According to Intel IoT is expected to be a multi-trillion-dollar market, with 50 billion devices creating 44 zettabytes (or 44 trillion gigabytes) of data annually by 2020. But that widely cited 50 billion IoT devices in 2020 number is clearly not correct! Forecast of 50 Billion Devices by 2020 Is Outdated. In 2017 we should be talking about about some sensible numbers. The current count is somewhere between Gartner’s estimate of 6.4 billion (which doesn’t include smartphones, tablets, and computers), International Data Corporation’s estimate of 9 billion (which also excludes those devices), and IHS’s estimate of 17.6 billion (with all such devices included). Both Ericsson and Evans have lowered their expectations from 50 billion for 2020: Evans, who is now CTO of Stringify, says he expects to see 30 billion connected devices by then, while Ericsson figures on 28 billion by 2021.
Connectivity and security will be key features for Internet of Things processors in 2017. Microcontroller (MCU) makers will continue to target their products at the Internet of Things (IoT) in 2017 by giving more focus on battery life, more connectivity of various types, and greater security. The new architectures are almost sure to spawn a multitude of IoT MCUs in 2017 from manufacturers who adopt ARM’s core designs.
ARM will be big. Last year, ARM’s partners shipped 15 billion chips based on its architectures. The trend toward IoT processors will go well beyond ARM licensees. Intel rolled out the Intel Atom E3900 Series for IoT applications. And do not forget MIPS an RISC-V.
FPGA manufacturers are pushing their products to IoT market. They promise that FPGAs solve challenges at the core of IoT implementation: making IoT devices power efficient, handling incompatible interfaces, and providing a processing growth path to handle the inevitable increase in device performance requirement.
Energy harvesting field will become interesting in 2017 as it is more broadly adopted. Energy harvesting is becoming the way forward to help supplement battery power or lose the need for it altogether. Generally researchers are eyeing energy-harvesting to power ultra-low-power devices, wearable technology, and other things that don’t need a lot of power or don’t come in a battery-friendly form factor.
Low power wide area networks (LPWA) networks (also known as NarrowBand IoT) will be hot in 2017. There is hope that f LPWA nets will act as a catalyst, changing the nature of the embedded and machine-to-machine markets as NB-IoT focuses specifically on indoor coverage, low cost, long battery life, and enabling a large number of connected devices. The markets will become a kind of do-it-yourselfers paradise of modules and services, blurring the lines between vendors, users and partners. At the same time for years to come, the market for low power wide area networks (LPWA) will be as fragmented and is already in a race to the bottom (Sigfox, said to be promising costs approaching $1 per node per year). Competing technologies include Sigfox, LoRa Alliance, LTE Cat 1, LTE Cat M1 (eMTC), LTE Cat NB1 (NB-IoT) and other sub-gigahertz options almost too numerous to enumerate.
We are starting to see a battle between different IoT technologies, and in few years to come we will see which are winners and which technologies will be lost in the fight. Sigfox and Lora are currently starting well, but telecom operators with mobile networks NB-IoT will try hit the race heavily in 2017. Vendors prep Cat M1, NB1 for 2017: The Cat M1 standard delivers up to 380 Kbits/second over a 1.4 MHz channel. NB-1 handles up to 40 Kbits/s over 200 kHz channels. Vendors hope the 7-billion-unit installed base of cellular M2M modules expands. It’s too early to tell which technologies will be mainstream and which niche. It could be that cellular NB-IOT was too late, it will fail in the short term, it can win in the long term, and the industry will struggle to make any money from it. At $2 a year, 20 billion devices will contribute around 4% of current global mobile subscription revenues.
New versions of communication standards will be taken into use in 2017. For example Bluetooth 5 that adds more speed and IoT functionality. In 2017, we will see an increase in the number of devices with the new Bluetooth 5 standard.
Industrial IoT to gain traction in 2017. Industrial applications ultimately have the greater transformative potential than consumer products, offering users real returns on investment (ROI) rather than just enhanced convenience or “cool factor”. But the industrial sector is conservative and has been slow to embrace an industrial IoT (IIoT), but is seems that they are getting interested now. During the past year there has been considerable progress in removing many of the barriers to IIoT adoption. A global wide implementation of an IIoT is many years away, of course. The issues of standards and interoperability will most likely remain unresolved for several years to come, but progress is being made. The Industrial Internet Consortium released a framework to support development of standards and best practices for IIoT security.
The IIoT market is certainly poised to grow. A Genpact research study, for instance, indicates that more than 80% of large companies believe that the IIoT will be essential to their future success. In a recent market analysis by Industry ARC, for instance, the projected value of the IIoT market will reach more than $120 billion by 2021. Research firm Markets and Markets is even more optimistic, pegging IIoT growth at a CAGR of 8% to more than $150 billion by 2020. And the benefits will follow. By GE’s estimate, the IIoT will stimulate an increase in the global GDP of $10 to $15 trillion over the next 20 years.
Systems integrators are seeking a quick way to enter the industrial Internet of Things (IIoT) market. So expect to see many plug and play IoT sensor systems unveiled. There were many releses in 2016, and expect to see more in 2017. Expect to see device, connectivity and cloud service to be marketed as one packet.
IoT analytics will be talked a lot in 2017. Many companies will promise to turn Big Data insights into bigger solutions. For industrial customers Big Data analytics is promised to drive operational efficiencies, cut costs, boosting production, and improving worker productivity. There are many IIoT analytic solution and platform suppliers already on the market and a growing number of companies are now addressing industrial analytics use.
In 2016 it was all bout getting the IoT devices connected to cloud. In 2017 we will see increased talk about fog computing. Fog computing is new IoT trend pushed by Cisco and many other companies. As the Internet of Things (IoT) evolves, decentralized, distributed-intelligence concepts such as “fog computing” are taking hold to address the need for lower latencies, improved security, lower power consumption, and higher reliability. The basic premise of fog computing is classic decentralization whereby some processing and storage functions are better performed locally instead of sending data all the way from the sensor, to the cloud, and back again to an actuator. This demands smarter sensors and new wireless sensor network architectures. Groups such as the Open Fog Consortium have formed to define how it should best be done. You might start to want to be able to run the same code in cloud and your IoT device.
The situation in IoT security in 2016 was already Hacking the IoT: As Bad As I Feared It’d Be and there is nothing that would indicate that the situation will not get any better in 2017. A veritable army of Internet-connected equipment has been circumvented of late, due to vulnerabilities in its hardware, software or both … “smart” TVs, set-top boxes and PVRs, along with IP cameras, routers, DSL, fiber and cable modems, printers and standalone print servers, NASs, cellular hot spots, and probably plenty of other gear. IoT world at the moment is full of vulnerable devices, and it will take years to get then replaces with more secure devices. Those vulnerable devices can be used to make huge DDoS attacks against Internet services. The 2016 October 21 cyberattacks on Dyn brought to light how easily many IoT devices can be compromised. I expect that kind of incidents will happen more in 2017 as DDoS botnets are pretty easy to build with tools available on-line. There’s no question that everyone in the chain – manufacturers, retailers and consumers – have to do a better job securing connected devices.When it comes to IoT, more security is needed.
