Subscribe to our Newsletter | To Post On IoT Central, Click here


Security (109)

Although it took some time to manifest, nation-states have realized the potential for cyber espionage and sabotage on IoT devices.

The latest news

On April 16, 2018, the US authorities issued a warning that government-backed Russian hackers are using compromised routers and other network infrastructure to conduct espionage and potentially lay the groundwork for future offensive cyber operations.

In a joint statement, the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), along with the UK's National Cyber Security Centre (NCSC) - the cyber arm of Government Communications Headquarters (GCHQ) - said that Kremlin-backed hackers are using exploits to carry out malicious attacks. The hackers are using compromised routers to conduct man-in-the-middle attacks to support cyber espionage, steal intellectual property, and maintain persistent access in victim networks for use in additional campaigns.

U.S. CERT noted that cyber actors are exploiting large numbers of enterprise-class and residential routers and switches worldwide to enable espionage and intellectual property theft.

 

A growing concern

This is just the most recent of several incidents wherein nation-states have used connected devices for their goals.

A spying campaign called “Slingshot” targeted at least 100 victims in the Middle East and Africa from at least 2012 until February 2018, hacking MikroTik routers and placing a malicious dynamic link library inside to infect target computers with spyware components.

In another incident, nation-state actors left political messages on 168,000 unpatched IoT devices. The attackers used a bot to search the Shodan search engine for vulnerable Cisco switches and were easily able to exploit a vulnerability in Cisco Smart Install Client software to infect and “deface” thousands of connected devices with propaganda massages.

 

The west is also toying with IoT devices

Russia and China are not alone in investigating the potential of exploiting IoT devices. In 2016, US intelligence chief James Clapper acknowledged that the US would consider using the Internet of Things to spy on adversaries. More recently, the Dutch Joint Cyber SIGINT Unit hacked a CCTV camera to spy on a Russian cyber group called ‘Cozy Bear.’ As a result, they were able to identify many of the members as employees of the Russian Foreign Intelligence Service.

As western countries become more aware of espionage efforts by foreign governments, it is not surprising that they are fighting back by trying to reduce the attack surface. Several Chinese CCTV manufacturers were recently flagged for having built-in backdoors that could allow intelligence services to syphon information. Dahua, a maker of CCTV cameras, DVRs and other devices was forced to issue an emergency patch to its connected devices. Camera models from Shenzhen Neo Electronics were also exposed to have a severe security flaw. Finally, the largest maker of surveillance equipment in the world, HIKvision, was accused of having a backdoor and banned by certain US bodies.

 

What’s next?

While the potential for information collection through IoT devices is enormous, we shouldn’t forget that these are physical devices deployed in the real world, so hacking them can have real consequences.

 

Doomsday scenarios

Here are just four of many potential “doomsday scenarios” that could result from IoT device hacking:

Grid manipulation attacks

Power grid security has received the appropriate attention in recent years, due in part to large scale cyber-attacks on power grids around the world. But what if, instead of hacking secured power plants, a nation-state was to hack millions of smart devices connected to the power supply, so that it could turn them on and off at will? That would create spikes in local and national power consumption, which could damage power transformers and carrying infrastructure, or at the very least, have substantial economic impact.

Power companies try to balance consumption loads by forecasting peak consumption times. For example, in the UK, demand spikes are as predictable as half-time breaks in football matches or the conclusion of an Eastenders episode, both of which require an additional three gigawatts of power for the roughly 3-5 minutes it takes each kettle to boil. The surge is so large that backup power stations must go on standby across the country, and there is even additional power made available in France just in case the UK grid can’t cope. 

But since no one could anticipate an IoT “on-off” attack, nobody could prepare standby power, and outages would be unavoidable. In addition, power production, transportation and storage costs would be enormous.

Smart utilities

By attacking Internet-facing utility devices such as sewage and water flow sensors and actuators, attackers could create significant damage without having to penetrate robust IT or OT networks.

 

Smart city mayhem

Having a connected urban infrastructure is a terrific thing. The problem is that once you rely on it, there is no turning back. If the connected traffic lights, traffic monitoring cameras and parking sensors are taken offline or manipulated, cities could suffer with large scale interferences to their inhabitants’ daily lives. For example, shutting down connected street lighting could impact millions.

Simple terror

Since we are all aware of the potential impact of a devastating cyber-attack, it would not take much to invoke large-scale hysteria. Just imagine someone hacking a street sign and altering it to display messages from the country’s enemies.

 

Summary

Nation-states have long targeted IT infrastructure to gather intelligence and intellectual property, but their focus has shifted to OT/industrial networks with the aim of facilitating disturbances and physical sabotage. IoT seems to be the new domain in which proficient bad actors can collect information, create disturbances, cause large-scale damage, and inflict terror and panic. The IoT is both insecure and increasingly ubiquitous, and these characteristics make it attractive for hackers and guarantee continued exploitation.

Read more…

We often don’t compare technology to fable stories, but when it comes to the internet of things (IoT), the story of Pandora’s Box comes to mind. It’s a technology that has great potential, but where the weakness and possibilities lie are in it’s lack of basic security measures. We might even go as far as to say, what security? These are the concerns we’re thinking about at IT Security Central.

As a completely remote company, we’re taking measures to understand how the internet of things can impact our company data security. Hackers look to exploit technology vulnerabilities to access valuable information. Hacking an IoT connected fish tank, smart fridge - these aren’t far-fetched stories. These are stories that are happening now. 

