Subscribe to our Newsletter | To Post On IoT Central, Click here


Security (131)

The Emerging IoT Nightmare: Smart Dust

By Mike Krygeris, Sr. Field Engineer at Plixer International

Internet connected thermostats, refrigerators, pet feeders, cameras, DVRs, etc. are all part of the Internet of Things (IoT).  Numerous articles have been written detailing how these devices are being hacked and used for nefarious purposes like hosting illegal web sites to sell contraband, exfiltrating data from other devices and even participating in DDoS attacks.  This information is all true and concerning, however there is something on the horizon that is potentially far more menacing called Smart Dust.

Gartner forecasting that the “connected things” market will grow from 6.4 billion devices in 2016 to 20.8 billion by 2020, this will be the driver pushing DDoS to a double digit growth in 2017.

Smart Dust

Smart Dust is the term used to describe very small chips containing a system of tiny microelectromechanical systems (MEMS) such as sensors, robots, or other devices that can, for example, transmit temperature, vibration, GPS coordinates and more.  Imagine attaching a small sticker of Smart Dust to every package shipped by UPS, FEDEX and US mail. These devices allow the consumer or the shipping company to track everywhere the package goes, measure the temperature, see if it is opened or dropped on the floor. Just add the Smart Dust chip to the shipping label, scan the hardware ID (I.e. IPv6 address) with a mobile application and track it on-line.  

Bridges and buildings could contain sensors to help more accurately monitor wear and tear or even double in functionality to provide weather details to an entire industry of meteorologists. If a company has a problem with staplers disappearing from employee desks, just attach a piece of Smart Dust and start tracking them… “I believe you have my stapler.” Take a look at this article and it might change your idea of what IOT will be in 5-10 years.

Smart Dust Internet Connectivity

IOT vendors will have very specific machine to machine (M2M) communication scenarios.  Unlike our mobile phones, customers won’t be providing the internet access for a lot of these devices. It will just be there. This type of communication is already in place in a few cities. The first being Amsterdam.

SIGFOX is one type of low bandwidth IoT communication technology.  Other low bandwidth IoT technologies include LORA and 6LoWPAN, and they   T all operate at layer2 to communicate directly with the internet. Although each MEMS can only communicate at speeds comparable to a modem, and as an aggregate, there is strength in numbers.

Powering Smart Dust

Today, Low Power Wide Area Network (LORA) radios can be powered for a few years with  just a CR2032 battery but, what about when science develops a way to “harvest” ambient energy to power electronics?  At that point, Smart Dust (MEMS) will never power down leaving the potential for a massive number of micro-computing devices remaining on-line indefinitely.  

Internet of Zombies

To date, public discourse on Smart Dust has not included details around the identity, ownership and security of these devices. These are important topics that will need to be considered.

How do you deal with this type of IoT device if it were to become compromised by a hacker? Would UPS or FEDEX be responsible for millions of infected MEMS participating in DDoS attacks while they sit in landfills all over the world?  Without a definitive end-of-life after their use, these objects could stay connected to the Internet forever!  Without ownership and responsibility, some Smart Dust won’t be decommissioned properly and could end up as the Internet of Zombies, essentially becoming the trash on the side of the information superhighway. 

Embedding security and defining end-of-life processes would add cost into the creation of MEMS, which is the reason it will likely not happen on its own.   For current examples, you need only look to the IoT devices currently being compromised by the Mirai Botnet. There is simply little incentive for manufacturers to create strong security and identity management on IoT devices because it slows time-to-market and increases production cost.

The Future of Smart Dust

Today’s IoT still plays by the rules of perimeter security, ownership and a infrastructure management. The IoT of tomorrow will be much more like the meatspace  of today and we need to plan for it accordingly. Smart Dust technology already exists and is likely being implemented without careful consideration to security.  

A parallel internet meant just for IoT and Space Dust, and bound by a different set of rules, may be the safest way forward. This internet’s control plane might leverage a software defined network (SDN) approach with an open and decentralized traffic-forwarding paradigm similar to BGP. LISP for example, comes to mind as it can provide a standards based location while offering an independent network fully gated from the regular internet.  MEMS manufacturers could consider defining a shelf life, similar to that of a gallon of milk.  After a given time frame, the MEMS will simply stop working.

Monitoring systems will need to be put in place, such as those that consume NetFlow and IPFIX, to help service providers keep an eye on the traffic generated by these devices.  These monitoring systems will measure the volume and traffic types generated by MEMS and will provide forensic data for the investigation of malicious and unwanted activity.    

Read more…

Bruce Schneier, cybersecurity expert, cryptologist

By Ben Dickson. This article originally appeared here. 

As if I haven’t said it a million times, IoT security is critical.

But just when I thought I had it all figured out, somebody comes along and sheds new light on this very important topic in a different way.

At a November 16 hearing held by the Congress Committee on Energy and Commerce in light of the devastating October 21 Dyn DDoS attack, famous cryptologist and computer security expert Bruce Schneier offered a new perspective on IoT security, which makes it easier for everyone to understand the criticality of the issue.

After watching it at least three times, I decided to share the main concepts with the readers of TechTalks. Here are the key takeaways, which I’ve taken the pain to elaborate on.

Everything is now a computer

“Everything is now a computer,” Schneier said at the beginning of his remarks, after which he gave examples about how our phones, refrigerators, ATM machines and cars have in essence become computers that perform functions in the physical world.

“And this is the Internet of Things, and this is what caused the DDoS attack we’re talking about,” he continued.

IoT devices are much more different from objects with a little silicon and electronics baked in. We’re talking about devices that are sometimes running fully functional operating systems and are enjoying broadband internet connections.

And as we all know, computers are smart—but they’re also hackable.

So what it comes down to is that soon, everything around you, from your toaster to your lawn mowing machine, fridge, light bulb and door lock can be hacked and used directly (against you) or indirectly (against others) for evil purposes.

And then Schneier went on to “give four truths” from the world of computer security—which he extended to “everything security”—that apply to everything.

Attack is easier than defense

This was Schneier’s first premise. As the saying goes in cybersecurity jargon “cybersecurity experts have to win every battle. Hackers only have to win once.”

But it was his next phrase that said it all.

“Complexity is the worse enemy of security,” he said. “And this is especially true for computers and the internet.”

Attackers find methods to use software and operating systems in malicious ways that were never imagined by their developers. This is partly due to security flaws found in the source code or the simple fact that the basic functionalities embedded in those software can be combined in innumerable ways.

Even highly secure operating systems such as the Apple iOS tend to spit out vulnerabilities every once in a while.

So said in another way, you have to plug every security hole—hackers only have to find one.

Interconnections introduce new vulnerabilities

This is an extension of the complexity concept.

“The more we connect things to each other,” Schneier said, “the more vulnerabilities in one thing affect other things.”

And he went on to give accounts of some of the cyberattacks that made their fame in recent years, including the Target hack, and of course the Dyn attack, in which the hackers exploited vulnerabilities in several systems to stage their attack.

“Vulnerabilities like this are hard to fix because no one system might be at fault,” Schneier explained.

In many cases a flaw in one system might not be critical per se, but when that system or component is combined or connected to another one, the same vulnerability might open up new ways to cause harm.

Many IoT manufacturers embed third party components into their products that are inherently insecure, and they don’t even know about it. I know of at least one Chinese company that was offering vulnerable white label DVRs and components to other companies, whose products were involved in the Dyn DDoS attack. Good luck recovering all those tens of thousands of devices.

And we’re entering a world where abstraction is playing an increasingly important role in creating software and hardware. Blackbox systems connect over the internet and allow access to their data and functionality without having full knowledge of their vulnerabilities.

The internet empowers attackers

“The internet is a massive tool for making things efficient,” Schneier said, “and that’s also true for attacking. The internet allows attacks to scale to a degree that’s impossible otherwise”

The Internet of Things has taken that scaling power to the next level. It was true for the Dyn attack, as well as a host of other recent DDoS attacks that were based on IoT botnets.

In terms of efficiency, Schneier underlined the fact that hackers have an easier time sharing their knowledge and experience thanks to the internet. The source code for the Mirai botnet, which was used to stage the Dyn attack, has been released and is now available for all to use.

And for those who don’t have the knowledge to make use of the source code and create their own IoT botnet, they can rent one at an affordable price. “I don’t recommend it,” Schneier said.

The for-rent cybercrime business model is gaining traction. Recently, hackers put up a ransomware-as-a-service platform to allow wannabe hackers to cash-in on cyber extortion.

“This is more dangerous as our systems get more critical,” Schneier said next. “The Internet of Things affects the world in a direct and physical manner.”

This is something that I’ve been saying a lot. It’s one thing to lose access to your favorite website, lose online documents or even have your most intimate secrets doxed. But it’s another thing altogether where your very life and health are concerned and can becompromised from thousands of miles away.

And that’s what the Internet of Insecure Things is leading us.

Schneier: “There’s real risk to life and property. There’s real catastrophic risks.”

The economics don’t trickle down

“Our computers are secure for a bunch of reasons,” Schneier said—and that’s relatively speaking (my own comment). “But it doesn’t happen for these cheaper devices.”

There are many reasons that IoT devices are created with less security. Schneier named a few:

  • Low profit margins: Manufacturers are doing their best to lower the costs, and therefore pack the devices with cheaper and less secure components, and firmware and low-end operating systems that can’t run security software.
  • IoT devices are offshore: Many devices are treated in an install-and-forget manner. How many times do you check the logs for your thermostat? Also, no sane person leaves their desktop computer or smartphone in an unprotected environment. But IoT devices are made to be installed in the open and left unattended. And yet in many cases, these same devices sport storage and computation capabilities that rival those of mobile and desktop computers, to say nothing of their broadband internet connections.
  • No dedicated security teams: Many of the manufacturing companies don’t allocate resources and funds to securing their devices, because as some will honestly admit, “Consumers don’t pay for security. They pay for functionality.” And vetting code and hardware for security can be costly. Also, we’re in the “Gold Rush” phase of the IoT industry’s development, where every new kid on the block is in a hurry to ship a connected device to the market before their competitors do, so naturally, things such as security take a backstage seat.
  • Devices can’t be patched: Desktop and mobile operating systems are regularly updated and patched to fix security holes. The same can’t be said about IoT devices. In many cases, the mechanism is nonexistent, while in others, it’s so arduous that consumer will simply forego applying them. And let’s not forget that these are install-and-forget products. And as Schneir reminded in his remarks, many of these “things” such as fridges and cars will not be replaced for a long time—some, never. This means they’ll remain vulnerable for the rest of their lives, causing potential damage to their owners and others.

