measurements that can and must be used to understand the team's progress and the product's quality, and to drive the continuous improvement we need.

Errors are inevitable. We will ship bugs. But we need a laser-like focus on getting the code right. How right? We have metrics; we know how many bugs the best and mediocre teams ship. Defect Removal Efficiency is a well-known metric used to evaluate quality of shipped code; it's the percentage of the entire universe of bugs found in a product that were removed prior to shipping (it's measured until 90 days after release). The very best teams, representing just 0.4% of the industry, eliminates over 99% of bugs pre-shipment. Most embedded groups only removed 95%.

Where does your team stand on this scale? Can one control quality if it isn’t measured?

We have metrics about defect injection rates, about where in the lifecycle they are removed, about productivity vs. any number of parameters and much more. Yet few teams collect any numbers.

Engineering without numbers isn’t engineering. It’s art.

Want to know more about metrics and quality in software engineering? Read any of Capers Jones’ books. They are dense, packed with tables of numbers, and sometimes difficult as the narrative is not engaging, but they paint a picture of what we can measure and how differing development activities effect errors and productivity.

Want to understand where the sometimes-overhyped agile methods make sense? Read Agile! by Bertrand Meyer and Balancing Agility and Discipline by Barry Boehm and Richard Turner.

Want to learn better ways to schedule a project and manage requirements? Read any of Karl Wiegers’ books and articles.

The truth is that we know of better ways to get great software done more efficiently and with drastically reduced bug rates.

When will we start?

Jack Ganssle has written over 1000 articles and six books about embedded systems, as well as one about his sailing fiascos. He has started and sold three electronics companies. He welcomes dialog at [email protected] or at www.ganssle.com.

 

Read more…

IoT security is challenging but only few companies are taking action. Businesses are experiencing a significant rise in cyber-attacks and malwares, compromising devices and their security. In order to tackle this, Microsoft has taken considerable action and developed an end-to-end IoT solution, which is called Microsoft Azure Sphere that can safeguard the IoT devices from evolving threats.

 
Read more…
Before starting let me introduce the term IoT and why it is important to protect and How to protect or what are the various ways to protect mobile apps from cyber attacks.

Introduction to IoT( Internet of Things) :

1133.jpg
 
A Platform where embedded devices are connected to the internet where they can collect and exchange data with each other, These platform is known as IoT.
 
These enable devices to interact, learn and collaborate from each other’s experiences the same way humans do.

Reasons to protect IoT App Solutions:

Customized IoT apps deal with too many corporate data regularly. These data consist of very confidential and sensitive information about the company and its customers.
 
As the app data get collaborated, the critical data can go in the wrong hand and due to these operations of the IoT network get affected hence to keep the customized IoT app secure is necessary.
 
The data separation can direct hit on the company’s reputation that results in major financial loss.
 
Top Tips to protect the valuable IoT mobile apps from Cyber Attacks:
 
Here are some of the solutions that help you to deal with mobile apps threats and protect your app in the future.

Integrate security in the code:

These are for the developers as while developing any mobile app they need to make sure to include security framework or else hackers will find the flaws that gain the control and can easily access the application.
 
In real-time to prevent and detect attacks on the app, we need to make sure that the app is secured with Runtime application protection.
 
A breach test should be conducted regularly to identify if the app is approachable.

Proper Authentication and Identification:

Whenever there is no proper authentication in place, there is a major possibility that corporate data can easily exchange.
 
For the developers, it's mandatory that the app APIs only offer access to essential parts of apps which would result in minimizing exposure.
 
JSON is considered ideal for encrypted data exchange, whereas OpenID allows re-usage of the same testimonial within different domains.
 
For developers, big enterprises should examine tools and offers access to them for detecting and can close security exposure.

Secure Payment Transactions:

Either you are selling some products online or charging for offering different services its necessary to have a secure payment gateway.
 
To make the sensitive client transaction and payment system more secure and integrated with multi-factor encryption and authentication.

Secure the App from Backend:

By implementing security on servers and prevent unauthorized access makes the app secured and also protects the confidential data.
 
Before passing from client to the database and app’s server its necessary that APIs should be tested.
 
The effective way to secure the data and documents is containerization. Using VPN, TLS and SSL encryption will add more security. To confirm data protection can be done by referring to a network security specialist.