The lack of secured IoT devices starts in the development phase. These devices are developed on a basic linux operating system with default codes that buyers rarely change. When these devices are developed, security isn’t on the agenda; rather, developers are looking at human behaviors and outside threats. When they should be looking inwards.

An unsecured IoT device is the weak link in the connection. As one of the fundamental purposes of the technology is to provide connection and accessibility, this one weak link can bring down the entire network. And if your remote worker’s BYOD devices are in someway connected to that network, your company just became vulnerable.

Remote workers or ‘the gig economy’ is expected to increase in frequency. According to the Global Mobile Workforce Forecast Update, employees working remotely is suppose to increase to 42.5% of the working population by 2022. At that time, the world is projected to see half of its population working outside the office either full-time, or part-time. 

Security vulnerabilities, remote workers and IoT - where is the connection? The scary thing, remote workers are likely to already have IoT devices in their work environment, and most likely, they are not protected. These devices can mostly be smart home devices that workers have acquired to make their daily lives easier. Common devices include Amazon Echo, Neo and GeniCan.

The first step in active prevention is to make your employees aware of the importance of data security and then aid them with the tools for success.

Best Practices for Protecting Your Network (from Remote Workers)

With the wealth of internet-based security technologies, the idea of protecting your network with in-house servers and the traditional firewall is (well) old school. With cloud-based companies, you can now access and protect data in easy step-by-step processes, and the best news, most of these companies do the data management for you.

One of the most progressive approaches to remote worker security would be to adopt a monitoring service to collect data and actively look for anomalies in the network. Through data collection and analysis, a monitoring software creates a user profile of normal, everyday behavior. The administrator can set ‘alerts’ for when certain data repositories and files are accessed, or when sensitive data is moved. The longer a data breach goes undetected, the larger financial implication for the company. Requiring remote workers to download and use a remote monitoring software is one of the highest levels of protect against data loss.

But if monitoring isn’t on your agenda, these are a few basic tactics that employers can encourage remote workers to undertake.

Permissions Management

Though the workers are remote, administration can set limits to data access. This process starts by undergoing a through analysis and understanding of each position. It’s important to understand who needs access to what information, and who doesn’t need access to information. Once this is understood, administrators can restrict information, and they can also set ‘alerts’ when information is accessed without prior approval.

Home Network Policy

Once employees leave the brick & mortar walls, the manager has little access where and on what internet network they’re accessing information. But don’t fret, this freedom and flexibility is part of what make remote work appealing. Where privacy might be a factor, we don’t suggest to go as far as asking remote workers to eliminate IoT devices on their network. Rather, we encourage to create a policy that specifically states the security requirements that the IoT must have in order for the work network to be accessed. By educating your employees, you can save them and data loss heartbreak.

Encryption

Encryption, encryption, encryption. You’ve heard the importance of encryption. For remote workers, the company can never be too safe, so they should go the extra mile and set remote workers up on an encrypted network. A VPN ensures all connections and communications are encrypted when the network is accessed. Don’t worry about IoT connectivity in their home, or when remote employees connect to an unsecured public wi-fi connection. A VPN provides the next level of security through encryption, and a hacker won’t be able to access communication or data without alerting administrators to a potential breach. 

IoT devices are already integrating into our at-home lives, and when remote workers access their at-home networks, suddenly the topics collide. As more workers go remote, it’s important to look inwards towards security to see how everyday IoT devices impact company data. Take the time to ensure that remote workers are protecting the network effectively.

Guest post by Isaac Kohen. Isaac Kohen is the founder and CEO of Teramind (https://www.teramind.co/), an employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior in addition to helping teams to drive productivity and efficiency. Isaac can be reached at [email protected]. Connect with Isaac on social media: LinkedIn, IT Security Central and Twitter @TeramindCo.

 

 

Read more…

Quantifying IoT Insecurity Costs

Ever wonder what is the real cost of IOT insecurity?

Well reseachers at the University of California, Berkeley, School of Information recently published a report that attempts to lay out the costs to consumers in the context of DDoS attacks. The report focuses on exploiting vulnerable devices for their computing power and ability to use their network’s bandwidth for cyberattacks—specifically DDoS attacks on Internet domains and servers.

Researchers infected several consumer IoT devices with the Mirai malware and measured how the devices used electricity and bandwidth resources in non-infected and infected state. Their hypothesis: compromised IoT devices participating in a DDoS attack will use more resources (energy and bandwidth) and degrade the performance of a user’s network more than uninfected devices in normal daily operation.

Based on energy and bandwidth consumption they developed calculator to estimate the costs incurred by consumers when their devices are used in DDoS attacks. Two recent and well publicized attacks, and one hypothetical, were calculated:

  • Krebs On Security Attack: According to their cost calculator, the total electricity and bandwidth consumption costs borne by consumers in this attack was $323,973.75.

  • Dyn, Inc. Attack: They calculate the total cost borne by consumers as $115,307.91.

  • "Worst-Case" Attack: This hypothetical “Worst-Case” scenario approximates the costs that could result if the Mirai botnet operated at its peak power using a UDP DDoS attack. The projected cost to consumers of this attack is $68,146,558.13.