What needs to be done?

“The government has to get involved,” Schneier said. “What I need are some good regulations.”

I agree, but I would also extend the point and say “Everyone has to get involved,” and that includes manufacturers, who should get serious about securing their devices, or suffer the consequences. It also concerns ISPs, who should do more to spot and block botnet traffic. And consumers should become more savvy on cybersecurity in general and demand more security from manufacturers.

But of course, the government has to play a regulatory role that will ensure implementation.

“For the first time, the internet affects the world in a direct, physical manner,” Schneier said. “When it didn’t matter—when it was Facebook, when it was Twitter, when it was email—it was OK to let programmers, to give them the special right to code the world as they saw fit. We were able to do that. But now that it’s the world of dangerous things… maybe we can’t do that anymore.”

I liked that phrase, and I think we ought take it seriously.

Watch the full hearing here:

Read more…

How to avoid that a handful of companies can dominate IoT

Possibly be the US technology companies the most commonly use the word “democratization” as a marketing and sales argument. Influenced perhaps by the famous quote of President Abraham Lincoln "Democracy is the Government of the people, by the people, for the people”, US Tech companies have been abusing of the term to sell more. I wondering if their intentions are closest to the no less famous Oscar Wilde´s sentence “Democracy means simply the bludgeoning of the people by the people for the people.”

Democratization of technology refers to the process by which access to technology rapidly continues to become more accessible to more people. Thomas Friedman argued that the era of globalization has been characterized by the democratization of technology, democratization of finance, and democratization of information. Technology has been critical, facilitating the rapid expansion of access to specialized knowledge and tools, as well as changing the way that people view and demand such access.

Nowadays, with the combination of Cloud Computing, Big Data Analytics, and the Internet of Things (IoT), the promise of democratization of technology for all companies, not only the big ones, and government and citizens looks like more feasible.

It's no wonder, given my long career, which I have had to evangelize many times in front of customers and partners the idea of democratization of technology, an idea that has always fascinated and motivated me. Now I am doing the same for the “Internet of Things”.

The journey towards the Democratizing the Internet of Things

For companies like Inex Advisors, ”Data Democratization Migrates From Aspirational to Empirical With the Internet of Things”.   Most consider that democratizing the IoT will come by leveraging the sensor data wave and using that data to create solutions (IoT Platforms and Application Vendors), but for other democratic IoT technology should make it easy for users to build connections (Connectivity vendors).

One of the companies most active in Internet of Things, PTC, has used the concept Democratizing the IoT during LiveWorx event last July,2016. “I think what we’re most excited about is the opportunity to democratize IoT…making [solutions] really fast and really easy,” said Rob Gremley, Group President of Technology Platforms at PTC. The same company that is aimed to 'Democratize' Augmented Reality.

At Microsoft Ignite, Satya Nadella the former and prudent CEO of Microsoft outlined the 4 pillars for democratizing AI, and so on and so forth.

But, democratizing the Internet of Things is not just technology, is to ease new business model, is enabling sharing economy, is providing power to ordinary citizens, is provide a level playing field where small business owners can compete with large enterprises, is collaboration between humans and machines. The journey just started.

We need to fight to achieve and maintain the Internet of Things open, innovative, and free.

Democratizing Smart Cities through the Internet of Things

The most important thing about smart cities is not the technology—it is their effect on democracy. When we hear that smart cities can improve citizens’ quality of life, we want they give us the power to make decisions. For instance, if cities can monitor air pollution cost-effectively, as citizens we can play a role in making decisions based on that data.

The process of integrating data into decision making can also make cities more rational. Right now, our cities are too political and, very often, mayors don’t think long-term. They just worry how an investment will affect them or the next mayor.

While the design of smart city ICT systems of today is still largely focused on passive sensing, the emergence of mobile crowd-sensing calls for more active citizen engagement in not only understanding but also shaping of our societies. For instance, the Urban Civics Internet of Things (IoT) middleware enables such involvement while effectively closing several feedback loops by including citizens in the decision-making process thus leading to smarter and healthier societies.

Data assimilation, actuation and citizen engagement are key enablers toward democratization of urban data, longer-term transparency, and accountability of urban development policies. All of these are building blocks of future smart cities and societies.

Democratization of Water Data through the Internet of Things

The "democratization of water data" is not only timely but essential if we are to move from 19th century water policies and 20th century infrastructure to 21st century solutions.

We are still challenged to deliver safe drinking water to everyone. A few statistics frame the challenge: globally, 884 million people worldwide don’t have regular access to safe drinking water; 2.4 billion people lack improved sanitation facilities resulting in about 842,000 deaths per year, of which 361,000 are children under age 5.

Will Sarni, Director and Practice Leader, Water Strategy at Deloitte Consulting, consider that “Now it's time to democratize water data and IoT can help by allowing everyone had access to water quantity and quality data on a real-time or near-real-time basis, driving innovation and allowing collaboration between Public sector, civil society, investors, cross industry collaborations, Non-governmental organizations (NGOs) and Entrepreneurs.

“IoT will move us towards the goal of universal access to water data to accelerate solutions to universal and equitable access to water.”

Democratization of Farming through the Internet of Things

With cheap sensors now allowing us to connect to and understand the physical world in a way that’s been impossible on such a scale previously, we are seeing how the democratization of farming is coming, and the Internet of Things promises a revolution or reformation potentially larger than the internet revolution of the late 1990s.

Lance Donny – CEO of agtech startup OnFarm Systems – is one of a handful of innovators who have highlighted the potential for, as he calls it, Ag 3.0, a data-rich approach to farming that utilizes inputs from diverse sources – sensors on plants and farm equipment, weather stations and satellite images – to make better farming decisions

In this interesting article, Lance considers that the Internet of Things will be key in the democratization of farming because it offers the promise that some of the specialized knowledge that commercial farming requires today will be available to all, regardless of their farming prowess or economic situation.

Democratization of Healthcare through the Internet of Things

Beyond the trendiest fitness consumer gadgets, there’s a more significant healthcare revolution emerging right now at the convergence of affordable devices and tech and widespread broadband network connectivity. The Internet of Thing health revolution, will empower developing nations with more affordable, accurate and accessible healthcare than ever before, but also must allow the developed nations to guarantee better healthcare for all citizens.

Healthcare have a long way to go to prepare an infrastructure that could actually make use of the enormous amount of data that will be available, but many barriers like local policies should be removed, Implementation of IoT in healthcare can be expected to be slow and painful.

Democratization of Industries like Retail through the Internet of Things

With seemingly unlimited access, knowledge and power, connected consumers dictate and control the terms of retailer engagement. In this distributed, disruptive and democratized operating environment, retailers must effectively extend their unique brand experience beyond their physical and virtual four walls to wherever and whenever consumers demand.

Can the Internet of Things be democratized?

In the last three years, we have seen IoT escalate into the peak of the Gartner Hype Cycle for Emerging Technologies, and American Tech Giant companies have been quick to take advantage of their leading positions in the digital world to rush into the IoT. The IoT promises a profound impact on individuals and society and none of Tech Giant companies and Old Industrial firms, with power and influence do not want to be out.

Can we avoid that a handful of American companies can dominate the Internet of Things?.

Until now despite the regulation it has been impossible prevent a few companies have dominated information technologies and later the Internet and Social Networks. Looks like that it is impossible compete against their price wars and its ability to attract talent or acquisitions of Start ups. 

The only serious challenge to U.S. domination comes from China where the government has invested heavily in Internet of Things technologies and made them a part of its overall policy and planning.

Why IoT need to be democratized? - The Risk of Surveillance states

“Talking about IoT sounds futuristic. And depending on your point of view either dystopian or utopian.”

The recent largest DDoS attack ever delivered by botnet of hijacked IoT devices reinforces the ideas and recommendations expressed in my post “Do not stop asking for security in IoT” . Even with the current limited state of connectivity, similar incidents will be a regular feature of the emerging Internet of Things and even supporters worry that security issues may slow its development. Similarly, privacy and security concerns rise exponentially as greater connectivity increases opportunities for technical breakdowns and criminal hacking. One tech journalist referred to the IoT as “the greatest mass surveillance infrastructure ever”.

How can avoid that data-hungry businesses and governments collect data on the behaviour of people and the performance of objects. These offer opportunities for an enormous expansion in both surveillance capitalism and the surveillance state, with businesses refining targeted advertising and product development well beyond the crude systems that even today’s Internet makes possible, and governments deepening tracking and control of citizen behaviour and attitudes. 

Consider the commercial benefits to insurance companies that will be able to continuously monitor the health of customers, their driving habits and the state of their homes; or to governments that can adjust benefits and other services based on citizen behaviour registered in their actions, as well as their interactions with one another, and with the things that fill their lives.  Scare isn’t.

Read more at: https://www.policyalternatives.ca/publications/monitor/can-internet-things-be-democratized

Will Blockchain be the solution?.  Maybe, but at least we need to convince ourselves and persuade others not to allow our personal data from falling into the hands of a few BIG companies and surveillance states.

The impact of IoT on jobs

It is a topic that fascinates me. I have written several posts “Will Machines replace our White Collar Jobs?” , and be assured that I will continue writing.

Why democratizing IoT is essential for its survival

In this interesting post, Ryan Lester (Director of IoT Strategy, Xively by LogMeIn) alerts that IoT feels only achievable to those companies with unlimited resources to make it happen. 

We can not afford to leave out of the IoT revolution 90% of the companies out there. I agree with Ryan that in order to deliver on the true promise of IoT, “It’s up to the vendor community to democratize IoT and make it more available and accessible to companies of all sizes.”

Thanks in advance for your Likes and Shares

Thoughts ? Comments ?