2,275 Comments
Tomi Engdahl says:
Configure ESP8266 Wifi with WiFiManager
http://hackaday.com/2017/03/18/configure-esp8266-wifi-with-wifimanager/
There’s no doubt that the ESP8266 has made creating little WiFi widgets pretty easy. However, a lot of projects hard code the access point details into the device. There’s a better way to do it: use the WiFiManager library. [Witnessmenow] has a good tutorial and a two-minute video
WiFiManager does what a lot of commercial devices do. It initially looks like an access point. You can connect to it using a phone or other WiFi device. Then you can configure it to join your network by setting the network ID, password, etc.
Avoid Hard-Coding WiFi Credentials on Your ESP8266 Using the WiFiManager Library
http://www.instructables.com/id/Avoid-Hard-Coding-WiFi-Credentials-on-Your-ESP8266/
Tomi Engdahl says:
ESP8266 WiFi Configuration Library
https://tzapu.com/esp8266-wifi-connection-manager-library-arduino-ide/
The burden every headless wireless connected device needs to overcome is how to connect to the network without having to hardcode any credentials in it’s firmware.
For the ESP8266 based devices programmed with the Arduino IDE, I have put together this little library that tries to make connecting as seamless and quick as possible. It’s called WiFiManager.
ESP8266 WiFi Connection manager with web captive portal
https://github.com/tzapu/WiFiManager
Tomi Engdahl says:
Arrow, Indiegogo and IBM announce groundbreaking partnership
https://www.ibm.com/blogs/ibm-training/arrow-indiegogo-ibm-announce-groundbreaking-partnership/
On February 16, 2017, Arrow Electronics, IBM and Indiegogo announced a partnership to help bring new Internet of Things (IoT) ideas to life. The collaboration brings IBM’s Watson IoT platform and cloud services together with ideation to production services from Arrow Electronics and Indiegogo.
Originally launched as a crowdfunding platform, Indiegogo is the place for entrepreneurs to move their ideas quickly from concept to market. Entrepreneurs on Indiegogo are able to showcase their ideas directly to users, take orders for products early in their life-cycle and ultimately build direct relationships with their first customers. Indiegogo is the platform of choice for early stage entrepreneurs and the creative teams of some of the most successful consumer product companies in the world
Now, qualified Indiegogo entrepreneurs will have no-charge access to IBM Watson IoT Platform via Bluemix for an unlimited amount of time, giving them access to more than 160 industry-leading cloud services to incorporate ready-to-use capabilities, such as artificial intelligence, Blockchain, advanced data analytics and cyber security into their latest IoT inventions. In addition, qualified startups will have access to IBM’s global network of technical and industry expertise, education, mentoring and enterprise customers and business partners, all of which can help to bring new and innovative IoT products to market quickly.
Experts predict that by 2022, the IoT landscape will be worth $14.2 trillion. A critical driver to this growth will be entrepreneurs and early-stage businesses which, while armed with ideas, lack the resources and skills to develop these next-generation IoT innovations and bring them to market.
IBM, Indiegogo and Arrow Electronics Partner to Fuel the Next Generation of Internet of Things Startups
http://www.prnewswire.com/news-releases/ibm-indiegogo-and-arrow-electronics-partner-to-fuel-the-next-generation-of-internet-of-things-startups-300408513.html
Early examples of Arrow Certified Indiegogo IoT startup projects include:
Fitly, which created Smart Plate, the first intelligent nutrition platform that instantly analyzes and tracks what you eat. An industry first, Smart Plate was developed with support from Arrow and IBM Cloud, and was successfully funded on Indiegogo.
PlayDate, a startup that launched on Indiegogo, created the first smart ball for pets that lets owners interact with their dogs and cats from anywhere in the world. The PlayDate team ran the highest grossing pet tech crowdfunding campaign to date, but used Indiegogo for much more than just funding. They were one of the first campaigns to get Arrow-certified, a badge of approval on their manufacturing plans, and they received $100,000 in flash funding as well as engineering design support. “Arrow and Indiegogo’s support was incredibly valuable,” said Kevin Li, CEO at PlayDate. “Our campaign with Indiegogo opened doors with partners and acted as market validation for investors. Indiegogo and Arrow partnering with IBM will be a huge benefit for entrepreneurs using the platform.”
“Entrepreneurs and startups play a vital role in creating the next generation of businesses – their drive, innovation and passion for bringing new ideas to life is particularly important in building the IoT,” said Harriet Green, General Manager Watson IoT. “We are thrilled to partner with Indiegogo and Arrow Electronics to accelerate IoT innovation and development around the world working hand in hand with some of the best and brightest entrepreneurs, developers and startups to build an even better IoT.”
“IBM will take our groundbreaking collaboration with Indiegogo to a whole new level, helping us reach more entrepreneurs and get their innovative products to market quickly and cost-effectively,”
Around the globe, IBM is working with more than 6,000 clients, across industries, to help them truly realize the benefits of IoT.
Tomi Engdahl says:
2017 will be about data ownership and security
http://industrialinternetnow.com/2017-will-be-about-data-ownership-and-security/
Whether it’s the sensors or it’s the platforms people are using, the Industrial Internet market has become much more mature overall in 2016. Good examples of monetization have emerged, demonstrating that organizations have begun leveraging capabilities and competencies and turning these opportunities into something that could positively affect their bottom line.
Companies that have been in this area for quite some time are now starting to leverage value from the data that has been collected. It’s one of the things we assumed to happen already a couple of years ago, but are only now seeing to realize. Once you have proper quality data to mine for information, you notice that there are several additional layers of value that you can start generating by aggregating information from multiple sources.
Connectivity and intelligent machines are somewhat breaking the boundaries of traditional industries.
Some of the very successful cases have come from industries where assets are quite remote and not that easily accessible, such as the vessels or oil rigs. New solutions now allow remote support teams to better understand what is happening in the field and help local teams using different augmented reality and virtual reality (VR) devices.
The industry that is really providing excellent opportunities for others is the automotive industry, with connected vehicles and automated driving becoming more and more commonplace. Companies with billions of dollars in revenue are developing all these capabilities and putting them in place, making them more cost efficient at the same time.