Implement App Transport Security - ATS: 

By securing the connection between the app and back-end server we can prevent a mobile app from cyber-attacks. 
 
Majority of consumer and enterprise app work on a single device. By enabling ATS attempts to connect the devices using insecure HTTP will fail.
 
However, hidden integration and data hacking can take place if proper security is not implemented.

Deal with unknown Threats:

As the usage of mobile devices is increasing day by day, a number of threats are evolving rapidly and in this case, it’s not possible to be prepared in an earlier stage.
 
With the help of the Open Web application security project, we can deal with mobile threats. Additionally, users can install an additional mobile security app on the device.

Some of the Consequences:

Nowadays, the biggest concern for the stakeholders is increasing the vulnerability of mobile applications at an enterprise level.
 
If you wish to build a mobile app that can protect your app from cyber attacks, viruses, spyware, and malware connect to the best cross-platform app development company that will keep the client's need on the topmost priority and lead to a successful app.
Read more…

“We won't stop until we see every vehicle on the road being electric,” said Elon Musk, the person who works to revolutionize transportation both on earth and in space. “China is about to ban the internal combustion engine,” said a mining financier, Robert Friedland. Tesla Model 3 needs approximately 65 kilograms of copper per vehicle. Cities are now demanding zero-emission buses. Whether it’s electric cars, buses, trucks, solar energy or wind energy generation – as we transit to a sustainable world, we need more copper, nickel, cobalt, lithium, platinum, palladium, zinc and aluminum. That’s why, mining products will be in huge demand. Nevertheless, in the present world, these minerals and other mining products are already a backbone for most industries.

However, just because mining products are vital to run industries and build a low-carbon future, it doesn’t mean that the society should turn a blind eye to the damages caused due to mining operations.

Concerns from communities and governments regarding the environmental effects of digging up the earth to extract metals and minerals is battering the sector. Also, current investors have become restless and new investors are reluctant to finance mining activities as mining operations have not altered significantly since decades. This puts pressure on mine owners to bring a change in traditional mining practices. Such a situation drives many mine owners to bring data-driven practices into their routine mining operations.

Like most industries, the technology that disrupts the traditional ways of mining will be a significant driver of change in mining. The goal is to make mining more effective, sparing, energy intensive and environmental-friendly.

From decades, the mining industry has been deploying PLC and SCADA systems for monitoring and controlling. But these monitoring and control systems are generally proprietary systems and offer limited interoperability with other systems. This is where IoT-based systems prove to be advantageous. IoT-based systems are based on open and highly connected Internet Protocol (IP) network structure. Such open network architectures enable current mining operations to move toward the next generation of smart mining.

Let's look at how IoT implementation empowers mine owners with its ability to transform traditional mining practices and:

Say NO to carelessness

Since the advent of mining, fires and explosions are serious safety issues. Specifically, in coal mines, spontaneous coal seam combustion turns into a catastrophe mainly due to carelessness. Besides, in the biggest coal producer nation like China, approximately 25.1% of their main coal mines are extremely gaseous mines, which after burning could lead to a disaster. Also, the environment surrounding mines can be vulnerable during combustion as massive quantities of toxic gases, including CO2, CO, SO2 and H2S, are emitted when a mine catches fire. Therefore, prevention and protection from fires is important for secured mining production as well as the global environment.

The mechanism of spontaneous combustion of the coal seam is like a typical spontaneous combustion, which requires oxygen. Hence, measuring the concentration of O2 is the key. In addition to O2, other gas contents, such as CO, CO2, N2, CH4, C2H4, C2H6, Rn and so forth, can be evaluated to detect spontaneous coal combustion at the surveillance spot.

3719807810?profile=RESIZE_710x

As shown in the image above, an IoT-based system continuously monitors the sensed values and displays them to remote users through a web dashboard. Besides, the system can send alerts to such users in the case of detecting abnormal values and it can activate mitigation devices (e.g., forced ventilation) to decrease gas concentrations smartly.

Say NO to waste of resources

There is an increasing demand of mining products, mining equipment and resources – such as conveyors, shearers, boring machines, hydraulic pump stations, hydraulic support stations, crushers, loaders, motor vehicles, water pumps and ventilation fans – to run mining operations continuously. Moreover, to increase profitability form the existing resources, mine owners need an effective and safe resource management platform that can bring resource wastage time to zero. In such situations, an IoT network can help mine owners or managers to know the locations of these expensive resources and its usage statistics. Further, the underground staff can also be monitored via an IoT network.