Read more…

iot security

Guest post by Ben Dickson. This article originally appeared here.

Following last week’s DDoS attack against Dyn, which was carried out through a huge IoT botnet, there’s a general sense of worry about IoT security—or rather insecurity—destabilizing the internet or bringing it to a total collapse.

All sorts of apocalyptic and dystopian scenarios are being spinned out by different writers (including myself) about how IoT security is running out of hand and turning into an uncontrollable problem. There are fears that DDoS attacks will continue to rise in number and magnitude; large portions of internet-connected devices will fall within the control of APT and hacker groups, and they will censor what suits them and bring down sites that are against their interests. The internet will lose its fundamental value. We will recede to the dark ages of pre-internet.

That might be stretching it a bit, but the idea is that at the moment, IoT botnets are one of the biggest threats to internet stability, and there seems to be no stopping their growth because neither manufacturers nor consumers are concerned with IoT security, and as a result millions of new vulnerable devices are plugged into the internet every day, providing botlords with fresh new conscripts for their zombie armies.

But the silver lining in the entire Dyn episode is that it has served as a wakeup call for companies developing IoT solutions. Shortly after the attack, news broke that hacked products belonging to a certain Chinese electronics component manufacturer were the main culprit behind the Mirai botnet that launched the attack.

The company was forced to recall its products in order to patch them or replace them, which is pretty challenging because it develops and sells white-label products, which means many of its customers might not even know they are using its components. And there will always be some residual damage, as it’s virtually impossible to recall all devices, which means some will still roam across the internet with old vulnerabilities remaining.

Aside from the financial damage and the costs incurred from the recall and replacement, the company has suffered a huge blow to its reputation, and will have to try hard to regain the lost trust of its current and future customers.

This will serve as a warning to other companies that are in a hurry to avoid missing their share of a market slated to grow multi-trillion dollars in the next years, and are shipping out products without testing and vetting them for proper security and reliability. They will finally come to realize that it is within their long term interests to include security as part of the development process, rather than approaching it as an afterthought and focusing on the fast shipment of their products.

Many companies don’t even have the in-house expertise and knowhow of dealing with security issues in connected environments. They’ll have to either acquire the talent or outsource their security procedures. But it’s not something they can do without if they wish to survive the trials that await them.

They will also become more wary of the third party components they integrate into their products. As a result, component makers—like the one that was exposed after the Dyn attack—will also have to be more careful about what they’re selling to their customers.

And they’ll have to provision for the day security flaws surface in their products. Many IoT devices don’t have any means for updates and patch installation. In order to avoid the time-consuming and costly process of recalling products, manufacturers will have to embed over-the-air and online updating mechanisms, which will also make it easier for consumers to keep their devices up to date with the latest patches.

The overall result will likely be a slowdown of the IoT gold rush, which is a good thing. Newcomers as well as veterans will have more time to think meticulously on the design of their products and put more energy into securing their devices and preparing them for future developments and changes. Improved resilience and flexibility will be a positive byproduct of the process.

All in all, although the Friday’s attack was painful, it will help mature the IoT industry. From now on, manufacturers will either have to bake-in security into their products, or will have to wait for a security disaster to force them to either go out of business or fix their mess. Any rational mind will choose the former.

So things are not as bad as they seem. This is what I call the self-regulation of the IoT industry. Wonderful, isn’t it?

FEATURED IMAGE: SAVASYLAN/SHUTTERSTOCK

Read more…

The Internet of Evil Things

The Seventh Seal (1957)

Guest post by Joe Barkai. Original story appeared here

How Secure is the Internet of Things?

You may have heard me at a conference or read my response to questions concerning the security of the Internet of Things. When asked, I sometimes “refuse” to answer this question. This is not because I do not think that data security—and the closely-related data privacy—are not important; of course they are.  But I want to highlight the point that data security and privacy are foundational issues that are not unique to IoT devices. Every enterprise must ensure that all data—IoT generated or not—is secured and that data privacy and ownership are handled properly.

But in light of the recent highly-publicized cyberattacks, and a session with Chris Valasek (who is best known for wirelessly hacking a Jeep wrangler) and Mark Weatherford (past deputy Undersecretary for Cybersecurity at the U.S. Department of Homeland Security), I thought I should provide a brief update.

CCTV Bots Attack the Internet

On October 21, a massive, highly-distributed cyberattack, involving millions of IP addresses and a malicious software, crippled web servers across the U.S., temporarily shutting down DNS services and rendering major Internet sites inaccessible.

Distributed denial-of-service (DDoS) are not new. But according to web security firm Sucury, this was the first time it had observed an attack powered solely by hacked CCTV devices. The company discovered attackers have compromised more than 25,000 digital video recorders and CCTV cameras, and are using them to launch DDoS attacks against websites.

Taxonomy of IoT Devices

Internet-connected devices, such as the CCTV devices involved in the DDoS cyberattack, are getting cheaper and more powerful. This trend inspires conceptual architectures that place smart, connected devices at the edge of the IoT network.

There are some perfectly good arguments as to why sophisticated devices with autonomous decision authority should reside at the edge of the network. For instance, moving decision-making devices closer to the industrial processes they control improves real-time control and reduces network traffic and information latency.

On the other hand, there are also equally convincing rationales to consider the use of less sophisticated and less autonomous edge devices.

First, devices that do not need to perform complex computational tasks are simpler and cheaper, consume less power, and are less prone to failures. And because of their low computation bandwidth and limited command and control reach, these devices are far less prone to hacking.

Much more importantly, however, many business decisions should not and cannot be performed at the edge device level. While command and control of a single machine can be done locally and autonomously, the type of deep insight that drives predictive analytics and long-term decisions is based on multiple inputs from the broader IoT and business network: multiple machines, multiple production lines, and in multiple locales. These types of analyses and decisions can only be carried out centrally.

There is no single “ideal” architectural. The power of the Internet of Things is in the ability to form a flexible decision-making architecture, and to move analytics and decision making as needed between edge devices (for example, for real-time control), and centralized cloud applications such as fleet optimization.

In my book The Outcome Economy: How the Industrial Internet of Things is Transforming Every Business, I propose a taxonomy of IoT devices, which can serve to determine the level of decision-authority that should be given to different edge devices.  The following is a shorter version of this taxonomy description.

Activity-Aware Devices

The basic building blocks of the Industrial IoT are single-task devices such as sensors, pumps, valves, and motors. These devices can measure and send discrete pieces of information (a sensor) or respond to a simple on/off command (a pump, a valve, or a motor).

An activity-aware object “understands” the physical world in terms of event and activity streams, where each event or activity is directly related to the task the object is to perform: turn on, measure, etc.

The operating model of activity-aware devices is typically a simple linear sequence of data collection and processing functions, such as a time or state series. These devices primarily measure and log data, but do not provide interactive, analytic, or self-governance capabilities.

Policy-Aware Devices

A policy-aware device is an activity-aware object with an embedded policy model. A policy-aware device can sense and interpret events and activities and respond to them based on predefined operational and organizational policies.

The governance model of policy-aware devices consists of application-specific policies expressed as a set of rules that operate on event and activity streams to create actions. The model provides context-sensitive information about event handling and work-activity performance. In particular, it can issue warnings and alerts if it’s unable to comply with the policy or the operating model.

Many industrial devices, even simple ones, are policy-aware devices. For example, a thermostat in a cold-chain application is commanded to maintain a certain ambient temperature range. In other words, the thermostat has an autonomous decision-making capability to enable it to comply with the policy. An air-conditioning unit and an alarm system are other examples of policy-aware devices.

Process-Aware Devices

A process is a collection of related activities that are sequenced in time and space to accomplish a task or a combination of tasks. Process execution rules can be included for dynamic recombination of activities to support a broader range of interrelated activities, tasks, and sub-tasks, and have greater event-handling agility and decision capacity.

A process-aware device is aware of and “understands” the organizational processes that it is a part of. Moreover, it is also aware of other devices in its subnetwork operating in tandem to implement the process and can relate the occurrence of real-world activities and events of these processes to the user.

Cold-chain logistics, process automation and control, robots, and manufacturing execution systems (MES) are examples of process-aware applications.

The application model of process-aware objects is built around a dynamic context-aware workflow model that defines timing and ordering of work activities. Work processes (that is, sequence and timing of activities and events) communicate with others to accomplish predefined, high-level tasks.

Not Everything Than Can Be Connected, Should Be

Every industry survey stresses security concerns as one of the top hurdles in the way of broad adoption, and the publicity of IoT-generated DDoS attacks, which impacted both businesses and individuals, will further erode the confidence of consumers and corporations alike. There’s probably very little damage in curbing the enthusiasm of those that marvel the vision of connected refrigerators and toasters, but the participants in the Industrial IoT and the connected infrastructure overall, should intensify the conversation about standardization, certification and registration, and the delicate balance between enforcement and enticement.

These conversations are critical, but, as stated before, are not limited in scope to the Internet of Things.

While we work to encourage the use of standards, best practices, and better technology, let’s remember that not everything than can be connected, should be.  Let’s focus on valuable scenarios rather than the digital chatting between coffee pots and toasters.

(Portions of this articles are from The Outcome Economy: How the Industrial Internet of Things is Transforming Every Business)

Read more…

How insecurity is damaging the IoT industry

internet of things

Guest post by Ben Dickson. This story originally appeared here

The Internet of Things (IoT) is often hyped as the next industrial revolution—and it’s not an overstatement. Its use cases are still being discovered and it has the potential to change life and business as we know it today. But as much as IoT is disruptive, it can also be destructive, and never has this reality been felt as we’re feeling it today.

On Friday, a huge DDoS attack against Dyn DNS servers led to the majority of internet users in the U.S. east coast being shut off from major websites such as Twitter, Amazon, Spotify, Netflix and PayPal.

The culprit behind the attack was a huge botnet. Botnets are armies of zombie computers, vulnerable devices secretly compromised by hackers, which are silently doing the bidding of their masters, the botlords, without their true owners knowing about it.