Lessons from hackathons
From our perspective, all the hacks we have organized have taught us something. In the case of the recent Maritime Hack, we encountered practical challenges associated in combining open and closed data. We found out that it is still much more challenging today than perhaps expected to get all the parties inside the port to share data with each other, despite sharing the same customer and the same objective. There are practical restrictions – legislative, contractual, but also artificial – and still quite a number of concerns in the open data sphere.
Remember that hackathons aren’t hacks as such. They deliver varying results based on the input, expectations and preparation that companies have put into those sessions. Some companies we know have had very limited success and varying results from the event. You take a risk when going into an event like this that doesn’t have a definite, specific outcome in mind.
Themes of 2017
2016 was the year of analytics. Data ownership and security will be very appropriate themes for 2017. Security is an underlying topic that can’t be avoided.
Preparedness for this is not a straightforward or easy thing to do as it requires that you have security built into your architecture from the very beginning. Companies should either redesign their solutions or build additional layers of security into their solutions, so if something does happen, the machines can be safely ramped down to avoid an adverse effect.
Interoperability and communication between machines and processes is something that will greatly profile 2017.
As for possible breakthroughs in 2017, one of the things we will see is VR or enhanced reality-devices being used in field service operatives’ day-to-day industrial work.
Tomi Engdahl says:
IoT projects getting better than expected results – with mass adoption due by 2019
https://www.iottechnews.com/news/2017/feb/28/iot-projects-getting-better-expected-results-mass-adoption-due-2019/
MWC A new study from Aruba argues businesses who adopt the Internet of Things (IoT) could experience better than expected results.
The wide-ranging survey, which polled more than 3,000 IT and business decision makers across 20 countries, found almost half of respondents (46%) found business efficiency increases in their implementations, compared with only 29% who were expecting it. Profit gains, with 32% realisation and only 16% expectation, saw the same pattern.
Derek Howard, worldwide IoT marketing manager for Hewlett Packard Enterprise (HPE), the parent company of Aruba, describes it as an ‘expectations dividend’. “There were a lot of benefits gained [which were] far greater than originally expected, and so there was a big disparity,” he tells IoT News.
“I think one of the things we’re seeing is that as enterprises in this industry are deploying IoT, they really are seeing greater than expected evidence, and I think this is really going to accelerate adoption over the next two years,” he adds.
In many of these cases, education is an important factor. “I think a lot of people know the term IoT, but they don’t understand what it really means or the business impact and what that means to them,”
More than seven in 10 (72%) respondents said they have introduced smart devices into their workplace, with remote monitoring and indoor location-based services the key use cases, and operation of building lighting and temperature the main benefit yet to come.
It’s worth noting as well that as one industry moves, another could join it soon after. Take smart cities, for instance, where in order for the whole utopian vision to work all sorts of technologies, from smart traffic lights to connected cars, will have to interact.
HPE sees the opportunity in three main buckets of enterprise, wide-area, and industrial, as Howard explains – “IoT is very much an ecosystem play right now” – and predicts ‘mass adoption’ by 2019 as a result of these better-than-expected results today.
Kevin Ashton, the man who originally coined the term IoT
“Since its inception in 1999, the Internet of Things has been ridiculed, criticised, and misunderstood,” Ashton wrote, “and yet here we are, less than two decades later, in a world where tens of thousands of organisations are saving and making hundreds of millions of dollars from the Internet of Things, using cars that drive themselves, subway stations that sense passengers, algorithms that diagnose deadly diseases using phones, and many other once apparently impossible technologies.
Tomi Engdahl says:
Protecting the “I” in the IoT: GDPR and future challenges
https://blog.nxp.com/security/protecting-the-i-in-the-iot-gdpr-and-future-challenges
The pervasive use of connected devices has improved safety and convenience in all aspects of our lives, and fueled a new wave of innovation by product and service developers. At the same time, we are confronted with a rise in cyber-attacks and data breaches, as well as with new legal provisions to which industry needs to comply. Expanding security around the “identities” in IoT now gains new meaning and a political dimension. The new EU General Data Protection Regulation (GDPR), which goes into effect for all EU member states in May 2018, is a first and important step in creating trust in the Internet of Things. The GDPR is strengthening the rights of individuals whose personal data is being processed, including through
the need for the individual’s clear consent to the processing of personal data;
easier access by the subject to his or her personal data;
the rights to rectification, to erasure and ‘to be forgotten’;
the right to object, including to the use of personal data for the purposes of ‘profiling’;
the right to data portability from one service provider to another.
Hence, in the future it is getting even more important for companies to set up measures to prevent privacy violation. In case of a breach, the GDPR requires administrative fines of up to 4% of global turnover for companies responsible for the incident. Meaning a high financial threat to all data processors in the EU but also to those who are based outside Europe targeting EU consumers.
This creates not only the need to take privacy and data protection into account in the design and set-up of products and services. Furthermore, security-by-design with respect to the storage, transfer, use and processing of data is an essential precondition to protect privacy. Organizations need to take technical and organizational measures which meet trust principles. Thus, the GDPR is obliging companies to integrate security and privacy by design features in their products, e.g.,
Secure storage of keys, e.g., in tamper resistant HW
Individual Device Identity
Secure User Identities respecting user’s privacy settings
Secure Communication channels
The lack of trust in connected solutions already is a severe market problem. With the growing number of hacked devices and formerly unregulated and non-transparent data usage, consumers are becoming more and more reluctant to invest in smart appliances.
Tomi Engdahl says:
Avnet, AT&T seek to lower barriers to IoT solutions development
http://www.cablinginstall.com/articles/2017/03/avnet-att-iot.html?cmpid=enl_cim_cimdatacenternewsletter_2017-03-20
At the recent Mobile World Congress (Feb. 27-Mar. 2) in Barcelona, Avnet (NYSE: AVT), a global technology distributor, and AT&T Inc. (NYSE: T) announced an agreement to offer AT&T’s Internet of Things (IoT) managed services as a part of Avnet’s growing IoT solutions stack. According to a press release, the agreement, which empowers Avnet to seamlessly integrate AT&T’s cloud application development tools — supported by the carrier’s flagship platforms AT&T M2X and AT&T Flow Designer — “paves the way for the two companies to more effectively harness their respective expertise to support designers in the development and production of next-generation IoT devices with global cellular connection.”
According to a press release, the Avnet Global LTE IoT Starter Kit will include the following:
* AT&T IoT Platform Access – The starter kit is fully integrated with the AT&T IoT Platform (M2X and Flow) – a cloud-based, fully managed time-series data storage service for network and connected machine-to-machine (M2M) devices and the Industrial Internet of Things. M2X will enable the kit to connect to the AT&T IoT Platform, allowing developers and customers to manage, organize and register individual devices – both real and virtual applications. Additionally, developers and customers will be able to deploy and run custom-built application logic from Flow Designer in scalable docker environments.