Dundee Precious Metals sets the best example for this. They have deployed nearly 280 wireless access points over 50 km (31 miles) of tunnels in their flagship gold mine placed in Chelopech, Bulgaria. The firm quadrupled production from 0.5 million to 2 million tons by using an IoT-based system to track miners and vehicles locations, monitor vehicles status and automate safety and maintenance operations.

An IoT-based system is not only helpful to mine owners but original equipment manufacturers (OEMs) as well. The open connectivity of IoT architecture enables OEMs to monitor their product performance in their lifetime, even after the product is sold. Such data can be used to initiate a new revenue stream and to improve product design as well.

Say NO to casualties

In the case of a calamity, miners are taught to escape from the mine first with handy self-rescue equipment and enter a refuge alternative when escaping is cut off. Refuge alternatives are designed to provide 96 hours of breathable air, food and water for underground staff. Although refuge alternatives are only planned for use in post-accident occurrences, so their functionality should be checked periodically to ensure that they are working as intended in an emergency. In addition, a system should be in place to signal the surface instantly when a refuge alternative is triggered after a calamity. One way to monitor a refuge alternative's feasibility status from the ground is to attach sensors, such as a magnetic switch sensor, air quality and temperature sensors to the door of a refuge alternative. These sensors detect the occupancy status, air quality and temperature to ensure that a refuge alternative always stays safe.

To sum up, whether you need to cut expenses, lessen downtime, increase productivity or reduce environmental footprint – an IoT-based system is the right choice.

Read more…

Having a smart home is all well and good until you become a victim of data leakage. 

This is not a discouragement against IoT implementation into your home, however. The Internet of Things market has been on the rise, and thanks to that, even our homes have become smarter. We don’t have to worry about doing our laundry, or making coffee manually anymore. With just a command we can do these things without having to move away from that comfy couch. 

Parks-Associates--Consumer-Trust-Smart-Home-Product-Purchase-Channels-645px.gif

But over the last couple of years, some incidents have shown that the matter of smart homes might not be all it’s hyped up to be. Just like everything, IoT implementation in smart homes has a bright and a dark side, but it seems the dark side is more sinister than the bright one. 

Incident one:

The combined research conducted by Northeastern University and Imperial College of London has shown how consumer devices are not to be trusted when dealing with client data. The researchers conducted 34,586 controlled experiments on 81 different IoT devices, 46 of which are from the US and 35 are from the UK, and this is what they found out-

  • 72 out of these 81 devices are connecting to services that are not the first party. Which means they are connecting domains and addresses that have no business connecting to the device. 
  • The research showed that 56% of the US devices and 83.8% of the UK devices were connecting to domains that were not in their region. 
  • The safety of the data on an online connection depends on the level of encryption, but here’s the kicker- according to the research, all the tested devices have at least one plain-text flow, which means at least one data flow from all the devices is non-encrypted. Not to mention, any cyber-evesdroppers can analyze device traffic, encrypted or not, and figure out the user and device behavior. 

But in any case, this is just research. What happens when a smart home management platform leaves a server with important user data exposed on the internet without any password or protection?

Incident Two:

Around mid-June, the security team at vpnMentor, lead by security researchers Noam Rotem and Ran Locar, spotted a completely exposed server containing the customer details of 2 million users, including their usernames, passwords, and password reset codes. 

The server in question belongs to a Chinese smart home management platform Orvibo. Their smart home management Smartmate helps users control every aspect of their smart home, from security to closing the curtains. 

Not only a smart-home management system, but Orvibo also deals in self-manufactured smart home products such as smart light bulbs, HVAC systems, home entertainment systems, security cameras, smart power plugs, and many more. 

The open server containing user information poses a huge threat to everyone who’s data has been exposed. Since the data breach being exposed, Orvibo has taken steps to secure the server. Even then, the data breach can have serious repercussions for the users. What are these repercussions though? Let’s find out what can happen to your data if it is leaked by your smart home device. 

What will happen if your data is breached?

When hearing about IoT and data breach, the user can have two kinds of reactions.

One group would panic, and probably stop using all kinds of smart devices. 