While botnets and DDoS attacks are nothing new and have been around for a while, the advent and propagation of IoT devices has led to their chaotic growth. There are now millions of vulnerable IoT devices that are easier to access and even easier to hack than, say, computers and tablets that are packed with anti-virus software. That’s why IoT botnets are fast becoming a favorite for bot herders and a real threat for the cybersecurity industry. Put in another way, they are democratizing censorship by enabling any hacker with minimal resources to launch government-level DDoS attacks and bring down sites they don’t like.

This is sad news for the IoT industry. It is now evident more than ever that the IoT industry is in a mess, and it’s going to take more than individual efforts to fix it.

The problem, as I see it, is that all the parties that are directly—or indirectly—involved are either ignorant about security issues or have other priorities.

For their part, manufacturers are too focused on shipping feature-complete devices rather than creating secure and reliable products. After all, the IoT industry is in its gold rush era, and everyone is in a hurry to climb the bandwagon and grab a larger piece of the pie.

And that’s how security concerns take a backseat row in IoT development while timing and costs become prominent.

But why are the manufacturers getting away with their incompetence at securing IoT devices? Because others—namely consumers—couldn’t care less. As the manufacturers will tell you, customers don’t buy security, they buy functionality. They want something that works in an install-and-forget model and don’t want to be pestered with security procedures and practices such as password resets and software updates—and costs for things they can’t directly see with their eyes.

As for governments, they’re concerned about the security of IoT, but they’re not doing enough to regulate it and compel companies to vet their products for security and resilience against attack. The only novel and honest efforts we’ve seen so far include initiatives such as the IoT Security Foundation, but there’s only so much a single organization can do when it’s dealing with billions of potentially vulnerable devices and deaf ears that won’t listen to the voice of reason.

And here we are, almost on the brink of IoT devices outnumbering humans, and already devices of our own making are being used to deny us access to our most vital services and needs.

Friday’s spate of IoT-powered DDoS attacks should serve as a wake-up call, not only for IoT manufacturers, adopters and consumers, but for everyone. Many of the people who were affected by the attacks didn’t even know what IoT is.

So whether you care about IoT or not, it’s in your interest to see it secured.

And as much as I love IoT, I’m sad to see the industry destroying itself.

So what’s the solution? I like the thoughts shared by Bruce Schneier in this Vice Motherboard article, and I’d like to build on those to raise the following points, very concisely:

  • Manufacturers should make security an inherent part of their development cycle. Security shouldn’t come as an afterthought but as an integral part of building any IoT or other connected device. And I’ve said this a million times.
  • Consumers should take their own security more seriously. Our lives are becoming more connected than before. Internet services and resources are more vital to our daily tasks than any other time in history. So we should be more vigilant about the integrity of the devices that are being connected to the internet and hold their manufacturers to account for the security shortcomings. (Security developer Edward Robles has shared some interesting thoughts on how we should change our mindsets toward security in this guest post.)
  • Governments must play a more active role in regulating and controlling IoT security. Standards must be set to make sure every single device that is shipped to the market and connected to the internet complies with a set of security standards and punish organizations that do not abide by the rules.

Of course, no single government can control the security of all the devices being connected to the internet. I’m thinking about a solution based on blockchain technology that will create a global answer to vetting IoT devices for security. I’ll write about it in the future.

What’s urgent is to have a concerted and unified effort to fix the messy state of IoT security. Today, we’re dealing with DDoS attack. Tomorrow, it could be something worse.

There’s no putting the genie back in the bottle. For better or for worse, IoT will transform our future. Let’s work together to make sure it’s going to be the former and not the latter.

How do you think we should deal with IoT security problems? Share in the comments section.

Read more…

Do not stop asking for security in IoT

Almost three years ago, I wrote in my IoT blog  the posts “Are you prepared to answer M2M/IoT security questions of your customers ?. and “There is no consensus how best to implement security in IoT” given the importance that Security has to fulfil the promise of the Internet of Things (IoT).

And during this time I have been sharing my opinion about the key role of IoT Security with other international experts in articles “What is the danger of taking M2M communications to the Internet of Things?, and events (Cycon , IoT Global Innovation Forum 2016).

The Security has been always a tradeoff between cost and benefit

I am honest when I say that I do not known how McKinsey gets calculate the total impact that IoT will have on the world economy in 2025, even on one of the specific sectors, and if they had taking into account the challenge of the Security, but it hardly matters: “The opportunities generated by IoT far outweigh the risks”.

With increased IoT opportunity comes increased security risks and a flourishing IoT Security Market (According with Zion Research the IoT Security Market will growth to USD 464 million in 2020).

A decade of breaches and the biggest attack target yet is looming

We all know the negative impact that news about cyber-attacks has in the society and enterprises. In less than a decade and according to Data Source: ICS- CERT (US) have gone from 39 incidents in 2010 to 295 incidents in 2015.

In a survey published by ATT, the company has logged a 458% increase in vulnerability scans of IoT devices in the last 2 years.

It is a temptation for hackers to test their skills in connected objects, whether connected cars or smart homes appliances. But I'm afraid they will go far beyond attacking smart factories, or smart transportation infrastructure or smart grids.

With the millions of unprotected devices out there, the multitude of IoT networks, IoT Platforms, and developers with lack of security I am one more that believes the biggest attack target yet is looming.

 New Threats

With the Internet of Things, we should be prepared for new attacks and we must design new essential defences.

The complex IoT Security Threat Map from Beecham Research provides an overlayed summary of the full set of threat and vulnerability analyses that is used to help clients shape their strategies. This Threat Map “summary” many of the top 5 features from each of those analyses.

1.       external threats and the top internal vulnerabilities of IoT applications

2.       the needs for robust authentication & authorisation & confidentiality

3.       the features and interactions between multiple networks used together in IoT;

4.       the complexities of combining Service Sector optimised capabilities of differing Service Enablement Platforms;

5.       the implementation and defences of edge device operating systems, chip integration and the associated Root of Trust.

 New Vulnerabilities

The OWASP Internet of Things Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies.

The project looks to define a structure for various IoT sub-projects such as Attack Surface Areas, Testing Guides and Top Vulnerabilities. Bellow the top IoT Vulnerabilities.

 Subex white paper presenting their IoT solution add some real examples of  these vulnerabilities.

Insecure Web Interface: To exploit this vulnerability, attacker uses weak credentials or captures plain text credentials to access web interface. The impact results in data loss, denial of service and can lead to complete device take over. An insecure web interface was exploited by hackers to compromise Asus routers in 2014 that were shipped with default admin user name and password.

Insufficient Authentication/Authorization: Exploitation of this vulnerability involves attacker brute forcing weak passwords or poorly protected credentials to access a particular interface. The impact from this kind of attack is usually denial of service and can also lead to compromise of device. This vulnerability was exploited by ethical hackers to access head unit of Jeep Cherokee2 via WiFi-connectivity. The WiFi password for Jeep Cherokee unit is generated automatically based upon the time when car and head unit is started up. By guessing the time and using brute force techniques, the hackers were able to gain access to head unit.

Insecure Network Services: Attacker uses vulnerable network services to attack the device itself or bounce attacks off the device. Attackers can then use the compromised devices to facilitate attacks on other devices. This vulnerability was exploited by hackers that used 900 CCTV cameras3 globally to DoS attack a cloud platform service.

Lack of Transport Encryption: A lack of transport encryption allows 3rd parties to view data transmitted over the network. The impact of this kind of attack can lead to compromise of device or user accounts depending upon the data exposed. This weakness was exhibited by Toy Talk’s server domain which was susceptible to POODLE attack. Toy Talk helps Hello Barbie doll4 to talk to a child by uploading the words of a child to server and provide appropriate response after processing it. Though there was no reported hack on this, such a vulnerability could easily lead to one.

Privacy Concerns: Hackers use different vectors to view and/or collect personal data which is not properly protected. The impact of this attack is collection of personal user data. This vulnerability was exemplified by the VTech hack5 wherein in hackers were able to steal personal data of parents as well as children using VTech’s tablet.

Who owns the problem?

With the IoT we are creating a very complicated supply chain with lots of stakeholders so it's not always clear 'who owns the problem'. By way of an example with a simple home application and not Super Installers around; if you buy a central heating system and controller which requires you to push a button to increase the temperature then if it stops working you contact the company who supplied it. But if you buy a central heating boiler from one company, a wireless temperature controller from another, download a mobile App from another and have a weather station from another supplier then whose job is it to make sure it's secure and reliable? The simple cop-out is to say 'the homeowner bought the bits and connected them together therefore it's their responsibility' – well I'm sorry but that isn't good enough! 

Manufacturers can't simply divest themselves of responsibility simply because the home owner bought several component parts from different retailers. As a manufacturer you have a responsibility to ensure that your product is secure and reliable when used in any of the possible scenarios and use cases which means that manufacturers need to work together to ensure interoperability – we all own the problem!

This might come as a shock to some companies/industries but at some level even competitors have to work together to agree and implement architectures and connectivity that is secure and reliable. Standardization is a good example of this, if you look at the companies actively working together in ISO, ETSI, Bluetooth SIG etc. then they are often fierce competitors but they all recognize the need to work together to define common, secure and reliable platforms around which they can build interoperable products.  

If Cybersecurity is already top of mind for many organizations, is justified the alarm of lack of security in IoT?

In this three last years of evangelization of IoT, it has been no event or article not collect questions or comments on IoT Security and Privacy.

The good news is that according with the ATT State of IoT Security survey 2015, 85% of global organizations are considering exploring or implementing an IoT strategy but the bad news is that only 10% are fully confident that their connected devices are secure.

Source: ATT State of IoT Security survey 2015

And if we consider the report of Auth0, it scares me that only 10% of developers believe that most IoT devices on the market right now have the necessary security in place.

 

Source: Auth0

In a publication from EY titled “Cybersecurity and the IoT”, the company define three Stages to classify the current status of organizations in the implementation of IoT Security.

Stage 1: Activate

Organizations need to have a solid foundation of cybersecurity. This comprises a comprehensive set of information security measures, which will provide basic (but not good) defense against cyber-attacks. At this stage, organizations establish their fundamentals — i.e., they “activate” their cybersecurity.