* Development Board – The starter kit will be outfitted with a global SIM to enable operation in over 25 countries
“Demand for connected devices continues to climb,” said Mike Troiano, vice president, AT&T Internet of Things. “We’re excited to integrate our IoT developer platforms, M2X and Flow Designer, into the Avnet Global LTE IoT Starter Kit.”
Tomi Engdahl says:
IoT applications require some development expertise that is significantly different from those required in a traditional embedded application. For example, the UI will typically reside on a mobile device rather than on the device itself. Most obviously, the device will need to connect to an IoT platform, which in turn will collect and analyze data.
Tomi Engdahl says:
European lighting regulations could help usher in human-centric lighting (MAGAZINE)
http://www.ledsmagazine.com/articles/print/volume-14/issue-3/features/regulations/european-lighting-regulations-could-help-usher-in-human-centric-lighting.html?cmpid=enl_leds_lightingforhealthwellbeing_2017-03-20
European regulators may have a play in delivering the Holy Grail of lighting for health and wellbeing. A simple directive or two mandating Internet connections may be all that it takes for now.
As charted by Brussels-based industry association LightingEurope, HCL will emerge as the top business force in a few years’ time, and will continue to gain prominence after that (Fig. 1).
Human-centric lighting represents a big part of a necessary sea change in the lighting industry business model, and one that could help ensure a future for the 1000+ companies, 100,000+ jobs, and €20 billion of yearly revenue of LightingEurope member companies, including 33 manufacturers. Everyone knows that the century-old business model of selling replacement incandescent bulbs is falling apart now that LED lamps have become commonplace and are expected to last for a decade or three. In its place, says LightingEurope, bring on the HCL.
The general idea is that lights will adjust their on/off, brightness, colors, and color temperatures to levels that optimize any particular setting. A schoolroom, hospital ward, or open-plan office might emphasize blue hues during the morning to stimulate alertness; reds and oranges might take over in appropriate settings in the evening for a calming effect. Brightness levels might increase in a public place when more visually-challenged senior citizens than better-sighted teenagers are present. And so on.
HCL systems are already taking hold in hospitals and healthcare settings, and will slowly work their way into the workplace.
Consider, for a moment, that HCL aside, the industry is for other reasons already counting on selling the products, systems, and services that make it operational, and that support a profitable business model. As such, lighting infrastructure will morph into an information technology scheme. It will be full of sensors that detect things like human presence, motion, and natural light. Lights will connect both wirelessly and through Ethernet cable to phones, gadgets, and central control computers.
But for the most part, today’s intelligent lighting schemes focus on energy savings and on data collection to help facilities managers make better use of their property and help retailers spot shopping trends and engage with customers.
With that in mind, LightingEurope is squarely engaged in two European Commission (EC) initiatives that could ultimately help establish IT systems as an integral aspect of lighting. Both concern themselves not with HCL per se but with energy savings.
Tomi Engdahl says:
Internet of Things security: What happens when every device is smart and you don’t even know it?
When IoT devices are everywhere, the security headaches just get worse.
http://www.zdnet.com/article/internet-of-things-security-what-happens-when-every-device-is-smart-and-you-dont-even-know-it/
Billions more everyday items are set to be connected to the internet in the next few years, especially as chips get cheaper and cheaper to produce — and crucially, small enough to fit into even the smallest product.
Potentially, any standard household item could become connected to the internet, even if there’s no reason for the manufacturers to do so.
Eventually that processors needed to power an IoT device will become effectively free, making it possible to turn anything into a internet-enabled device.
However, it’s unlikely that consumer will be the one who gains the biggest benefits from every device their homes collecting data; it’s those who build them who will reap the greatest rewards — alongside government surveillance services.
“It’s going to be so cheap that vendors will put the chip in any device, even if the benefits are only very small. But those benefits won’t be benefits to you, the consumer, they’ll be benefits for the manufacturers because they want to collect analytics,” says Hyppönen, speaking at Cloud Expo Europe.
“The IoT devices of the future won’t go online to benefit you — you won’t even know that it’s an IoT device,” says Hyppönen.
“And you won’t be able to avoid this, you won’t be able to buy devices which aren’t IoT devices, you won’t be able to restrict access to the internet because they won’t be going online through your Wi-Fi. We can’t avoid it, it’s going to happen.”
Indeed, it’s already started, with devices you wouldn’t expect to need an internet connection — including children’s toys — being discovered to have gaping cybersecurity vulnerabilities.
No matter the reason why things are being connected to the internet, Thomson agrees with Hyppönen about what the end goal is: data collection.
Retrofitting updates via the use of patches might work for a PC, a laptop or even a smartphone, but there are huge swathes of devices — and even whole internet-connected industrial or urban facilities — for which being shutdown in order to install and update is impossible.
“The security industry to date is predicated on the benefit of the retrofit. IT has designed insecure systems then we’ve secured them. That’s kind of OK in a world where a device can have some downtime,” says Thomson.
“But a car, a building, a city, a pipeline, a nuclear power facility can’t tolerate downtime. So if we don’t build security and privacy in to our designs from the very first whiteboard, we’re going to leave ourselves with a problem.”
Not only that, but as IoT devices become more and more common, people will start to ignore them
“The danger from a psychological perspective is that people forget about that technology and forget about the risks associated with it and our own personal mitigation of that risk.”
It’s therefore important for the Internet of Things cybersecurity loopholes to be shut sooner rather than later so as to avoid nightmare scenarios where hackers could exploit vulnerabilities to attack anything from pacemakers and other medical devices, to connected cars to even entire industrial facilities.
But are IoT device manufacturers going to do this anytime soon? Probably not.
“The manufacturers of IoT devices are unlikely to fix this by themselves. They’re unlikely to start investing more money in their IoT devices for security because money is the most important thing in home appliances,” says Hyppönen
Tomi Engdahl says:
Oulu is to be a world-class testing center for IoT
Industrial-IoT and high-speed data transmission testing experts of companies and research institutions will meet today with the University of Oulu on Wednesday 22/3/2017 to build a world-class testing the concentration in Finland. – Finland has a wealth scattered on a high level of testing knowledge. It can be used much more in the international market, says project manager Tapio Koivukangas OAMK to.
Companies and researchers in cooperation with a consortium formed by the testing industry, superio Test Center, which is open to all persons with testing concluded by the companies. The aim is to increase the global supply of testing services and reach up to tens of millions of euros in revenue.