Another group would ask so what if their data is being breached? And this point is to answer the question for the latter group. 

There is a reason why smart home security is something to be concerned about. The personal and sensitive data, the users enter in order to run the devices, can be manipulated in various ways, and each one would only harm the users. 

So what are the ways hackers can manipulate the IoT devices and data that make your home smart?

1. Manipulating The Devices

The first thing you might do after getting a smart device for your home is to configure its username and password. 

However, this is not a widespread practice. Most people often end up using the same default username and password the device came with, which means that it’s going to be super easy for the hackers to get your data and gain access to your device. And from there on, it’s an open sandbox for them to play with. They can do whatever they want with your device, but there’s one guarantee- whatever they do is not going to do you any good. 

2. Holding Your Data And Device For Ransom

The ransomware attack is the most familiar in the IoT industry. Through this, what the hacker usually does is that they would gain access to an IoT device, and cut off the legitimate user’s access. Then they would ask for a ransom for restoring the user’s access to that device. 

While this may not seem to be as dangerous, it is a serious threat. Once the hackers have gained access to your data, they can use it for many malicious ends, things you don’t even have any idea about. And not to mention, there is no guarantee that they would give you back the access to your data once you pay them. And that’s why implementing some serious security protocols in place is needed to prevent your device and data from ransomware attacks. 

3. Doing Serious Damage To Your Home

This one might seem a little petty, but here we go anyways. 

Imagine having a smart thermostat, which you can control using online access. Now imagine going out on a vacation with your family, making sure that everything around the house is shut down, even the thermostat. However, when you get back, you see that the thermostat turned up to its highest setting on its own, melting every plastic thing in your house. 

But did it happen on its own? How are you going to find out whether it just happened or someone purposefully hacked into your smart home system and used the thermostat to seriously damage your home? Stealing the authorization details, hackers can do this for multiple reasons, ranging from personal vendetta to trivial entertainment because they were bored. Either way, it is your home that will be damaged. 

4. Actively Robbing Your Home

When details such as passwords and user IDs, along with device IDs are being sent to an unknown third-party domain without any encryption, the data can be used in many ways, and one of them can be to rob your home. 

Think about how a hacker-robber group can hack into the security system of your home, disable it and then walk into your home to steal everything from you. This is a bold use of smart home data breaches, and it can be quite fatal in case someone is home when they decided to hit the house. In this case, the loss of data security can result in serious loss of physical property as well. 

5. Launching A Botnet Attack

Last but not least, gaining access to your IoT smart home devices, the hackers can turn these devices into zombie devices and launch a botnet attack. A botnet is a number of internet-connected devices. Each of these devices is running one or more bots, which can be used to perform distributed denial-of-service attacks. 

Through this, the hackers can also steal important data, send spam emails, getting the attacker access to the device, this is not only going to create a problem for you but others as well. 

With a DDoS attack, the botnets can connect to a website, generating so much traffic that the website crashes, leaving them vulnerable for many data exploitations. Using your IoT device, the hackers can launch a similar botnet attack to that of the Mirai Botnet attack of 2016. The Mirai botnet attack brought down a french host OVH. and that’s how your smart home devices can be turned into a weapon to bring down popular websites around the world. 

What Is Going To Be The Solutions?

Every problem has a solution, and so does this one. 

There have been plenty of solutions suggested for the data security of IoT devices. But so far only two of these solutions stand out. One is the use of machine learning, another being Blockchain. 

The Machine Learning Solution For Smart Homes

Rather than looking for a security solution for each device, AI and machine learning can create a shield of security for all the IoT devices for your home network. Deep learning and machine learning can not only monitor each and every device connected to the network, but they can also detect and prevent any unwanted and unknown device trying to connect with the home network. 

The use of AI comes in handy when analyzing the network traffic. This way the AI can keep up with the general traffic flow of each of the devices and detect any anomalies in the normal flow of traffic. Which means fewer chances of any hackers getting inside your home network. You can check out these top 10 highly performing smart home apps making it big.

Along with these benefits, the use of Machine learning and deep learning can also detect botnet activity, manage device authentication and access management. This way they can manage to give your smart home network 360-degree security without worrying you. 

The Blockchain Solution To All Things Smart-homes

The main problem with the smart home network is the centralization of data, which could be easily hacked into. And that’s why Blockchain can provide a decentralized solution to this problem. 