Stage 2: Adapt

Organizations change — whether for survival or for growth. Threats also change. Therefore, the foundation of information security measures must adapt to keep pace and match the changing business requirements and dynamics otherwise they will become less and less effective over time. At this stage, organizations work to keep their cybersecurity up-to-date; i.e., they “adapt” to changing requirements.

Stage 3: Anticipate

Organizations need to develop tactics to detect and detract potential cyber-attacks. They must know exactly what they need to protect their most valuable assets, and rehearse appropriate responses to likely attack/incident scenarios: this requires a mature cyber threat intelligence capability, a robust risk assessment methodology, an experienced incident response mechanism and an informed organization. At this stage, organizations are more confident about their ability to handle more predictable threats and unexpected attacks; i.e., they anticipate cyber-attacks.

 

What enterprises needs to do

If you are thinking only in the benefits of IoT without consider the Security as a key component in your strategy you will probably regret very soon. Here below some recommendations either before start your IoT journey or if you are already started. Hope is not too late for wise advices.

Key Takeaways

With the proliferation and variety of IoT Devices, IoT Networks, IoT Platforms, Clouds, and applications, during the next few years we will see new vulnerabilities and a variety of new attacks. The progress in the security technologies and processes that prevent them will be key for the adoption of IoT in enterprises and consumers.

In the future Internet of Things world an end to end security approach to protect physical and digital assets. The ecosystems of this fragmented market must understand the need of Security by Design and avoid the temptation to reduce cost at the expense of the security.

Do not stop asking for security when you buy a connected product or use an IoT Service, the temptation of time to market, competitive prices and the lack of resources must not be an excuse to offer secure IoT solutions to enterprises, consumers and citizens.

 

Thanks in advance for your Likes and Shares

Thoughts ? Comments ?

Read more…

As if the Internet of Things (IoT) was not complicated enough, the Marketing team at Cisco introduced its Fog Computing vision in January 2014, also known as Edge Computing  for other more purist vendors.

Given Cisco´s frantic activity in their Internet of Everything (IoE) marketing campaigns, it is not surprising that many bloggers have abused of shocking headlines around this subject taking advantage of the Hype of the IoT.

I hope this post help you better understand what is  the role of Fog Computing  in the IoT Reference Model and how companies are using IoT Intelligent gateways in the Fog to connect the "Things" to the Cloud through some applications areas and examples of Fog Computing.

The problem with the cloud

As the Internet of Things proliferates, businesses face a growing need to analyze data from sources at the edge of a network, whether mobile phones, gateways, or IoT sensors. Cloud computing has a disadvantage: It can’t process data quickly enough for modern business applications.

The IoT owes its explosive growth to the connection of physical things and operation technologies (OT) to analytics and machine learning applications, which can help glean insights from device-generated data and enable devices to make “smart” decisions without human intervention. Currently, such resources are mostly being provided by cloud service providers, where the computation and storage capacity exists.

However, despite its power, the cloud model is not applicable to environments where operations are time-critical or internet connectivity is poor. This is especially true in scenarios such as telemedicine and patient care, where milliseconds can have fatal consequences. The same can be said about vehicle to vehicle communications, where the prevention of collisions and accidents can’t afford the latency caused by the roundtrip to the cloud server.

“The cloud paradigm is like having your brain command your limbs from miles away — it won’t help you where you need quick reflexes.”

Moreover, having every device connected to the cloud and sending raw data over the internet can have privacy, security and legal implications, especially when dealing with sensitive data that is subject to separate regulations in different countries.

IoT nodes are closer to the action, but for the moment, they do not have the computing and storage resources to perform analytics and machine learning tasks. Cloud servers, on the other hand, have the horsepower, but are too far away to process data and respond in time.

The fog layer is the perfect junction where there are enough compute, storage and networking resources to mimic cloud capabilities at the edge and support the local ingestion of data and the quick turnaround of results.

The variety of IoT systems and the need for flexible solutions that respond to real-time events quickly make Fog Computing a compelling option.

The Fog Computing, Oh my good another layer in IoT!

A study by IDC estimates that by 2020, 10 percent of the world’s data will be produced by edge devices. This will further drive the need for more efficient fog computing solutions that provide low latency and holistic intelligence simultaneously.

“Computing at the edge of the network is, of course, not new -- we've been doing it for years to solve the same issue with other kinds of computing.”

The Fog Computing or Edge Computing  is a paradigm championed by some of the biggest IoT technology players, including Cisco, IBM, and Dell and represents a shift in architecture in which intelligence is pushed from the cloud to the edge, localizing certain kinds of analysis and decision-making.

Fog Computing enables quicker response times, unencumbered by network latency, as well as reduced traffic, selectively relaying the appropriate data to the cloud.

The concept of Fog Computing attempts to transcend some of these physical limitations. With Fog Computing processing happens on nodes physically closer to where the data is originally collected instead of sending vast amounts of IoT data to the cloud.

Photo Source: http://electronicdesign.com/site-files/electronicdesign.com/files/uploads/2014/06/113191_fig4sm-cisco-fog-computing.jpg

The OpenFog Consortium

The OpenFog Consortium, was founded on the premise based on open architectures and standards that are essential for the success of a ubiquitous Fog Computing ecosystem.

The collaboration among tech giants such as ARM, Cisco, Dell, GE, Intel, Microsoft and Schneider Electric defining an Open, Interoperable Fog Computing Architecture is without any doubt good news for a vibrant supplier ecosystem.

The OpenFog Reference Architecture is an architectural evolution from traditional closed systems and the burgeoning cloud-only models to an approach that emphasizes computation nearest the edge of the network when dictated by business concerns or critical application the functional requirements of the system.

The OpenFog Reference Architecture consists of putting micro data centers or even small, purpose-built high-performance data analytics machines in remote offices and locations in order to gain real-time insights from the data collected, or to promote data thinning at the edge, by dramatically reducing the amount of data that needs to be transmitted to a central data center. Without having to move unnecessary data to a central data center, analytics at the edge can simplify and drastically speed analysis while also cutting costs.

Benefits of Fog Computing

  • ·         Frees up network capacity - Fog computing uses much less bandwidth, which means it doesn't cause bottlenecks and other similar occupancies. Less data movement on the network frees up network capacity, which then can be used for other things.
  • ·         It is truly real-time - Fog computing has much higher expedience than any other cloud computing architecture we know today. Since all data analysis are being done at the spot it represents a true real time concept, which means it is a perfect match for the needs of Internet of Things concept.
  • ·         Boosts data security - Collected data is more secure when it doesn't travel. Also makes data storing much simpler, because it stays in its country of origin. Sending data abroad might violate certain laws.
  • ·         Analytics is done locally- Fog computing concept enables developers to access most important IoT data from other locations, but it still keeps piles of less important information in local storages;
  • ·         Some companies don't like their data being out of their premises- with Fog Computing lots of data is stored on the devices themselves (which are often located outside of company offices), this is perceived as a risk by part of developers' community.
  • ·         Whole system sounds a little bit confusing- Concept that includes huge number of devices that store, analyze and send their own data, located all around the world sounds utterly confusing.

Disadvantages of Fog Computing

Read more: http://bigdata.sys-con.com/node/3809885

Examples of Fog Computing

The applications of fog computing are many, and it is powering crucial parts of IoT ecosystems, especially in industrial environments. See below some use cases and examples.

  • Thanks to the power of fog computing, New York-based renewable energy company Envision has been able to obtain a 15 percent productivity improvement from the vast network of wind turbines it operates. The company is processing as much as 20 terabytes of data at a time, generated by 3 million sensors installed on the 20,000 turbines it manages. Moving computation to the edge has enabled Envision to cut down data analysis time from 10 minutes to mere seconds, providing them with actionable insights and significant business benefits.
  • Plat One is another firm using fog computing to improve data processing for the more than 1 million sensors it manages. The company uses the Cisco-ParStream platform to publish real-time sensor measurements for hundreds of thousands of devices, including smart lighting and parking, port and transportation management and a network of 50,000 coffee machines.
  • In Palo Alto, California, a $3 million project will enable traffic lights to integrate with connected vehicles, hopefully creating a future in which people won’t be waiting in their cars at empty intersections for no reason.
  • In transportation, it’s helping semi-autonomous cars assist drivers in avoiding distraction and veering off the road by providing real-time analytics and decisions on driving patterns.
  • It also can help reduce the transfer of gigantic volumes of audio and video recordings generated by police dashboard and video cameras. Cameras equipped with edge computing capabilities could analyze video feeds in real time and only send relevant data to the cloud when necessary.

See more at: Why Edge Computing Is Here to Stay: Five Use Cases By Patrick McGarry  

What is the future of fog computing?

The current trend shows that fog computing will continue to grow in usage and importance as the Internet of Things expands and conquers new grounds. With inexpensive, low-power processing and storage becoming more available, we can expect computation to move even closer to the edge and become ingrained in the same devices that are generating the data, creating even greater possibilities for inter-device intelligence and interactions. Sensors that only log data might one day become a thing of the past.

Janakiram MSV  wondered if Fog Computing  will be the Next Big Thing In Internet of Things? . It seems obvious that while cloud is a perfect match for the Internet of Things, we have other scenarios and IoT solutions that demand low-latency ingestion and immediate processing of data where Fog Computing is the answer.

Does the fog eliminate the cloud?

Fog computing improves efficiency and reduces the amount of data that needs to be sent to the cloud for processing. But it’s here to complement the cloud, not replace it.

The cloud will continue to have a pertinent role in the IoT cycle. In fact, with fog computing shouldering the burden of short-term analytics at the edge, cloud resources will be freed to take on the heavier tasks, especially where the analysis of historical data and large datasets is concerned. Insights obtained by the cloud can help update and tweak policies and functionality at the fog layer.

And there are still many cases where the centralized, highly efficient computing infrastructure of the cloud will outperform decentralized systems in performance, scalability and costs. This includes environments where data needs to be analyzed from largely dispersed sources.

“It is the combination of fog and cloud computing that will accelerate the adoption of IoT, especially for the enterprise.”