Source: http://www.etn.fi/index.php/13-news/6036-ouluun-halutaan-maailmanluokan-testauskeskus
Tomi Engdahl says:
The Week In Review: IoT
FTC won’t regulate IoT; Evrythng raises money; embedded world news.
http://semiengineering.com/the-week-in-review-iot-44/
Maureen Ohlhausen, the acting head of the Federal Trade Commission, said in an interview that she looks to manufacturers of Internet-connected devices to decide on best practices for the Internet of Things. Although the FTC has the legal authority to set regulations for a variety of industries, Ohlhausen said the commission is “not primarily a regulator,” in line with the new administration’s policy on deregulation. The Republican commissioner endorsed a voluntary set of IoT standards recommended by the Broadband Internet Technology Advisory Group.
New York-based Evrythng, a provider of IoT platforms, reported raising $24.8 million in a Series B round of private funding
NXP Semiconductors this week introduced the LS1028A QorIQ Layerscape system-on-a-chip device, which integrates time-sensitive networking capabilities based on IEEE 802.1 standards. The chip has 64-bit ARM Cortex v8 processor cores, an integrated 3D graphics processing unit and LCD controller, a four-port TSN switch, and two separate TSN Ethernet controllers. The SoC is meant for Industrial Internet of Things and Industry 4.0 applications.
ON Semiconductor introduced an IoT Development Kit at embedded world. The baseboard that comes with the kit features the company’s NCS36510 system-on-a-chip device with a low-power 32-bit ARM Cortex-M3 core running ARM’s mbed operating system.
Texas Instruments introduced the CC3220 SimpleLink Wi-Fi microcontroller
Wind River has brought out Titanium Control, a software virtualization platform for Industrial IoT applications.
Schneider Electric debuted the Micro Data Center Xpress range of connected products for building and deploying micro data centers at the network edge.
The Insight Partners forecasts the worldwide health-care IoT market will enjoy a compound annual growth rate of 21.2% over the next decade, increasing from $20.15 billion in 2015 to $135.87 billion by 2025.
Tomi Engdahl says:
The easy math that explains why accurate IoT current measurement is hard
https://community.keysight.com/community/keysight-blogs/next-generation-wireless-communications/blog/2017/02/24/the-easy-math-that-explains-why-accurate-iot-current-measurement-is-hard
The never-ending drive to increase IoT battery life is great for customers, but it poses extraordinary challenges for design engineers. As sleep mode currents edge ever-closer to zero, the challenge of making measurements across a wide dynamic range becomes increasingly difficult.
Maximize battery life of IoT smart devices
http://www.keysight.com/main/campaign.jspx?cc=FI&lc=fin&ckey=2796290&id=2796290
Tomi Engdahl says:
Wireless networks provide hackers avenue of attack
http://fuelfix.com/blog/2017/03/13/wireless-networks-provide-hackers-avenue-of-attack/
Wireless networks represent another avenue of attack for hackers and another potential vulnerability for oil and gas production facilities, refineries, pipelines and other industrial plants, government and private cyber security specialists said.
Homeland Security said network scanning and probing accounted for 79 cyber incidents involving industrial controls in 2014 and 2015, but would not disclose additional details.
Skilled hackers, with a modest equipment that costs a few hundred dollars, could break into these in about two hours.
“If this were a targeted attack,” Dunn said, “whether it be ‘hactivism’ or a nation-state, all they have is time and money and opportunity.”
Tomi Engdahl says:
Metaspoit’s New RFTransceiver Finds Security Flaws in IoT Radio Communications
http://www.securityweek.com/metaspoits-new-rftransceiver-finds-security-flaws-iot-radio-communications
The Internet of Things is pervasive, rapidly growing, and largely insecure. Researchers have discovered security flaws in products ranging from baby alarms and dolls, to motor vehicles and medical equipment — and the likelihood is that there are many more simply not yet discovered.
Metasploit has now released a new hardware bridge extension to help researchers and pentesters — and IoT user organizations — discover security flaws in IoT radio communications. While many of the known flaws are found in consumer devices, IoT devices are increasingly making their way into and onto business premises; and it is very difficult for security teams to control them.
“Wireless systems often control alarm systems, surveillance monitoring, door access, server room HVAC controls, and many other areas,” writes Craig Smith, Transportation Research Lead at Rapid7 in a blog announcement today. These same devices can often contain flaws that can be used by attackers, but are unknown to the user.
With Metasploit’s new RFTransceiver radio frequency testing extension, companies will be able to better understand their true security posture. They will, suggests Smith, “be able to test physical security controls and better understand when foreign IoT and other devices are brought onto the premises.”
“We strongly believe,” writes Smith, “that RF testing is an incredibly important — though currently often overlooked — component of vulnerability testing. We believe that failing to test the usage of radio frequency in products puts people and organizations at risk. We also believe the importance of RF testing will continue to escalate as the IoT ecosystem further expands.”
Wood believes that the Metasploit capability will “make it easier for people to do research in this area which again will start to increase awareness and hopefully the overall security.”
The danger, of course, is that criminal elements could also use Metasploit to find flaws suitable for exploiting. It is a criticism that has always been leveled against Metasploit
But he adds that the bad guys are already doing bad things, and the best defense is to know what they can do. “Sunlight is the best disinfectant,” he adds.
F-Secure is at least one security firm that agrees. “RF has traditionally been a fruitful attack vector,” a spokesperson told SecurityWeek, “so maybe the availability of more tools in the field will improve that situation.”
At the same time, F-Secure is aware of the dangers. “This sort of technology is very much ‘dual use’ in the sense that while it is essential to security researchers and red teams, it can also be used as an attack tool by malicious parties.”
Senior security consultant Taneli Kaivola added, “Now that the door has been opened for the wider public, we can expect to see the scope and capability of this tool expanding. I fully expect to see SDRs (software defined radios, adding additional frequencies) supported in the framework popping up like mushrooms in the rain.”
Metasploit’s RF Transceiver Capabilities
https://community.rapid7.com/community/metasploit/blog/2017/03/21/metasploits-rf-transceiver-capabilities
Radio, radio, everywhere
Chances are your company and employees are already using many other radio frequencies (RFs) outside of the standard 802.11 network for various reasons. Perhaps you have a garage door with a wireless opener? Company vehicle key fobs? Not to mention RFID card readers, wireless security systems, Zigbee controlled lights, or HVAC systems.
What are the ranges for these devices? Are they encrypted or protected? What happens when they receive interference? Do they fail in a closed or open state?
The inability to effectively answer these questions (easily or even at all) is the very reason we are releasing the RFTransceiver extension for Metasploit’s Hardware Bridge, and why we think this will be a critical tool for security researchers and penetration testers in understanding the actual attack surface.