Commenting on the study, Bob Noel, Director of Strategic Relationships and Marketing for Plixer said, “Organizations with enslaved IoT devices on their network do not experience a high enough direct cost ($13.50 per device) to force them to worry about this problem. Where awareness and concern may gain traction is through class action lawsuits filed by DDoS victims. DDoS victims can suffer financial losses running into the millions of dollars, and legal action taken against corporations that took part in the distributed attack could be mechanism to recuperate losses. Companies can reduce their risk of participating in DDoS attacks in a number of ways. They must stop deploying IoT as trusted devices, with unfettered access. IoT devices are purposed-built with a very narrow set of communication patterns. Organizations should take advantage of this and operate under a least privilege approach. Network traffic analytics should be used to baseline normal IoT device behavior and alarm on a single packet of data that deviates. In this manner it is easy to identify when an IoT device is participating as a botnet zombie, and organizations can remediate the problem and eliminate their risk of being sued.”

Or as we've argued before, regulation is key. And now that we have an economic cost on IoT insecurity, we have better information for regulators to pursue strategies and legislation for enforcing workable security standards to reduce the negative impacts of IoT devices on society.

 

 

 

Read more…

The world is flooded with digital innovation and technologies like IoT, 5G wireless network & embedded AI continues to increase the pace of change. At present millions of apps are coming online to monitor, measure, process, analyze, react to seemingly storm of endless data making the growth of IoT explosive as well as impressive. Now we all are aware regarding the fact that the internet of Things heavily relies on cloud technology not only to store large amounts of data collected from sensors but also process it.

What is Fog computing?

In simple words, Fog computing is a system-level horizontal architecture that distributes resources and services of computing, storage, control and networking anywhere along the continuum from Cloud to Things. It can be summarized as:

Horizontal architecture- Support multiple industry verticals and application domains, delivering intelligence and services to users and business

Cloud-to-thing continuum of services- Enable services and applications to be distributed closer to Things, and anywhere along the continuum between Cloud and Things

System-level- Extend from the Things, over the network edges, through the Cloud, and across multiple protocol layers – not just radio systems, not just a specific protocol layer, not just at one part of an end-to-end system, but a system spanning between the Things and the Cloud

Its key benefits include:

  • Ultra-low latency
  • Business agility
  • Added security
  • Real-time analytics
  • Reduced costs
  • Less bandwidth and network load

Have you ever wondered how fog architecture leverages and extends edge capabilities? Here’s the answer

Compute Distribution and Load Balancing- Many edge architecture employs a strategy of placing servers, apps or small clouds at the edge. Fog simply provides a broader system-level architecture that also incorporates tools for distributing, orchestrating, managing and securing resources and services across networks. This provides a great balance of sophisticated computation, networking and storage capabilities and support for heterogeneous environments on any node (e.g., CPUs, GPUs, FPGAs, and DSPs for computing).

Hierarchical networking- Edge is often optimized for a single type of network resource at the network edges, such as edge gateways, routers, switches, or licensed spectrum wireless networks. Fog supports a physical and logical network hierarchy of multiple levels of cooperating nodes, supporting distributed applications. Fog nodes extend the edge with support for north-south, east-west and diagonal connectivity, including interfaces between edge and cloud. This could include, for example, analytics algorithms distributed up and down a hierarchy of nodes, or massively parallel applications that concurrently run on large peer groups of processors or highly distributed storage systems.

Universal Orchestration & Management- Edge orchestration and management are sometimes derived from specific legacy vertical practices, such as mobile network orchestration managed by the carrier. In these situations, the edge may deliver cloud capabilities but without orchestration for connecting edge nodes. Fog orchestration and management is intended to be more universal, modern, and automated. Fog orchestration enables resource pooling and permits interactions and collaborations between fog nodes at the same layer and at different layers in the hierarchy, which helps performance, fault tolerance, load distribution and load balancing. Fog network management considers a life-cycle management through a distributed service orchestration layer in each fog node. The fog architecture essentially validates IT (information technology), OT (operational technology) and CT (communications technology) approach.

Modular Architecture with Multiple Access Modes- Edge deployments are typically based on gateways with fixed functionality. Edge architectures favor one specific access network, such as either wireless or wireline. Fog has a highly modular hardware and software architecture, permitting every fog node to be equipped with exactly the resources its applications need, that can be dynamically configured. Fog embraces both the licensed and unlicensed wireless spectrum, as well as copper and fiber wireline modes.

Reliability and resiliency- Fog architectures are inherently reliable, supporting many fault tolerance, network resiliency, and fully autonomous emergency operation scenarios. If an edge device goes down, the services it supports will often fail.

Security and privacy- Vertical application-specific and multi-vendor nature edge may offer uneven security protection. Whereas fog, on the other hand, requires every fog node to include a high-assurance implementation of its Trusted Computing Base using secure hardware or hardware-supported security mechanisms and a mandatory mission-critical class protection of communication and computation security mechanisms and a mandatory mission-critical class protection of communication and computation security.

Virtualization Support- Fog supports virtualization and uses enterprise and web-scale models. This provides hardware virtualization at each node level and allows loads to be moved from one node to an adjacent node if the node is down or overloaded. Edge computing looks at virtualization mainly from the perspective of distributing computing resources in a local manner per server.

 

Read more…

The IoT is already shaping modern society in various ways. While many of these are positive aspects that result in streamlined communications, easier access to information and a greater quality of life, there are some major roadblocks in the push toward widespread IoT implementation.