Once the smart home IoT systems start utilizing the blockchain system for data communication, the security will increase tenfold, because it is close to impossible to hack into a blockchain network and change the data. To do so, the hacker would have to have control of 51% of the devices connected, and when the number of connected devices spans millions, it can be a little tough. 

Not to mention, blockchain in IoT will end the trend of data monopolization. Your data won’t be a subject of daily business deals with large conglomerates. Blockchain can bring affordability and security for smart homes that people have been asking for a long time.

Conclusion 

So does it mean you should not be using smart home technology?

The answer is no, absolutely not. It is undeniable that smart home technology has its own benefits and you should be able to take advantage of that. But only after you have made sure of your data security. Once you have made sure that all the devices you are using are secure. You can make use of IoT devices for your home as much as you want. Always remember that the security measures for your home IoT devices are not a matter of joke.

Read more…

How PKI & Embedded Security Can Help Stop Aircraft Cyberattacks

 by August 27, 2019 by Alan Grau, VP of IoT, Embedded Systems, Sectigo

 

On July 30th, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) issued a security alert warning small aircraft owners about vulnerabilities that can be exploited to alter airplane telemetry. At risk to cyberattack, the aircraft’s Controller Area Network (CAN bus) connects the various avionics systems–control, navigation, sensing, monitoring, communication, and entertainment systems–that enable modern-day aircraft to safely operate. This includes the aircraft’s engine telemetry readings, compass and attitude data, airspeeds, and angle of attack; all of which could be hacked to provide false readings to pilots and automated computer systems that help fly the plane.

The CISA warning isn’t hypothetical, and the consequences of inaction could prove deadly. Airplane systems have already been compromised. In September 2016, a U.S. government official revealed that he and his team of IT experts had successfully remotely hacked into a Boeing 757 passenger plane as it sat on a New Jersey runway, and were able to take control of its flight functions. The year before, a hacker reportedly used vulnerabilities with the IFE (In Flight Entertainment) system to reportedly take control of flight functions, causing the airplane engines to climb.

InFlightLIStockImage.png
The Boeing 757 attack was performed using the In-Flight Entertainment Wi-Fi network.
 

A researcher with security analytics and automation provider Rapid7 wrote about the security of CAN Bus avionics systems in a recent blog and discussed the challenge at this year’s DEFCON security conference. He explained, "I think part of the reason [the avionics sector is lagging in network security when it comes to CAN bus] is its heavy reliance on the physical security of airplanes . . . Just as football helmets may actually raise the risk of brain injuries, the increased perceived physical security of aircraft may be paradoxically making them more vulnerable to cyberattack, not less."

A False Sense of [Physical Access] Security

The DHS CISA warning stated, "An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment.” CISA fears that, if exploited, these vulnerabilities could provide false readings to pilots, and lead to crashes or other air incidents involving small aircraft. Attackers with CAN bus access could alter engine telemetry readings, compass and attitude data, altitude, and airspeeds. Serious stuff.

Not all of these attacks required physical access.

These risks should serve as a wake-up call to everyone in manufacturing. Any device, system, or organization that controls operation of a system is at risk, and the threats can originate from internal or external sources. It’s critical for OEMs, their supply chains, and enterprises to include security and identity management at the device level and continually fortify their security capabilities to close vulnerabilities.

Security Solutions for Avionics Devices

Today’s airplanes have dozens of connected subsystems transmitting critical telemetry and control data to each other. Currently, tier-one suppliers and OEMs in aviation have failed to broadly implement security technologies such as secure boot, secure communication and embedded firewalls on their devices, leaving them vulnerable to hacking. While OEMs have begun to address these issues, there is much more to be done.

Sectigo offers solutions so that OEMs, their supply chains, and enterprises can take full advantage of PKI and embedded security technology for connected devices. Our industry-first end-to-end IoT Platform, made possible through the acquisition of Icon Labs, a provider of security solutions for embedded OEMs and IoT device manufacturers, can be used to issue and renew certificates using a single trust model that’s interoperable with any issuance model and across all supported devices, operating systems (OS), protocols, and chipsets.