How it works
Just one quick author’s note before we get into the ‘how-to’ portion. Rapid7 does not sell the hardware required to perform RF testing. The required hardware can be found at any number of places, including Hacker Warehouse, Hak5, or any electronics store that carries software defined radios or RF transmitter hobbyist equipment.
With the RFTransceiver, security pros have the ability to craft and monitor different RF packets to properly identify and access a company’s wireless systems beyond Ethernet accessible technologies.
The first RFTransceiver release supports the TI cc11xx Low-Power Sub-1GHz RF Transceiver. The RFTransceiver extension makes it possible to tune your device to identify and demodulate signals. You can even create short bursts of interference to identify failure states. This release provides a full API that is compatible with the popular RfCat python framework for the TI cc11xx chipsets. If you have existing programs that use RfCat you should be able to port those into Metasploit without much difficulty. This release comes with two post modules: an Amplitude Modulation based brute forcer (rfpwnon) and a generic transmitter (transmitter).
Using the new RFTransceiver extension requires the purchase of an RfCat-compatible device like the Yard Stick One. Then download the latest RfCat drivers
Tomi Engdahl says:
New Metasploit Extension Available for Testing IoT Device Security
http://www.darkreading.com/threat-intelligence/new-metasploit-extension-available-for-testing-iot-device-security/d/d-id/1328452
RFTransceiver extension for the Metasploit Hardware Bridge API will let organizations detect and scan wireless devices operating outside 802.11 spec.
Enterprise security teams and penetration testers now have a new tool for evaluating the risks posed to their networks from Internet of Things (IoT) devices that are operating on radio frequencies outside the standard 802.11 specification.
Rapid7, the owner of the Metasplot Project, has released an extension to its recently introduced Hardware Bridge API for conducting pen tests on network-connected hardware.
The new RFTransceiver extension for the Metasploit Hardware Bridge is designed to let organizations identify and assess the security state of multi-frequency wireless devices operating on their networks more effectively than current tools permit.
Many organizations already have devices and systems operating on radio frequencies outside 802.11 on their networks. Examples include RFID readers, smart lighting systems using the Zigbee communication protocol and network-enabled alarm, surveillance, and door control systems.
The RFTransceiver extension is designed to help organizations with such devices answer vital questions, such as the operating range of the devices, whether they are encrypted, how they respond to outside interference, and how they fail.
A smart lighting system, for instance, may have both a custom RF component and a traditional WiFi component, and therefore may be subverted by an attacker on the RF side to get access to the WiFi side, he says.
John Kronick, a director at cloud services company Stratiform, says there are a few products currently available that are designed to sniff out IoT devices operating at different frequencies.
As one example, he pointed to Bastille, a company that sells products to help organizations sense RF devices on the network, to identify them and accurately determine the location of such devices on the network. Bastille touts its technology as being capable of identifying devices operating on frequencies ranging from 60MHz to 6GHz.
The Hardware Bridge API that Rapid7 announced last month made Metasploit the first general-purpose pen-testing tool that can also be used to test for vulnerabilities in hardware and physical devices.
Metasploit’s RF Transceiver Capabilities
https://community.rapid7.com/community/metasploit/blog/2017/03/21/metasploits-rf-transceiver-capabilities
Tomi Engdahl says:
Targeting Internet of Things: Metasploit Tool Adds Wireless Device Detection
https://securityledger.com/2017/03/targeting-internet-of-things-metasploit-tool-adds-wireless-device-detection/
In a nod to the growing presence of Internet of Things devices, Metasploit, everyone’s favorite penetration testing tool, has added support for an extension that will detect radio frequency (RF) devices, the company said on Tuesday.
The extension, dubbed RFTransceiver, allows Metasploit users to couple software defined radios, RF transmitters and other equipment to the Metasploit framework, allowing security pros to generate and monitor radio frequency traffic that can identify wireless systems deployed in a corporate environment.
Wireless devices that might lurk in corporate environments run the gamut from consumer accessories like wireless garage door openers and vehicle key fobs to RFID door card readers, wireless security systems, Zigbee controlled lights, and HVAC systems, notes Craig Smith, the head of Transportation Research at Rapid7, which owns Metasploit. However companies have limited options for monitoring such devices.
The RFTransceiver is designed to address that problem: allowing wireless testing and hacking tools by companies like Hak5. Initially, RFTransceiver will support the TI cc11xx Low-Power Sub-1GHz RF Transceiver and there’s an API that is compatible with the popular RfCat python framework for the TI cc11xx chipsets. Testers would also need an RfCat compatible testing device, like Yard Stick One
YARD Stick One
http://greatscottgadgets.com/yardstickone/
Tomi Engdahl says:
Low cost (~ 9$) IoT for Arduino and Raspberry Pi
https://hackaday.io/project/10416-low-cost-9-iot-for-arduino-and-raspberry-pi
Low cost IoT platform for Arduino Nano and Raspberry Pi under 8USD for all parts (included shipping) base on Ebay seller.
Tomi Engdahl says:
Home security system v2
https://hackaday.io/project/13054-home-security-system-v2
Raspberry pi powered home security station which measures temperature, light level, lpg & co2 gas and detects human movement.
a nodejs+raspberry powered wireless sensor station, previously i was created arduino+ethernet version of this one but it’s unreliable and lack of portability.
details available in following blog entry: http://psychip.net/video/new-gadget-wireless-sensor-station
Tomi Engdahl says:
Beauty and the Beast, Still a Cautionary Tale About the Smart Home
https://www.wired.com/2017/03/beauty-and-the-beast-smart-home/
The future of the Internet of Things is vast, but also terrible. For every internet-accessible security camera, there’s a smart air freshener; for every virtual assistant, a gamified urinal. None of that should be a surprise, though, after Disney’s 1991 animated film Beauty and the Beast, which took Disney’s love of anthropomorphism to new heights. In the fairy-tale reimagining, the Beast’s household staff has been enchanted into household objects: valet Lumière is now a candelabra, butler Cogsworth has been turned into a clock, and cook Mrs. Potts is a teapot. (On the nose? Maybe a little.) And now, with a new live-action version of Beauty and the Beast making a staggering $170 million at the box office in its opening weekend, the pitfalls of the smart home are again on display.
That’s not to say that things are all bad. Honestly, these are some great smart devices. They anticipate the needs of human/Beastly occupants perfectly.
Twenty-six years ago, all this animated meddling was adorable.
With the advent of CGI, though, the Beast’s castle seems to have relocated to be closer to the Uncanny Valley.
these instruments of convenience can cause real harm.
How dare the smart home withstand your xenophobia!
But those minor mishaps are nothing compared to the most problematic device in the castle by far: the Beast’s magic mirror, a voice-activated screen that allows the user to view anyone, anywhere.