One of the primary concerns revolves around the security of IoT-connected devices. A demonstration by Avast at the Mobile World Congress (MWC) in Barcelona recently uncovered a flaw in current-gen IoT infrastructure. Not only can they potentially gain control over tens of thousands of different devices, but they can also use the assembled processing power to mine $1,000 of cryptocurrency in a matter of days.

Identifying the Easiest Targets

Although Avast's demonstration didn't involve a full-scale replication, it underscores serious security flaws in the nature of current-gen IoT devices. If a widespread attack did occur, hackers would likely focus on the weakest targets.

Unsecured home networks are ideal for this sort of hack. As the average homeowner continues adding new smart-devices to the home, the hacker's job becomes even easier.

The task of hacking into thousands of unsecured home networks and taking over 15,000 or more devices might be insurmountable for a lone hacker, but a team of experts could readily pull it off and begin mining cryptocurrency without the owners' knowledge.

Some hackers might target small businesses or even larger corporations. As these networks easily contain the necessary number of IoT-connected devices, an individual could quickly gain control over thousands of different systems.

Mining, in this context, is a process of verifying transactions across a cryptocurrency-backed network. Cryptocurrency miners use various tools — including hardware and software utilities — to solve sophisticated mathematical algorithms and, as a result, generate digital monies that are tradable for real-world goods or cash.

Since coins are often used for nefarious or downright illegal activities, hackers try to use the accounts of unsuspecting victims whenever possible to maintain anonymity and cover their tracks.

Many popular coins, like Bitcoin, require advanced hardware that’s available in current-gen smart-devices. But other cryptocurrencies, like Monero, are made to harness the power of many individual machines simultaneously.

Similar Incidents in the News

A flaw like this isn't the first time that IoT-connected devices have been proven vulnerable to hacking. As reported by IBM X Force, a revised version of the Mirai botnet is programmed to take over a device and mine cryptocurrency via Linux.

Mirai is disheartening to security experts. It was the botnet responsible for a 2016 DDoS attack that caused massive service outages on sites like Netflix, Reddit, GitHub, Twitter and more.

According to a statement released by IBM X Force, the botnet gains entry into a system via the BusyBox program on Linux-based machines. Considering that Linux runs some of the largest and most popular websites, operating systems and software packages, the potential for exploitation is very serious.

Fighting Back

Fortunately, you can take some steps to secure your network from outside threats — including the latest botnet hacks. Always make sure your devices are on a secure network and protected behind a strong password.

Update your hardware with the latest updates as soon as they're available from the manufacturer, and use software protection — like antivirus and anti-malware utilities — on smartphones, tablets, laptops and desktop computers.

To make the job even harder for would-be hackers, avoid connecting to public Wi-Fi whenever possible. Never keep your personal devices on the same network as your primary desktop or laptop, as this makes it easier for cyber-criminals to jump from one system to another.

Finally, make sure to change the default login credentials on any new device you add to the network. Many come with generic information that is easily exploited.

How the MWC Is Protecting Our Networks

The Mobile World Congress — dubbed the "world's largest gathering for the mobile industry" — is organized by the GSM Association. Sometimes known as the Global System for Mobile Communications or simply "the GSMA," the organization began hosting events in 1987. It remains the largest conference in the mobile industry, and it continues to highlight new security flaws and solutions — including problems with IoT connectivity — to this day.

Stay up to date with the trends of these devices and activity surrounding them, and you’ll have a better shot at fighting back against hackers.

Read more…

IoT Cyber-Security Puzzle

Image courtesy: Pixabay

I recently attended one of a significant [email protected] Internet of Things event which featured keynotes, speeches and presentations from CTOs/SVPs-Tech/VPs of major IT firms. Attending these presentations sometimes give you a feeling of being in literature or a rhetoric club where instead of hearing context oriented speeches you get to listen to a bunch of fairy tales with almost every sentence including overused adjectives like “trust”, “motivation”, “responsibility” and so on.  An SVP of a major IT player was asked about the measure (technical) her company takes to ensure data integrity and prevent cyber-attacks. Interestingly, her answer to this was the statement that “they maintain a culture of trust in and around the company”. To me, it is like standing in front of a hungry lion and telling him that you believe in non-violence. Today in the age of internet and IoT, we have to deal with thousands of cyber criminals (hungry lions) who are waiting to penetrate the system and make most out of it. To keep them out you need a lot more than just “trust”.  

On the same event, I had an opportunity to talk to many cybersecurity experts and companies, and I confronted them with a question of mentioning at least one relevant cybersecurity norm/standard/certificate pertinent for each major component in an IoT stack. Unfortunately, most of these discussions turned into some sales pitch. The question one can raise at this point is that is it so challenging to mention at least one “state of the art” cybersecurity measure for every IoT component? Or just that the topic is underestimated? 

This blog is just an attempt to name a relevant security standard/certificate or measure for every major element in IoT stack (see below) without going deep into the details of each and very standard/norm or certification. 