Much like the automotive industry, the aviation sector has a very complex supply chain, and implementing private PKI and embedded security introduces interoperability challenges. With leading avionics manufacturers introducing hundreds of SKUs per year, maintaining hundreds of different secure boots within a single aircraft is complex, cumbersome, and ultimately untenable. Using a single homogenous secure boot implementation greatly simplifies the model.

Purpose-built PKI for IoT, such as the Sectigo IoT Manager, enables strong authentication and secure communication between devices within the airframe. Using PKI-based authentication prevents communication from unauthorized components or devices and will eliminate a broad set of attacks.

Embedded firewall technology provides an additional, critical security layer for these systems. This is particularly relevant for attacks such as the Boeing 757 attack via the airline Infotainment Wi-Fi Network. An embedded firewall provides support for filtering rules to prevent access from the Wi-Fi network to the control network.

Icon Labs embedded firewall has been has deployed in airline and automotive systems to address attacks such as these. In both instances, our embedded firewall sits on a gateway device in the vehicle or airplane to prevent unauthorized access from external networks or devices into the control network, or from the Infotainment network to the control network. We continue to see interest in this area, indicating manufacturers are beginning to act.

From Cockpits to Control Towers

Securing connected devices in aviation is not limited to airplanes. The industry requires secure communication between everything on the tarmac, from cockpits and control towers to provisioning vehicles and safety personnel. For that reason, Sectigo provides an award-winning co-root of the AeroMACS consortium, which addresses all broadband communication at airports across the world and calls for security using PKI certificates to be deployed into airplanes, catering trucks, and everything else on the tarmac.

Future Proofing with Crypto Agility

It’s worth noting that aviation is also uniquely challenged by the tenure of its components. Unlike devices that are designed to last for months or years, airplanes are designed to last for decades. Advances in quantum computing, which many experts believe is just around the corner, threaten to make today’s cryptographic standards obsolete. Aeronautical suppliers need to be prepared for this coming “crypto-apocalypse” and to update the security on their devices in the field while the devices are in operation. Sectigo’s over-the-air update abilities provide the cryptographic agility to guard against this upcoming crypto-apocalypse (listen to the related Root Causes podcast).

The ecosystem has fast work to do. Manufacturers must secure the CAN buses in their existing, and future fleets – whether those planes idle on fenced tarmacs, or in airplane hangars. In the meantime, CISA counsels that aircraft owners restrict access to planes avionics' components "to the best of their abilities,” leaving passengers to hope security soon extends beyond their TSA experiences.

Read this blog online at https://sectigo.com/blog/how-pki-and-embedded-security-can-help-stop-aircraft-cyberattacks

Read more…

When Refrigerators Attack - How Cyber Criminals Infect Appliances, and How Manufacturers Can Stop Them

 

Alan Grau, VP of IoT, Embedded Systems, Sectigo

 

Homes and businesses worldwide are vulnerable to attacks from cyber thieves and other bad actors – and not just through their computer networks. The embedded electronics inside appliances present an easy path of entry. It’s already been happening. According to Business Insider and Proofpoint, one of the first refrigerator incidents occurred in late 2013 when a refrigerator-based botnet was used to attack businesses.

 

Some of these attacks, such as infecting appliances with botnet malware, don’t really have much effect upon a family’s security and safety. In fact, if a “smart” refrigerator gets infected by a bot, the homeowner might not even notice anything wrong.

 

However, connected-appliance based cyberattacks are not limited to just refrigerators – and they are rarely one-off incidents. Almost any type of appliance can be hacked and used to host a botnet that could attack the web. According to Wired Magazine, a botnet of compromised water heaters, space heaters, air conditioners and other big power consuming home appliances, could suddenly turn on simultaneously, creating an immense power draw that could cripple the country’s power grid.

 

A bot, quite simply, is an infected computer. Many cyberattacks, like the Mirai Malware and the Dyn attacks, infect a network of computers, including “smart” connected devices such as home appliances, security cameras, baby monitors, air conditioning/heating controls, televisions, etc., and turn them all into compromised servers. These compromised servers then act as nodes in an attack and together create a botnet. They can participate in a variety of coordinated attacks, infecting other devices and expanding the network of bots, or participating in Denial of Service attacks.

 3423923119?profile=RESIZE_710x

Caption: A bad actor or cyber criminal can send infected messages to a home or business network that targets various appliances or machines. Once infected, that machine is under the control of the bad actor and can be used to send out thousands of infected messages to new targets worldwide. The botnets can also send out millions of dummy messages to a single target – overwhelming it and putting it out of service. 