Just because surveillance can be used to fight crime, though, doesn’t make it a one-solution-fits-all technology. The first time the Beast uses the magic mirror, after all, it’s to spy on Belle in her room.
Tomi Engdahl says:
System Bits: March 21
http://semiengineering.com/system-bits-march-21/
According to University of Michigan researchers, sound waves could be used to hack into critical sensors in a wide range of technologies including smartphones, automobiles, medical devices and IoT devices.
New research calls into question the longstanding computer science tenet that software can automatically trust hardware sensors, which feed autonomous systems with fundamental data they need to make decisions, the team said.
The work showed that inertial sensors, also known as capacitive MEMS accelerometers, which measure the rate of change in an object’s speed in three dimensions, can be tricked.
Sonic cyber attack shows security holes in ubiquitous sensors
http://ns.umich.edu/new/multimedia/videos/24664-sonic-cyber-attack-shows-security-holes-in-ubiquitous-sensors
The inertial sensors involved in this research are known as capacitive MEMS accelerometers. They measure the rate of change in an object’s speed in three dimensions.
It turns out they can be tricked. Led by Kevin Fu, U-M associate professor of computer science and engineering, the team used precisely tuned acoustic tones to deceive 15 different models of accelerometers into registering movement that never occurred. The approach served as a backdoor into the devices—enabling the researchers to control other aspects of the system.
“The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor,” Fu said. “Our findings upend widely held assumptions about the security of the underlying hardware.
“Analog is the new digital when it comes to cybersecurity,” Fu said. “Thousands of everyday devices already contain tiny MEMS accelerometers. Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”
Autonomous systems like package delivery drones and self-driving cars, for example, base their decisions on what their sensors tell them
The researchers identified the resonant frequencies of 20 different accelerometers from five different manufacturers. Then instead of shattering the chips, they tricked them into decoding sounds as false sensor readings that they then delivered to the microprocessor.
Trippel noticed additional vulnerabilities in these systems as the analog signal was digitally processed. Digital “low pass filters” that screen out the highest frequencies, as well as amplifiers, haven’t been designed with security in mind, he said.
Tomi Engdahl says:
IoT network without a gateway
German Lemonbeat solution is different from the mass: it adds intelligence to the IoT devices without a gateway or router.
the company is trying to bring intelligence directly to the terminals and make this compatible with IP-based connections of all kinds. – Technology equipment to perform programmed tasks for those without a gateway or connection to the cloud, Knake clarify.
In practice, the device measures the IoT, say, temperature or vibration, and send the data to another device. Devices based on the following environment-programmed rules: for example, when the vibration stops, the actuator sends the information forward.
The architecture is based LsDL-language (Lemonbeat Smart Device Language), which was originally developed for the energy company RWE for the smart house. Lemonbeat licensed software stack device manufacturers to provide equipment talk to each other.
Dennis Knaken says that the gateway is nowadays often needed to transfer the IoT data to the cloud, but most of gateway solutions are completely excessive. – We believe that the IoT devices brought more intelligence, gateway requirements may be significantly compromised. This lowers the cost of network roll-out, Knake explains.
In addition, LsDL language to get rid of one of the basic problem of IoT networks: the gateway, or the cloud service fails, the network solmutkaan do not work.
- We do not compete against cloud-based solutions. If the IoT device processor is not enough to manage the collected data or tasks, the gateway is an informed decision.
- We offer a solution to the Ethernet and Lora
Source: http://www.etn.fi/index.php/72-ecf/6045-iot-verkko-ilman-yhdyskaytavaa
Tomi Engdahl says:
https://www.bitag.org/
Internet of Things (IoT) Security and Privacy Recommendations
https://www.bitag.org/report-internet-of-things-security-privacy-recommendations.php
Several recent reports have shown that some devices do not abide by rudimentary security and privacy best practices. In some cases, devices have been compromised and allowed unauthorized users to perform surveillance and monitoring, gain access or control, induce device or system failures, and disturb or harass authorized users or device owners.
Potential issues contributing to the lack of security and privacy best practices include: lack of IoT supply chain experience with security and privacy, lack of incentives to develop and deploy updates after the initial sale, difficulty of secure over-the-network software updates, devices with constrained or limited hardware resources (precluding certain basic or “common-sense” security measures), devices with constrained or limited user-interfaces (which if present, may have only minimal functionality), and devices with malware inserted during the manufacturing process.
Tomi Engdahl says:
2017 will be about data ownership and security
http://industrialinternetnow.com/2017-will-be-about-data-ownership-and-security/
Whether it’s the sensors or it’s the platforms people are using, the Industrial Internet market has become much more mature overall in 2016. Good examples of monetization have emerged, demonstrating that organizations have begun leveraging capabilities and competencies and turning these opportunities into something that could positively affect their bottom line.
Tomi Engdahl says:
Keynote: Industrial IoT and Open Source: Opportunities and Challenges – Imad Sousou
https://www.youtube.com/watch?v=Pwc0cX43sec
Tomi Engdahl says:
Cypress Semiconductor does not believe that the IoT connections are to be successful only in a special, ultra low power radio technologies. Surprisingly, in many applications makes the most sense is to choose designed for fast data transfer 802.11ac technology.
It is, of course, the latest Wi-Fi technology, which is designed for heavy-duty high-speed data transfer quite short connections. In particular, high-speed connection can be used to transfer the collected sensor data to the router and into the cloud.
Cypress is, for example, CYW43455 multi-radio circuit that can be used both to collect sensor data nodes ultra low power bluetooth ble, or has that transmits data at lightning speed ahead for analysis. Such an application might be for example a security camera.
Fun in this figure is that 80211ac technology really designed IoT use. However, the calculations show that, since the radio is able to transmit data very quickly and then quickly extinguished, the total power consumption is lower than many other techniques.
Source: http://www.etn.fi/index.php/13-news/6028-myos-nopea-wifi-kay-iot-yhteyksiin
Tomi Engdahl says:
How safe is your connected gadget? Consumer Reports will start ranking them based on security
https://news.fastcompany.com/how-safe-is-your-connected-gadget-consumer-reports-will-start-ranking-them-based-on-security-4031870
Consumer Reports is hoping to change that by developing review criteria in conjunction with several security and privacy experts. Some examples:
– Do users have to generate a non-default login and password?
– Does the vendor address reported vulnerabilities and offer bug bounties?
– Does the vendor audit its own security and limit employee access to data?
– Can users control the data they’re sharing and delete what they’ve generated?
– Does the vendor disclose data collection and take only what it needs to make the product work?
– Does the vendor notify authorities if a breach occurs?
– Do consumers get notified if a government or other third-party requests their data?