For this sake, we will assume a simple IoT stack as illustrated below :

 

Fig.1: IoT stack of a simple use case

In this use case, an industry sensor collects the physical parameters (temperature, pressure, humidity etc.) and transmit the values via Bluetooth/Wifi/wired connection to the gateway or edge device. The gateway device, depending on the type (simple or edge) perform a certain minimal calculation on the received data and push it into the cloud via a Wifi/4G connection. The cloud collects the data and uses this data to feed desired micro-services like analytics, anomaly detection etc. Cloud also offers an interface to the existing enterprise and resource planning (ERP) system to synchronize the running process with the current one as well to provide product /service related information over the IoT platform to the end user. What the user sees on his screen is then the dashboard of IoT use case which is a graphical representation of the micro-services running in the background. 

As we can see, there are four to five main stages and at least three interfaces (sensor-gateway, gateway-cloud, cloud-user) in a typical IoT use case. These stages and interfaces are on the target of cybercriminals who try to hack into the system with the intention of either manipulating or hi-jacking the system. Safeguarding just the components is not adequate. The underlying IoT communication layer (Bluetooth/Wifi/4G etc.) need to be secured as well.  Also, organisations running or involved in such IoT use cases must ensure safety and integrity of the process, technical as well as user data through a certain information security management system (ISMS) in place. 

To sum up, we need security measures at a component, communication-interface and organisational levels. Now if I have to write state of the art or “best in class” security measure (excluding cryptography) next to each stage, communication type and interfaces in the diagram above, then the resulting picture might look like the one below. 

 

Fig.2: IoT stack with relevant cyber-security measure

 

What, in your opinion, could be included/excluded or replaced in this diagram? Feel free to share your opinion.

 

Read more…

 

The Internet of Things — or IoT — is taking the IT sector by storm. Although it only boasted two billion systems in 2006, it's set to reach 200 billion connected devices by 2020 — and even more beyond that.

As companies and consumers all continue to explore the benefits of the IoT, one thing has become clear: the IoT needs proper encryption.

Given the sheer amount of online and network-oriented threats today — including everything from traditional viruses to advanced malware and malicious computer coding — data encryption is necessary to ensure the long-term success of the IoT.

Establishing these protocols while the IoT is still in its infancy will provide additional integrity to IoT-fueled projects and generate increased interest in the platform as a whole.

Overcoming the Roadblocks to Success

Modern society is well on its way to embracing the IoT for everything from industrial automation to in-home convenience, but there are two significant roadblocks to the platform's success.

1. Power Consumption

Today's IoT networks, which contain servers, access points and peripheral devices, consume enormous amounts of power altogether, but some tools require more power than others. 

While traditional network-level encryption tools are optimized for larger systems and infrastructure, they don't always scale down to smaller formats in an efficient or viable manner.

Developing a chip with higher energy efficiency and the ability to scale down minimizes the strain on current and local power grids and makes it easier to secure individual devices via existing encryption methods. 

2. Data Security

Consumers have received an enormous dose of reality in the 21st century. Those who haven't fallen victim to a cyber attack or hack probably know someone who has. The number of data breaches involving consumer information is troubling.

There are even rumors of foreign entities interfering with U.S. elections, including the 2016 election of President Donald Trump. Data security is in the spotlight now more than ever before, and it's a tremendous obstacle for the IoT to overcome.

However, a new chip manufactured by the team at MIT solves both of these problems. Not only does it focus specifically on public-key encryption — a straightforward and user-friendly method of modern encryption — but it also consumes 1/400 of the power of comparable chips.

It also uses 90% less memory than current chips, which lets researchers execute commands and complete processes up to 500 times faster.

Encrypting Consumer Data via Mathematics

The newest chip utilizes elliptic-curve encryption. It's a highly sophisticated, dominant form of data security often used in HTTPS connections. MIT's latest advancement efficiently breaks this system down for use on the individual devices that comprise the IoT.

As noted by the team at MIT, "cryptographers are coming up with curves with different properties."

The new chip is flexible enough to support all the known curves in use today, giving it maximum compatibility with different organizational and governmental standards. The team hopes to implement additional support for any future curves, as well.

Making Advancements in Artificial Intelligence

The team at MIT is also making headlines in the area of artificial intelligence (AI). Between self-driving cars and increased automation both in the factory and the home, AI is a hotbed of debate. Whether consumers are in favor of automation or against the idea altogether, one thing is for sure: AI-driven robots must operate by an acceptable set of ethical standards.

Just like encryption, it's a subject that invites multiple interpretation and solutions.

To spur development into the future of AI ethics and programming, MIT recently took a poll of the online public. By seeking the input of the average consumer, the school hopes to play an essential role in how next-gen robotics make decisions, prioritize tasks and interact with their human counterparts on a daily basis.

How MIT Is Safeguarding Our Future

Between the increased need for data security and sophisticated AI, IT experts have their work cut out for them.

The work of individuals and groups like the team at MIT is already making headway into these areas, but society is only at the beginning of what will likely become a long-term, complicated relationship with technology.

Image by Kevin Ku

Read more…

 

 

IoT security challenges

 

IoT is a complex network of billions of Internet-connected devices that collect and transmit huge amounts of data across of a wide range of devices (sensors, robots, machinery, mobile apps, digital assistants, etc.) and integrated systems. Also, the data have to pass different administrative boundaries with different policies. Certainly, all of it creates challenges for protecting the IoT ecosystem.

First, companies and organizations have to ensure privacy and confidentiality of user data. Second, data communications should be protected at all levels. So, when building an IoT solution, take care of the “right” data delivery including the right place, time, and form. Third, make all interactions traced and monitored so that suspicious activities will be instantly detected.