 

 

 

 

 

 

  

Without any apparent symptoms or notice, a criminally enhanced refrigerator could be generating and sending out thousands of attacks every minute. In addition to the homeowner or business manager never realizing what is going on, these attacks may be unstoppable until unless the machine itself is disconnected from its web connection.

 

Additionally, the infected refrigerator could spread malware from the kitchen to the home’s “smart” TVs, to the home’s computer networks, to other smart devices in the home, and even to connected smart phones. Every target could be transformed into malicious bots that distribute millions of infected spam messages and cyber-attacks.

 

So how do we combat this threat?

 

Unfortunately, end users really have no power to fix this problem. There is probably no way for a homeowner, office manager – or even an experienced refrigerator repair person – to talk to a refrigerator’s electronics. No way to get into the appliance’s software and middleware to identify and kill an infection. However, if the homeowner suspects an infection, they could disconnect the refrigerator from the its internet connection to make it “dumb” again.

 

3423925048?profile=RESIZE_710x

Fridge caught sending spam emails in botnet attack - In the first documented attack of its kind, the Internet of Things has been used as part of an attack that sent out over 750,000 spam emails

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

It is up to device manufacturers to protect against these attacks. 

 

So how do manufacturers combat this type of attack? How can they ensure that appliances in homes and offices do not get infected to cause mayhem?

 

Security starts in the design process for the refrigerator itself, as well as for the appliances’ various electronic components and control surfaces. Most appliance manufacturers get their control sub-assemblies from a wide network of smaller manufacturers, sometimes with a worldwide supply chain. These suppliers need to make sure that the chips and sub-assemblies they use are secure from hacks.

Two important security practices can be utilized by appliance makers:

 

  • Embedded Firewall with blacklist and whitelist support – Protect appliances and edge devices from attacks by building firewall technology directly into the appliance. An embedded firewall can review incoming messages from the web or over the home network and, via a built in, and regularly updated blacklist, reject any that are not previously approved.

 

  • Secure Remote Updates and Alerts – Validate that the firmware inside the device is authenticated and unmodified before permitting installation of any new firmware updates. Updates ensure the incoming software components have not been modified and are authenticated software downloads modules from the appliance manufacturer.

 

Most consumer and device manufacturers have heard about the potential for attacks on smart devices like door locks, baby monitors, and home thermostats, but this risk awareness needs to expand to types of connected systems – including appliances. An infected refrigerator sending out malware is not just a funny story. These systems have been attacked and used to spread malware.  Ensuring the security of these devices is necessary to protect home network, slow the spread of malware and even protect credit card numbers or other personal data stored in smart home devices.

 

# # #

 

EXTRA PROOF POINT FOR COLUMN

 

Refer to: https://www.cnet.com/news/fridge-caught-sending-spam-emails-in-botnet-attack/

 

 

 Author Bio - Alan Grau, VP of IoT, Embedded Solutions, Sectigo

 

Alan has 25 years of experience in telecommunications and the embedded software marketplace. He is VP of IoT, Embedded Solutions IoT at Sectigo, the world’s largest commercial Certificate Authority and provider of purpose-built, automated PKI solutions. Alan joined Sectigo in May 2019 as part of the company’s acquisition of Icon Labs, a leading provider of security software for IoT and embedded devices, where he was CTO and co-founder, as well as the architect of Icon Labs' award-winning Floodgate Firewall. He is a frequent industry speaker and blogger and holds multiple patents related to telecommunication and security.

 

Prior to founding Icon Labs, Alan worked for AT&T Bell Labs and Motorola.  He has an MS in computer science from Northwestern University.

 

About Sectigo

 

Sectigo provides award-winning, purpose-built and automated PKI management solutions to secure websites, connected devices, applications, and digital identities. As the largest commercial Certificate Authority, trusted by enterprises globally for more than 20 years, and more than 100 million SSL certificates issued in over 200 countries, Sectigo has the proven performance and experience to meet the growing needs of securing today’s digital landscape. For more information, visit www.sectigo.com.

 

Read more…
RSS
Email me when there are new items in this category –

Upcoming IoT Events

More IoT News

IoT Career Opportunities