In essence, Fog Computing allows for big data to be processed locally, or at least in closer proximity to the systems that rely on it. Newer machines could incorporate more powerful microprocessors, and interact more fluidly with other machines on the edge of the network. While fog isn’t a replacement for cloud architecture, it is a necessary step forward that will facilitate the advancement of IoT, as more industries and businesses adopt emerging technologies.

'The Cloud' is not Over

Fog computing is far from a panacea. One of the immediate costs associated with this method pertains to equipping end devices with the necessary hardware to perform calculations remotely and independent of centralized data centers. Some vendors, however, are in the process of perfecting technologies for that purpose. The tradeoff is that by investing in such solutions immediately, organizations will avoid frequently updating their infrastructure and networks to deal with ever increasing data amounts as the IoT expands.

There are certain data types and use cases that actually benefit from centralized models. Data that carries the utmost security concerns, for example, will require the secure advantages of a centralized approach or one that continues to rely solely on physical infrastructure.

Though the benefits of Fog Computing are undeniable, the Cloud has a secure future in IoT for most companies with less time-sensitive computing needs and for analysing all the data gathered by IoT sensors.

 

Thanks in advance for your Likes and Shares

Thoughts ? Comments ?

Read more…

The IoT has a big security problem. We've discussed it here, here and here. Adding to these woes is a new report on the Top 10 Internet of Radios Vulnerabilities. Yes, radios...because IoT so much more than data, networking, software, analytics devices, platforms, etc. When you're not hardwired, radio is the only thing keeping you connected. The findings come from Bastille who, like many vendors, has a clear commercial, self-serving interest in the findings, but nonetheless, the study is interesting given the fact that the largest DDoS attack ever was executed using "dumb" connected devices. Bastille defines the Internet of Radios as the combination of mobile, wireless, bring your own device (BYOD), and Internet of Things (IoT) devices operating within the radio frequency (RF) spectrum.

The vulnerabilities are:  

  1. Rogue Cell Towers (‘Stingrays’, ‘IMSI Catchers’)
  2. Rogue Wi-Fi HotSpots
  3. Bluetooth Data Exfiltration (tethering)
  4. Eavesdropping/Surveillance Devices (e.g. conference room bugs)
  5. Vulnerable Wireless Peripherals (mice/keyboard)
  6. Unapproved Cellular Device Presence
  7. Unapproved Wireless Cameras
  8. Vulnerable Wireless Building Controls
  9. Unapproved IoT Emitters
  10. Vulnerable Building Alarm Systems

In addition to the Top 10 list, Bastille has released results of the “Bastille Internet of Radios Security Poll.” Nearly 300 global professionals took part in the poll, offering a snapshot into enterprise awareness and preparedness of Internet of Radios threats in the workplace. The poll was conducted July 26–August 3, 2016 and was comprised of visitors to the Bastille, KeySniffer and MouseJack websites. The majority of respondents (69%) reported they were employed in the IT and cybersecurity industries. Key takeaways:

  • 78% of respondents believe the threat from the Internet of Radios will increase in the next 12 months.
  • 50% of respondents believe IoT devices are already impacting security.
  • 51% of respondents say their companies have adopted a BYOD policy, but only 24% say the policy is strictly enforced.
  • 42% of respondents say their organization has not implemented a BYOD policy at all.
  • 47% of respondents say their organization is not currently using a Mobile Device Management (MDM) system, compared to 41% that already have one in place.

 Photo Credit: Sergio Sena 

Read more…

5 Steps to Creating a Secure Smart Home

First came smartphones, equipped with the ability to set alarms and calendar notifications, reminders, and other convenient apps and services to make our lives easier. Taking that a step further are “smart homes” or automated homes, which allow users to remotely control devices in the home such as lights, televisions, and even toilets and water pumps, using a smartphone or computer. Aside from remote control, however, smart systems in homes can also help make the home more adaptable. For example, Nest is a smart system that learns the home’s inhabitants’ schedules and preferences to heat or cool the house for maximum efficiency and comfort. Sounds great, right? Many people think so, which is why the industry is projected to keep growing quickly from 48 billion in 2012 to an estimated $115 billion by 2019

Smart homes are among the first steps toward mass adoption of the Internet of Things (electronic devices connected to both the Internet and to each other for data collection and sharing), but there are some major security concerns involved with their implementation. Kashmir Hill, a writer for Forbes, revealed that she was able to access 8 smart home systems simply by searching for a list of the homes on Google. The company that had set up these homes did not require a username or password, allowing Hill to start monkeying with the homes’ lights and other devices at once. After alerting the owners to the real security risks implicated by these readily-available controls, Hill did some more research on the security of smart homes—and found out that precautions had been less than stellar in protecting homes from cybercrime.

The Threat of Cybercrime

Neglecting to add password protection and allowing the controls to show up in search engines were a combination of user and company error, but Insteon, which installed these systems, hasn’t improved their systems that much. Security professionals revealed it would be easy to hack the passwords, making homes vulnerable to cybercrime. Security issues are a major worldwide problem, with 80-90 million cybersecurity events per year, 70% of which go undetected. Because attacks on smart homes leave families vulnerable to both identity theft and physical intrusion, a solid cybersecurity system is an absolute must. Here are 5 tips for creating a secure smart home and avoiding breaches.

1. Choose the Right Company

As security experts discovered, thwarting hackers isn’t at the top of many companies’ to-do list when putting out smart home systems. As a consumer, it’s important to shop around and ask questions about the systems’ security to ensure adequate measures have been taken to make sure it’s difficult for hackers to access the homes’ devices. Ask about password protection, encryption use, and how data is collected, used, and stored.

2. Set Up Basic Security

As a smart home owner, you’ll need to be sure that your devices can’t be accessed by strangers with ease. Take a look at the credentials required for each app and portal that can access your devices, and change any default PIN numbers and passwords to reduce the chance that an unauthorized person could access your data. Ensuring your security configurations are correct is essential to a strong smart home security system. Finally, firewall and anti-virus software will help keep your home safe. Your WiFi security should be strong as well, though it’s a myth that smart devices can only be access on the home’s WiFi systems. 

3. Use Biometrics and Wearables

Biometrics are extremely helpful in creating strong security systems. Fingerprint scanning, facial or voice recognition, and even heart rate variability from wearable smart devices can help to enhance security and ensure that no one but the main user has access to systems and devices unless granted permission. 

4. Keep Smart Devices Updated

Updating computer systems can be a pain, but not keeping up with these security updates can leave devices vulnerable to attack. Keep all your devices up to date, including both your homes’ devices, and the devices you use to control them. 

5. Install Alerts 

There are applications available that can alert users if there has been an unauthorized attempt to access a connected device. It’s a good idea to install one of these apps (choosing an option that will allow alerts to be accepted or declined when triggered) to help monitor the activity on your smart home system. 

An Exciting Development 

As the technology advances, smart homes will become more and more useful to their inhabitants, providing personalization and reminders that can enhance everyday life. However, security risks involved with these systems are ever-present, and careful precautions should be taken to avoid attacks. Don’t be a victim of theft—consider cybersecurity carefully when updating your home.  

Read more…

Over on MotherBoard, noted cryptographer, computer security and privacy specialist, and writer, Bruce Schneier pens his thoughts on the recent gaping holes in security for Internet connected devices. When Bruce speaks, people listen. 

First, if you haven't been following the recent DDoS attacks using IoT devices, read this. In short, IoT devices have been comprised to attack networks. 

It's so bad that Bruce is calling out the IoT market for failing to secure their devices and machines that connect to the Internet and is asking for government intervention.

He writes:

What this attack demonstrates is that the economics of the IoT mean that it will remain insecure unless government steps in to fix the problem. This is a market failure that can't get fixed on its own.

He continues that security has been built into many our computers and smartphones because there is money to invest in security, the same can't be said for low margin embedded systems like digital video recorders or home routers. Security is not their expertise. Even worse, he adds, most of these devices don't have any way to be patched.

He argues the market can't fix this because neither the buyer nor the seller cares. Government must step in and solve the problem says, Schneier.

What do you think?

Full article on Motherboard here

 

Read more…

EDITOR'S NOTE: This story originally appeared on the A10 Networks blog.

A pair of distributed denial-of-service (DDoS) attacks against high-profile targets last week rank among the largest DDoS attacks on record. And a common thread has emerged: these attacks are leveraging botnets comprising hundreds of thousands of unsecured Internet of Things (IoT) devices.

OVH attack reaches 1 Tbps

European Web hosting company OVH confirmed last week that it suffered a string of DDoS attacks that neared the 1 Tbps mark. On Twitter, OVH CTO Octave Klaba said the attacks OVH suffered were “close to 1 Tbps” and noted that the flood of traffic was fueled by a botnet made up of nearly 150,000 digital video recorders and IP cameras capable of sending 1.5 Tbps in DDoS traffic. Klaba said OVH servers were hit by multiple simultaneous attacks exceeding 100 Gbps each, totaling more than 1 Tbps. The most severe single attacks that was documented by OVH reached 93 million packets-per-second (mpps) and 799 Gbps.

SC Magazine UK quoted security researcher Mustafa Al-Bassam as saying the DDoS attack against OVH is “the largest DDoS attack ever recorded.”

Krebs gets slammed

The OVH attack came on the heels of another gargantuan DDoS incident, this one targeting respected cybersecurity blog Krebsonsecurity.com, which knocked the site offline for several hours.

“The outage came in the wake of a historically large distributed denial-of-service (DDoS) attack which hurled so much junk traffic at Krebsonsecurity.com that my DDoS protection provider Akamai chose to unmoor my site from its protective harbor,” Brian Krebs wrote, adding that he has since implemented DDoS protection from Google’s Project Shield.

The attack on Krebs clocked in at a massive 620 Gbps in size, which is several orders of magnitude more traffic than is typically necessary to knock most websites offline.

SecurityWeek reported that Krebs believes the botnet used to target his blog mostly consists of IoT devices — perhaps millions of them — such as webcams and routers that have default or weak credentials.

“There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called ‘Internet of Things,’ (IoT) devices — mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords,” Krebs wrote.

Reports indicate that the attack was in response to Krebs reporting on and exposing vDOS, a service run by two Israelis who were offering a DDoS-as-a-Service play and were arrested after Krebs’ story was published.