There are many IoT security risks and challenges you should know and prevent when developing an IoT project. In terms of increased worry about cyber attacks and data privacy, companies have to establish new security models and integrate innovative technologies. In the IoT world, the use of Blockchain is an emerging trend promising to solve most or even all of IoT security issues.

 

What is Blockchain

 

Blockchain is a technology of the distributed ledger that maintains a continuously increasing number of transactions. Representing an immutable and inconvertible record and being based on cryptographic algorithms, Blockchain provides data security and protects data.

As Blockchain is decentralized, there is no central authority or regulatory body required for transaction approval and management. A distributed technology nature makes computer servers to come to a consensus, allowing transactions to be carried out anonymously and without intermediaries.

Blockchain is also about trust: cryptography is used to prevent technical data forge and distortion. In the chain of blocks, each block contains a hash serving as a link to the previous one. Thus, it’s impossible to substitute an intermediate block in the finished chain.

So, Blockchain provides a high-security level. While the tool is the same, it has many successful applications in a variety of business industries. Mika Lammi, Kinno’s Head of IoT Business Development, Kouvola Innovation Ltd, said: “I believe Blockchain to be one of the truly disruptive and innovative application areas in the world now, and that it will create huge waves across all imaginable business sectors”.

 

Blockchain and IoT

 

Coming up with decentralized, autonomous, and data protection capabilities, Blockchain has a great potential to secure the IoT ecosystem. In the Internet of Things, Blockchain can keep an immutable record of connected devices’ activities and automatically maintain the history of their communications.

What’s more, by integrating the technology, companies and organizations can allow trustless safe message exchanges between IoT devices. In this case, Blockchain will work like in financial transactions: data is transmitted between multiple devices and delivered to the places required. To enable peer-to-peer messaging, businesses can integrate Ethereum smart contracts serving as the agreement between two parties.

For example, let’s take Blockchain and IoT linked together to improve manufacturing operations. Here the use of Blockchain can enable smart devices to not only exchange data, but even automatically execute financial transactions. IoT devices monitor machinery and equipment health, alert managers about problems, and order repairs when required.

In the agriculture industry, farmers can place IoT devices to collect data about crops in order to ensure an efficient functioning of the irrigation system. Smart contracts describe how the solution parts (analytics system, sensors, etc.) should behave based on the conditions defined. This approach helps provide automatic water management.

 

Blockchain advantages for IoT security:

 

  1. Immutable record of all data communications
  2. Monitoring of suspicious activities
  3. Prevention of data forge and distortion
  4. Peer-to-peer messaging between IoT devices
  5. Autonomous functioning of smart devices

 

Today, Blockchain is one of the most promising trends in IoT security field. Decentralized and data protection capabilities make Blockchain a perfect part of IoT solutions. Understanding the technology prospects, many companies have already integrated Blockchain to solve IoT security challenges.

Read more…

Botty Media

The revolution of digital technology has disrupted and transformed the entire Media Industry. The evolution of print to online media has significantly impacted the individual, business, society, and nation overall. The digitization has changed the judicious "decision-making" capability of an individual which can make or break something powerful in this world. 

The advent of the Internet and transformational technologies have redefined the way we gather, receive and consume the news today. During the Pre-Internet era, it was challenging to get international or even national information without the Newspaper which slowly evolved to Radio, Television, and Social-Media. 

With time, 'Time' became the most significant challenge which a man is always battling especially in the fast-paced mechanical world. This challenge paved the way for one of the biggest business opportunity for Media Industry in the world. Mobility became the future, and with this development, the media rapidly advanced itself in the era of social-media by providing online-news via apps which led to the decline of the print-media businesses. 

However, the ever-growing influence of online social media gave birth to the 'Fake News or Yellow Journalism which refers to journalism that provides little or no legitimate or well-researched news. Instead, they present headlines story that is eye-catching and sell more newspapers. The media and all other superpowers in the Industry who wanted to manipulate adopted methods such as exaggerations of news-events, sensationalism, scandal-mongering, deliberate hoaxes or misinformation via print and broadcast news media or online social media. 

The fake news is published or written with the explicit intention of misleading to damage the reputation of an entity, agency or a person, and or to gain politically or financially, often using outright fabricated headlines to increase readership, coverage, online sharing, internet click revenues or any hidden business motivations. 

To top it all the technology has proven advantageous to players in the 'Fake News.' The 'Bots' are designed with the intelligence and robotic power to perform any automated task without human intervention. In the case of online media, they are programmed to gather and collate 'Fake News' that could make or break any business, people, society or a nation. 

Let us take the recent case of 2016 US presidential election, according to the CBS News the stories which consistently featured in Google's top news search results were widely shared on the Facebook and they were taken seriously by the readers. Mark Zuckerberg, CEO of Facebook, made a statement, "I think the idea that fake news on Facebook influenced the election in any way, I think is a pretty crazy idea." A few days later, he blogged that Facebook was looking for ways to flag the fake news stories. Angela Merkel expressed her concern by discussing the topic on Fake News and Bots which can manipulate public opinion is committed not to use social bots for her campaign strategy.