IoT insecurity

Security researchers have warned that improperly secured IoT devices are more frequently being used to launch DDoS attacks. Symantec last week noted that hackers can easily hijack unsecured IoT devices due to lack of basic security controls and add them to a botnet, which they then use to launch a DDoS attack.

“Poor security on many IoT devices makes them soft targets and often victims may not even know they have been infected,” Symantec wrote. “Attackers are now highly aware of lax IoT security and many pre-program their malware with commonly used and default passwords.”

And while DDoS attacks remain the main purpose of IoT malware, Symantec warned that the proliferation of devices and their increased processing power may create new ways for threat actors to leverage IoT, such as cryptocurrency mining, information stealing and network reconnaissance.

 

Read more…

Guest blog post by Bill Vorhies

Summary:  Deep learning and Big Data are being adopted in law enforcement and criminal justice at an unprecedented rate.  Does this scare you or make you feel safe?

 

When you read the title, whether your mind immediately went for the upstairs “H” or the downstairs “H” probably says something about whether the new applications of Big Data in law enforcement let you sleep like a baby or keep you up at night. 

You might have thought your choice of “H” related to whether you’ve been on the receiving end of Big Data in law enforcement but the fact is that practically all of us have, and for those who haven’t it won’t take much longer to reach you.

There is an absolute explosion in the use of Big Data and predictive analytics in our legal system today driven by the latest innovations in data science and by some obvious applications.

It hasn’t always been so.  In the middle 90s I was part of the first wave trying to convince law enforcement to adopt what was then cutting edge data science.  At the time that was mostly GIS analysis combined with predictive analytics to create what we called predictive policing.  That is predicting where and at what time of day crime of each type was most likely to occur so that manpower could be effectively allocated.  Seems so quaint now.  It was actually quite successful but the public sector had never been quick to adapt to new technology so there weren’t many takers.

That trend about slow adoption has changed.  So while accelerating the usage of advanced analytics to keep the peace may keep some civil libertarians up at night, it’s coming faster than ever, and it’s our most advanced techniques in deep learning that are driving it.

By now you’ve probably figured out the deep learning is best used for three things: image recognition, speech recognition, and text processing.  Here are two stories illustrating how this is impacting law enforcement.

 

Police Ramp Up Scrutiny Over On Line Threats

The article by this title appeared in the July 20 WSJ.  Given what’s been happening recently both internationally and at home most of us probably applaud the use of text analytics to monitor for early warning signs of home grown miscreants.  The article states “In the past two weeks at least eight people have been arrested by state and federal authorities for threats against police posted on social media”.  It remains to be seen if these will turn into criminal prosecutions and how this will play out against 1st Amendment rights but as a society we seem to be OK for trading a little of one for more of the other.

It’s always in the back of our minds whether this is Facebook, Twitter, Apple, Google and the others actively cooperating in undisclosed programs to aid the police, but this article specifically calls out the fact that the police were the ones doing the monitoring.  Whether they’ve built these capabilities in-house or are using contractors isn’t clear.  What is clear is that advanced text analytics and deep learning were the data science elements behind it.

 

Taser – the Data Science Company

The second example comes from an article in Business Week’s July 18 issue, “Will a Camera on Every Cop Help Save Lives or Just Make a Tech Company Richer”.  

Taser – a tech company?  When I think about Taser, the maker of the ubiquitous electric stun gun, I am much more likely to associate them with Smith & Wesson than with Silicon Valley and apparently I couldn’t be more wrong.

In short the story goes like this.  In the 90s Taser dominated the market for non-lethal police weapons to provide better alternatives for a wide variety of incidents where bullets should not be the answer.  By the 2000s Taser had successfully saturated that market and its next big opportunity came from the unfortunate Ferguson Mo. unrest. 

That opportunity turned out to be wearable cameras.  Although the wearable police cameras date back to about 2008 there really hadn’t been much demand until the public outcry for transparency in policing became overwhelming.

Taser now also dominates the wearable camera market.  Like its namesake stun gun however, sales of Tasers or wearable cameras are basically a one-and-done market.  Once saturated, it offers only replacement sales, not a robust model for corporate expansion.  So far this sounds more like a story about a hardware company than a data science tech company and here’s the transition.

The cameras are producing huge volumes of video images that need to be preserved at the highest levels of chain-of-evidence security for use in criminal justice proceedings.  Taser bought a startup in the photo sharing space and adapted it to their new flagship product Evidence.com, a subscription based software platform now positioned as a ‘secure cloud-based solution’.

According the BW article, “4.6 Petabytes of video have been uploaded to the platform, an amount comparable to Netflix’s entire streaming catalogue”.  Taser is a major customer of MS Azure. And for police departments that have adopted, video is now reported to be presented as evidence in 20% to 25% of cases.

But this story is not just about storing recorded video.  It is about how police and prosecutors have become overwhelmed with the sheer volume of ‘video data’ and the need to simplify and speed access.  The answer is image recognition driven by deep learning.  Taser now earns more than ¾ ths of its revenue from its Evidence.com platform and is rapidly transforming from hardware to app to data science company to answer the need for easier, faster, more accurate identification of relevant images.

 

The Direction Forward

You already know about real-time license plate scanners mounted on patrol cars that are able to automatically photograph license plates without operator involvement, transmit the scan to a central database, and return information in real time about wants and warrants associated with that vehicle.

What Taser and law enforcement say is quite close is a similar application using full time video from police-wearable cameras combined with facial recognition.  Once again those civil liberties questions will have to be answered but there’s no question that this application of data science will make policing more effective.

About those huge volumes of videos and the need to recognize faces and images.  There are plenty of startups that will benefit from this and many with products already in commercial introduction.  Here’s a sampling.

Take a look at Nervve Technologies whose byline is “Visual search insanely fast”.  Using their visual search technology originally developed for government spy agencies they are analyzing hours of sporting event tape in a few seconds to identify the number of times a sponsor’s logo (on uniforms or on billboards) actually appears in order to value the exposure for advertising.

And beyond simple facial recognition is an emerging field called facial or emotional analytics.  That’s right, from video these companies have developed deep learning models that predict how you are feeling or reacting. 

Stoneware incorporates image processing and emotional analytics in its classroom management products to judge the attentiveness of each student in a classroom.

Emotient and Affectiva have similar products in use by major CPG companies to evaluate audience response to advertisements, and to study how NBA spectators respond to activities such as a dance cam.

Real time facial-emotional scanning of crowds to find individuals most likely to commit misdeeds can’t be far away.

For audio, Beyond Verbal has a database of 1.5 million voices used to analyze vocal intonations to identify more than 300 mood variants in more than 40 languages with a claim of 80% accuracy.

All of these are deep learning based data science being put rapidly to work in our law enforcement and criminal justice systems.

 

 

About the author:  Bill Vorhies is Editorial Director for Data Science Central and has practiced as a data scientist and commercial predictive modeler since 2001.  He can be reached at:

[email protected]

Follow us @IoTCtrl | Join our Community

Read more…

Image: Lorenzo Franceschi-Bicchierai/Vice Motherboard

By Ben Dickson. This article originally appeared here

At the recent Def Con hacking conference in Las Vegas, two researchers from cybersecurity firm Pen Test Partners showed that they could inflict your smart thermostat with ransomware from hundreds of miles away, and force you to fork over cash (usually bitcoins) before you could regain control of the appliance.

Ransomware has been around for a while. It’s a breed of malware that locks down access to your files by encrypting them and sells you the decryption key that will give you back access to the files. IoT ransomware is relatively new. However, this isn’t the first time that the topic of IoT ransomware has been brought up by cybersecurity experts. Experts from Symantec presented a research on ransomware for wearables (aka “ransomwear”) last year at the Black Hat conference. The issue was also raised by experts at the Institute for Critical Technology (ICIT), specifically in regards to healthcare IoT.

Unfortunately, though, IoT ransomware isn’t being given enough attention, or not being looked at from the right perspective, which can lead to its underestimation and disastrous outcomes that could result not only in financial losses, but in loss of life as well.

Why is IoT ransomware being underrated?

The fact that IoT ransomware is not being given enough attention stems from the fact that it is being perceived in the same light as traditional ransomware.

However there are two key differences.

The classic ransomware model owes its success to its irreversibleness. When your PC, laptop or smartphone becomes inflicted with ransomware, your valuable files are encrypted and the only thing that can give you back those files is the private key, which is in the hands of the culprits (that is unless you have a backup of your files).

And that is why you’re left with no other option than to pay the ransom. That’s why even theFBI recommends to pay the ransom.

That is simply not feasible with IoT. First of all, with most IoT data being stored in the cloud, there’s little or nothing of value on the devices themselves. So even if the data becomes encrypted, there’s little incentive for the owner to pay the ransom.

Which means, ransomware attackers will have to fall back to the older form of ransomware, the one that locks your device and ransoms you for regaining access to its functionality. And that is as trivial to overcome as resetting the device and installing new patches and updates, which is even easier to accomplish with IoT devices than PCs.

The second argument that discredits IoT ransomware has to do with the perspective of the attackers. Ransomware developers are always looking to make the most money for the least effort. So an exploit of Windows or Adobe Flash or Internet Explorer will enable hackers to target hundreds of millions of users. But IoT devices are so various that each of them would have to be targeted in a different way, which would make it more of a challenge for hackers.

There’s also the minor issue of needing a user interface such as a screen display to inform the user that they’ve been hacked by ransomware. A considerable percentage of IoT devices lack any display mechanism and the hackers will have to go the extra step of discovering the user’s email or hacking the app that controls the device as well.

These factors will not create enough financial motivation for hackers to invest in IoT ransomware. Or so we think.

Why should it be taken seriously?

The correct use of IoT ransomware hinges on being timely and critical, not on being irreversible. The entire point is to strike at the target at a time and place where they won’t be able to reset the device or counter the effects of the ransomware and will be more willing to pay the ransom.

So instead of looking for valuable files on your Nest Thermostat, hackers will lock it up with ransomware while you’re away on vacation and send you a notification to tell you that your smart home has been hacked and you either have to pay a ransom or the thermostat gets locked at a high temperature. By the time you fly back home to disable or reset the thermostat, your home will get fried, and if not, you’ll have to settle for the huge electricity bill that will come at the end of the month because of the active use of the appliance.