However, demonizing bots might cause society from overlooking the possibility of using the same bots for the good of mankind. Be it a Bot or Chatbot it can be the optimal tools for eliminating the fake news from the system. Using Artificial Intelligence (AI), the bots can be programmed only to collate legitimate news whose data source has been validated. Apart from eliminating the rudimentary system of reporting, the 'AI Bot or Chatbot' will automate the entire online news reporting system and slowly eradicate the yellow journalism from its roots. 

To summarize, the 'Media Industry' should collaborate with Technologists and Subject Matter Expertise for designing and developing AI Bots that can bring in the Next-Gen online news reporting system which will be instrumental in eliminating the 'Fake News' from the system and help establish people's trust back in the power of the Social Media. More importantly, reinstating the judicious decision-making capability of an individual. 

Read more…

Evolution of Drones

It is the 'Era' of Unmanned Aerial Vehicles (UAV), or Unmanned Aerial System (UAS), an all-encompassing term which includes the aircraft or the UAV, and the ground-based controller (the person operating the machine), and the system of communications connecting the two, commonly known as 'Drones.' 

Today, the drones are revolutionizing the world and businesses which hardly anyone could have ever imagined. UAVs or drones was an aircraft without a human pilot aboard. UAVs include both autonomous drones and Remotely Piloted Vehicles (RPVs). 

According to the brief history "The U.S. military experimented with pilotless aeroplanes as “aerial torpedoes” or flying bombs far back during the first world war, but with no significant success—until the Vietnam war, when jet-propelled, camera-equipped drones built by Teledyne-Ryan were launched and controlled from U.S. Air Force C-130s. 

"Abraham Karem born in 1937, is regarded as the founding father of UAV (drone) technology. "Karem built his first drone during the Yom Kippur war for the Israeli Air Force. In the 1970s, he moved to the USA and founded his company Leading Systems Inc. He started the manufacturing of his first drone 'Albatross' in his home garage. Later on, the sophisticated 'Amber' which eventually evolved into the famous 'Predator' drone that brought him the title of "drone father". Karem has been described by The Economist magazine as the man who "created the robotic plane that transformed the way modern warfare is waged, and at the age of 80 he continues to pioneer other airborne innovations." 

The UAVs or drones were associated with the military and those used by the US Air Force for surveillance, small intelligence, and reconnaissance craft of which some of them were light enough to be launched by hand, medium-sized armed drones to large spy planes. However, with the technology that is in use is incredibly advanced. It uses Artificial Intelligence (AI), GPS, 3D scan, Biometrics, to Robotics and remote control to pilot essentially unmanned aeroplanes of different sizes, weights, reaching new heights figuratively and literally. 

Let me discuss some of the significant use-cases of the Military or Law enforcement Drones:

1. Air Strikes: The UAVs or drones are used for air strikes. According to President Obama, the US Military used drones to attack militants in the tribal areas of Pakistan. The drones hover over the suspected areas to fulfil the military operation.

2. Bomb Detection: The increasing frequency of terrorist attacks which the world has witnessed in the recent past can be mitigated with the help of drones. Small size drones can easily penetrate into the restricted areas. The inbuilt cameras make the drone highly suitable for bomb investigations. Thus the UAVs are apt for detecting the unexploded bombs and securely dealing with a potential bomb threat. 

3. Surveillance: Any country's Defence tends to conduct periodic surveys to ensure the protection of the place and its people usually. The drones are also used for criminal surveillance which could help trace missing persons, a search of criminal gangs or mafia groups. In 2009, the drone from Dayton carried out surveillance for 200 hours across cities. This helped in capturing the images of thirty-four murders as they happened in real-time. These attacks were carried out by a cartel, and the footages helped the Police to get to the perpetrator's getaway, vehicles and their various accomplices. 

4. Hostage Negotiation: The future of the drone could be an application of tiny drones, the size of an insect which will be capable of revealing the happenings in a hostile location. It is believed that the manufacturers will be able to provide 'Biomimetic' designs which will be suited to mimic nature along with the 3D depiction scan for appropriate handling of a hostage situation. The drone will help show precise details of exact happenings in the given locations without risking the lives of the security personnel. The drones will be of good use in conducting negotiations without the need for sending a negotiator to the hostage site. Instead, it can be achieved by sending a drone with a facility for a facetime chat with the hostage-taker. 

5. Crime Scene Analysis: Drones play a significant role in the future crime scene investigations due to the drone's ability to take photos and inspect the scene without any contamination of the pieces of evidence. Hence, the investigation team will not risk mistakes like footprints and fingerprints which were not supposed to be there. The police also could use drones to trackback discarded weapons from the crime scene location. Drones to help create maps for prosecuting or solving various crimes and documenting the evidence to convict the criminals who have walked-out scot-free due to lack of sufficient documented proof against them. 

6. Drone in Drug Interdictions or Tracing Missing Persons: Today, drones that are equipped with spectroscopic sensors help in detection of the meth labs, and similar use case can be applied for the storage of drug at sites to help in dealing with the menace of the illegal drug trade. It is most common for some close person to have gone missing. There have been several cases when a child has gone missing in a large crowd, or a person with Alzheimer disease has wandered from home. The drones equipped with cameras, facial recognition or license plate readers software will be able to swiftly and efficiently search and track the missing people. These drones will transform the way the future search operations of the missing people are conducted.