In the connected car industry, hackers will track you down and hack your car while you’re on a desert highway, with no means to fix the problem on your own and no access to service centers. Then you’ll be forced to either cooperate with the hackers or hitchhike your way to the nearest city to get help.

In industrial IoT, things can get even nastier. Imagine a hacked power grid (and these things do happen). The hackers won’t give you 48 or 72 hours to hand over the cash, as is the case with traditional ransomware. They’ll give you 30 or 45 minutes turn over bitcoins. And after that, it’ll be total blackout.

Medical IoT can become an attractive target for ransomware as well. Your pacemaker or drug infusion pump in the control of hackers can be a dangerous situation. How about handing over a bitcoin or seeing your heart skip a beat?

Final words

The IoT ransomware model is fundamentally different from the computer and laptop paradigm, but no less dangerous. It is only a matter of time before hackers decide it’s worth their time and try their hand at hacking IoT devices for ransom. This is another reminder of the cybersecurity tradeoffs that IoT poses on consumers.

What’s important is that we keep our vigil and stay prepared to protect ourselves and our devices against such attacks. I will soon be writing about IoT ransomware and the possible solutions. I welcome any sort of expert opinion on the topic.

Image Source: Lorenzo Franceschi-Bicchierai/Vice Motherboard

Read more…

IoT and Your Utilities Services

The Internet of Things has progressed rapidly in the last decade, providing numerous benefits for consumers, industries, and even government organizations. As a consumer, it can be difficult to break through the noise to see the most important benefits of IoT, especially when the spotlight is often focused on entertainment and convenience services. One benefit of IoT that is sometimes underrepresented, is the ability for new technologies to increase the efficiency and reduce costs of utility services.

Data from the Open & Agile Smart Cities initiative in Europe estimates that gross savings in a moderately sized smart city could be as much as 15% for water, 25% for waste management, and 50% for electrical lighting. Although these estimates might seem generous, they do reflect the optimism of other developed markets. As an example, data from the New Jersey Institute of Technology suggests that smart energy sensors could save the United States up to $1.2 billion dollars per year in the largest cities.

A Proven Case Study

The figures are exciting, but how exactly do they directly impact consumers? To answer this, we can look at how smart water sensors have benefitted residents in the city of Dubuque in Iowa, U.S.

In 2009, the city developed programs to introduce IoT connected sensors to consumer utility lines. Rather than traditional metering systems, residents and businesses were connected to smart meters that could automatically report data back to utility providers, allowing for real time usage monitoring and reporting. With the new meters, residents were better able to monitor their real time water usage and costs, which allowed for a 7% reduction in total water usage. The same system allowed for speedy detection of water leaks and flow problems, which were proactively monitored by the utility company. Because consumers had immediate access to their usage statistics, they could also identify leaks, faucets, or appliances in their homes that could be contributing to water waste. Considered a huge success, a similar system was adopted in the Australian city of Townsville, with similar positive results.

Considering this example of how IoT sensors have benefitted water utilities, it becomes easy to see how comparable systems could benefit electric and gas utilities. The savings aren’t just found from reducing usage and detecting leaks or faults, but also by reducing the cost of actually monitoring utility usage. Machine generated data can be interpreted by computers, eliminating the need for manual data interpretation. Meter reading at the service termination point also becomes unnecessary.

Wider Benefits that Integrate with Smart City Concepts

Using smart meters connected to the Internet of Things is clearly the future of utility metering, but there are still benefits beyond what has been discussed. With a smart city that proactively collects and interprets data, there are possibilities to improve utility infrastructure, identify trends, and plan utilities for new developments based on existing data.

Overall, the potential cost savings and benefits will far outweigh any investment that is made to modernize existing utility networks. Any city of significant size should be able to clearly measure the benefits of IoT, and the adoption rate of new technologies will serve the interests of both service providers, and the end of line consumers.

For more info about IOT check out our new websitewww.internetofthingsrecruiting.com

Read more…

What's on the Horizon for IoT and CCTV?

What’s on the Horizon for IoT and CCTV?

Smart devices are transforming the world that we live in, but is change always positive? When it comes to the internet of things (IoT), there are two strongly opposing viewpoints. Some see connected devices as a natural evolution of technology and the internet, with far reaching benefits for consumers, industry, and general business. There is also another viewpoint that sees IoT as too risky, too pervasive, and frighteningly unregulated.

The truth may be somewhere in the middle, although both viewpoints raise valid concerns and benefits. If designed and implemented correctly, IoT can increase efficiency, reduce cost, improve safety, and deliver convenience. However, without necessary attention to security and good judgement, IoT technologies can compromise privacy and sensitive data. When considering both viewpoints, it can help to look at a single technology group, such as CCTV cameras with internet connectivity.

The Benefits of Wireless CCTV Cameras

CCTV cameras and IoT can provide clear benefits over older systems. They can backup footage to local or cloud connected storage, which can then be made available for any user with internet access to the system. An embedded chip could also allow for live streaming so that monitoring can be performed off-site, without the need for wired infrastructure. This can reduce costs and improve convenience, while also shattering the old notion that monitoring requires a dedicated video room, staffed by full time employees. Smart cameras can even be configured to record and notify an elected group or individual when movement is detected. This essentially combines the functions of a video monitoring system and an intruder alarm, in a single technology.

With benefits like these, it’s easy to see why businesses and home users would be interested in a networked CCTV system, but when the risks are considered, connected cameras may become less appealing.

What are the Dangers of Current and Future Devices?

A CCTV system that is connected to the internet can theoretically be breached by any party, from anywhere in the world where there is internet access. Unauthorized access can mean that cameras could be disabled or hijacked to steal footage, potentially leaking sensitive trade or manufacturing information. In the case of domestic cameras, unauthorized access can open up the home to prying eyes. Not only can privacy be invaded, but criminals could potentially use cameras to track people’s movements and schedules to plan burglaries, home invasions, or other crimes.

What looks on paper to be a robust and futuristic security system, could just as easily be made to serve malicious parties, so what is the solution?

Security is Key

Like with most IoT devices, security will be the all-important layer that determines whether the benefits can be enjoyed without compromising privacy or increasing the risk of data theft. In commercial business and industry, there are typically more resources available to ensure that networks and devices are secured. Data transfer can be encrypted, and wireless and wired networks can be made safe through enterprise level firewalls and other safeguards. In the home, security is less likely to be effectively managed. Many home CCTV users may be ignorant to the needs of security, and may even be unaware of whether their home network and devices are secured.

This presents a significant challenge which should be addressed in two ways. Manufacturers and innovators have a responsibility to develop IoT systems that are secure by design, with safeguards in place to ensure that even user error cannot compromise the security of a system. At the same time, there needs to be a push to educate consumers (private and business) on the importance of security and the risks of poorly protected IoT devices like CCTV cameras. Government bodies can potentially strengthen security implementations and awareness through regulation and legislation.

With analysts expecting up to 50 billion embedded chip devices to be in use by 2020, it is essential that security and education challenges are met, so that IoT can reach its full potential without compromising the safety and security of organizations and users around the world.

For more information check out our new website.  www.internetofthingsrecruiting.com

Read more…

Guest blog post by Vishal Sharma

A buzz word around us for quite some time now is Internet of Things (IOT). To Simply define it:

“The internet of things (IoT) is the network of physical devices, vehicles, buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data.” (Wikipedia)

It simply means for me all devices that are connected to internet forms part of global network, producing data, that can be utilize for the betterment of services or customer experience or the way one can use it, some examples

  • Send real time alert, Smart wear to your doctor or from a machine nearing permissible temperature for over heating
  • Real time diagnostic like heart rate, pulse, Temp or SO2 Levels.
  • Security breach detection Etc.

How this is done is not what I am focusing around, once it is implemented and if it’s done with integration of all your devices / networks which work as entry point e.g. your mobile, GPS you use etc.

What will be level of privacy remains in a complete IoT world?

All devices are in connection and all are talking to each other with some kind of BIG data tool and Analytics working together. What will happen?

Some scenario

  • You are running out of fresh milk in your fridge and now smart fridge will send an order to your grosser for replenishment of the same.
  • You have a Smart watch or a fitness device which help your Coach to monitor your activity and hear rate and other vitals, helping him or her to identify the best fit regime for you.

All above are good but let’s go little forward and think a real life scenario that can happen,

You went to your favorite food joint and at point of sale you provided and identifiable information specific to you what will happen if everything is connected in true IOT scenario, Person on the sales counter will have lots of information and POS machine will not take your order if you have any disease and your doctor have said no without giving any details only a small bit information,

E.G. I want fries, Person at POS will say “Sorry Sir can’t, as your doctor has instructed that no high salt/ deep fried items for you, so please pick other item from menu” and then again you go for selecting other things.

Now imagine how much your privacy is at risk, for a total stranger knowing about your health.

Another Scenario of some card company calling you saying you are using at X POS service use of Y gives more incentive for shopping.

Do I really want world to know about it, may be not directly but through different ways.This is just one/two example however there can be many other one can think off.

Questions remains is IoT good and i will say definitely it is as per my view its adaptability will give far more benefits than risk caused.

However level of integration will tell how much personal the use can be called invasion of privacy and how much is actually required.

Note till the time I was writing this post there was no Single protocol that connect different devices and make it part of Global or Actual Term IOT, which I know of; hence integration can take long time.

Follow us @IoTCtrl | Join our Community

Read more…
RSS
Email me when there are new items in this category –

Upcoming IoT Events

More IoT News

How wireless charging works

Wireless charging technology has been around for over 100 years, but it has only recently found mainstream practical use for powering electronic devices like smartphones. Learn how this technology works and what advancements we may see in the future.

How wearables can improve healthcare | TECH(talk)

Wearable tech can help users track their fitness goals, but these devices can also give wearers ownership of their electronic health records. TECH(talk)'s Juliet Beauchamp and Computerworld's Lucas Mearian take a look at how wearable health tech can… Continue

IoT Career Opportunities