Military usage of UAVs or drones has become the primary use in today's world. According to Goldman Sachs, military spending will remain the primary driver of drone spending with an estimate of $70 billion drones by 2020. According to the latest news, "The US Military's latest autonomous aircraft is radically changing how they resupply units in the combat zone. It is all about keeping the troops safe and saving lives. The UAV helicopter is meant to resupply forces in combat zones quickly delivering ammunition, water, batteries, and even blood before returning to base. With no need for pilot or crew, it could eliminate the need for troops to fly or drive supplies to hostile, fire or dangerous roadways. The project is a partnership between the office of Naval research and tech company Aurora Flight Systems."

These are some of the use-cases of the Military or Law-Enforcement UAVs or Drones which I have discussed here. However, in my next couple of articles, I will be addressing the Non-military or Commercial, Personal and Future use-cases of the UAVs or Drones that has disrupted and transforming the world. 

To conclude, the drones will play a vital role in the resolution of future conflicts and the replacement of the human pilot. Drones are also cost-effective, time-saving and life-changing. Although, the application of drones in the Law-Enforcement domain is niche but will need the Federal Aviation Authority (FAA) to have the relevant regulations which would govern the right use of 'UAVs or Drones' in a lawful manner that will bring protection to the people and its nation.

Read more…

Over the last couple of years, the Internet of Things grew into a huge gate between the reality and the digital world, and CES 2018 was the event that nailed it. IoT dominated the event with a vengeance, and it could be roughly divided into two major areas: smart home (with a nod to smart city) and industrial Internet of Things (with a nod to the much-hyped Industry 4.0).

The event showed the inevitable changes in the industrial sector that are likely to reward early adopters with shares on the market. Meanwhile those who avoid innovation get left behind in the long run. Such companies as Bosch reinvent the way manufacturers run their facilities, with a focus on increased performance and care for safety of human workers.

Smart home was represented not only by a huge variety of standalone products, but also by closed ecosystems created by such consumer tech giants as LG.

Automotive industry always has been leading in innovation with self-driving and connected cars being part of the IoT market. This year all major car manufacturers hosted a kind of car show inside CES, introducing new automotive IoT products.

Besides these spheres, there were two more major followers of IoT trends: healthcare and retail. Both aim for automation of operations, provision of personalized experience to customers, and overall transformation of the ways they operate.

Read more…

 

The Internet of Things plays an important role in today’s life, affecting a plenty of businesses and changing the way we work, live, and entertain. Coming up with workflow automation, remote equipment monitoring, inventory tracking, and real-time data collection, IoT promises to bring innovation in various industries.

Understanding high IoT potential, companies and corporations invest in IoT projects, startups, and initiatives. According to New IDC Spending Guide, the worldwide IoT spending is predicted to reach nearly $1.4 trillion in 2021. What’s more, Gartner research expects the number of IoT-enabled devices will be about 21 billion by 2020.

Though IoT provides many advantages and opportunities, there remain IoT security risks and challenges, that now are of the highest concern. Since today almost everything can be hacked, businesses have to look for and integrate new security mechanisms allowing to ensure data and device protection.

 

The main IoT security risks

 

1. Data Leaks

Smart devices collect and transmit various data that may involve such important information as credit card numbers, zip codes, customer locations, camera images, IP addresses, and much more. A leakage of private/personal/business/financial data can lead a company to money and reputation losses, and harm people’s lives.

2. User verification

Misconfiguration and default passwords use are common reasons for the appearance of device/data vulnerabilities. That’s why engineers should implement the ability for customers to create their own passwords while establishing the highest level of password reliability that all users have to follow.

3. Lack of regulations

Unfortunately, there are often no regulations for IoT devices. The creation of a standards-based approach to security should be a top-priority task for companies, organizations, and even governments.

4. Unknown surveillance

Often unprotected IoT devices can be accessed by any remote user or at least can be easily hacked. The consequences can be poor: for instance, streaming and selling private videos and images (including those from stores, shopping centers, etc.).

 

IoT security recommendations

 

1. Focus on data traffic monitoring. Imagine a cloud IoT solution, that monitors both inbound and outbound traffic, traces all suspicious activities, blocks unsafe communications, instantly alerts users and the central system about potential problems, and prevents data leaks.

2. Implement end-to-end encryption in your application, the most reliable way to protect user data. Famous mobile messengers WhatsApp and Viber added the support of e2e encryption long ago. If your project implies many data/user communications, you can use this approach too.

3. Use reliable tools that help ensure data confidentiality and privacy as well as build a secure and scalable data storage. Integrate a feature of suspicious activity and malicious code monitoring. For example, today we can see an increasing use of AI technology for real-time security monitoring.

4. Focus on testing activities. When developing an IoT solution, pay a lot of attention to the testing/QA process. It’s much better to prevent any security issues at the pre-release stage than waste time for bug fixing after.

5. Integrate a Blockchain decentralized approach. Since Blockchain is based on cryptographic algorithms, it helps protect and manage data. Blockchain has all transactions (interactions) recorded, so the history of smart devices will be also recorded. At the moment, the use of Blockchain for securing the Internet of Things is one of the emerging and most promising trends.

 

As you see, there are really good ways to minimize IoT security vulnerabilities. Here I should note that one of the best recommendations for developing a successful IoT project is to apply to a reliable IT company that would focus on security and data privacy issues. Also, when choosing the company, pay attention whether it meets the GDPR requirements, which will be especially important from the regulation enforcement on May 25, 2018.

 

Read more…
RSS
Email me when there are new items in this category –