Tomi Engdahl says:
Mouser – IoT-focused processors designed for value-conscious engineers and developers (NXP Semiconductors MCIMX6Y1CVM05AA)
http://www.electropages.com/2017/03/mouser-iot-focused-processors-designed-value-conscious-engineers-developers/?utm_campaign=2017-03-16-Electropages&utm_source=newsletter&utm_medium=email&utm_term=article&utm_content=Mouser+-+IoT-focused+processors+designed+for+value-conscious+engineers+and+…
Mouser now stocks the i.MX 6ULL applications processors from NXP Semiconductors. The processors deliver up to 30% more power efficiency than the family’s nearest competitors and are specifically designed for value-conscious engineers and developers working on cost-effective solutions for the growing IoT consumer and industrial markets, including gateways, access control, human machine interfaces, and other connected applications.
The applications processors deliver ultra-efficient performance in low-power, space-constrained embedded environments. The processors build upon the popular i.MX 6 series, introducing a single ARM Cortex-A7 processor core running up to 528MHz with 128KBytes of L2 cache and 16-bit DDR3/LPDDR2 support and is offered in a 14mm × 14mm package with a temperature (TJ) range of minus 40C to 105C.
Tomi Engdahl says:
Cut down that dev time
Infineon Technologies was showing its new development kits that help cutting down EtherCAT development time to three months: the XMC4300 Relax EtherCAT Kit and the XMC4800 EtherCAT Automation Kit. Both kits have passed the EtherCAT certification test.
The XMC microcontrollers with integrated EtherCAT node, XMC4300 and XMC4800, target factory automation, I/O modules and robotics. All XMC4800 microcontrollers are AEC Q100 qualified, making them also well suited for use in commercial, construction and agricultural vehicles.
The kit is designed to evaluate the capabilities of the XMC4300 (in LQFP-100 package) especially in EtherCAT slave applications. The XMC4300 uses the ARM Cortex-M4 processor and has 144 MHz, up to 256 Kbytesof embedded Flash memory and 128 Kbytes SRAM.
The XMC4300 Relax EtherCAT Kit offers an EtherCAT node with standard magnetics plug, IN and OUT interface via RJ45 jack and cabling as well as an optional EtherCAT node with PHY to PHY connection. Evaluation of mixed networks is easy with its CAN transceiver and CAN connector via D-SUB 9 plug.
Source: http://www.electropages.com/2017/03/embedded-world-show-2nd-day-highlights/?utm_campaign=&utm_source=newsletter&utm_medium=email&utm_term=article&utm_content=Embedded+World+Show+2nd+day+highlights
Tomi Engdahl says:
SUN : Self-Sustained Ultralow power Node
Ambient/Solar Energy harvesting based nodes that DON’T run on a LiPo battery.
https://hackaday.io/project/20523-sun-self-sustained-ultralow-power-node
It is expected that by 2020, 50 billion devices will be connected to the internet. An important consideration for a lot of those devices that don’t need a lot of computation power or, that only sense the environment and transmit the data, is of power consumption. LiPo batteries can no longer be used because it may be possible to replace 100 batteries when they are dead but it’s not possible to replace 1,00,000 LiPo cells(for devices in large sensor networks). This project is an attempt to develop a prototype that uses Solar Energy and(or) ambient light harvesting to power an ultra-low power beacon with temperature and brightness sensors (more to be added later) all in an area measuring 6.5cmX2cm only.
Tomi Engdahl says:
Arrow Electronics unveils FPGA IoT Maker Board
http://www.newelectronics.co.uk/electronics-news/arrow-electronics-unveils-fpga-iot-maker-board/153070/
Global distributor Arrow Electronics is making available a FPGA IoT Maker Board. Designed for end-to-end application development and optimised for cost, the MAX1000 board can be installed directly into a custom application or integrated on to a separate board
Intended for use by start-ups, universities or established equipment manufacturers who looking for a flexible, low cost FPGA platform for development, customised variants of the board are also available, according to Arrow.
At the board’s heart is a compact (11 x 11mm) Intel MAX10 FPGA with 8000 logic elements. This chip includes integrated flash memory, a 1Msample/s 12bit A/D converter for analogue signals and a 3.3V power supply. Other features include embedded SRAM, DSP blocks, instant-on within milliseconds, and the ability to implement Intel’s NIOS II soft core embedded processor to perform microcontroller tasks.
The board is equipped with an integrated Arrow USB-Blaster meaning that the FPGA can be programmed directly from a PC and debugged using the free of charge Intel Quartus Prime Lite software
Tomi Engdahl says:
Intel creates AI group, aims for more focus
Intel artificial intelligence unit will be led by former Nervana CEO Naveen Rao.
http://www.zdnet.com/article/intel-creates-ai-group-aims-for-more-focus/
Intel has put its artificial intelligence efforts under one group led by Naveen Rao, former CEO of Nervana, which was acquired by the chip giant.
The company has been repositioning via acquisitions to focus on Internet of Things to autonomous vehicles. The upshot is that Intel is trying to build a data center to IoT stack powered by its processors.
Making the Future Starts with Focus on AI
https://newsroom.intel.com/editorials/making-future-starts-with-focus-ai/
In a blog post, Rao outlined how the Artificial Intelligence Products Group will work across multiple units. Part of the group’s remit will be to bring AI costs down and forge standards.
Tomi Engdahl says:
Intel’s Mobileye purchase may really be about thwarting Nvidia’s car to cloud, data center connection
http://www.zdnet.com/article/intels-mobileye-purchase-may-really-be-about-thwarting-nvidias-car-to-cloud-data-center-connection/
“These cars are going to require higher and higher levels of connectivity and larger and larger amounts of data center and cloud computing as you are starting to increase the mapping requirements, the learning and algorithm improvements as we continue to drive this autonomy and move forward.” — Intel CEO Brian Krzanich after his company said it would acquire Mobileye for $15.3 billion
Autonomous vehicles are really about the compute back at the data center. Intel’s Mobileye acquisition is more about controlling its own destiny for data centers on wheels.
Tomi Engdahl says:
Tom Warren / The Verge:
Microsoft announces patent licensing program for connected cars, with navigation, entertainment, and voice recognition features, signs first deal with Toyota — Microsoft is making a fresh attempt to convince companies to use its technology for connected cars.
Microsoft’s latest attempt to get into connected cars involves patents
http://www.theverge.com/2017/3/23/15033956/microsoft-car-patent-licensing-toyota-deal
Microsoft is making a fresh attempt to convince companies to use its technology for connected cars. The software giant is announcing a patent licensing deal with Toyota today, the first of its kind. Toyota is the first partner to license Microsoft’s new auto licensing program, which includes access to navigation, entertainment, and voice recognition features that Microsoft has developed. Toyota isn’t revealing exactly what the company plans to use the patents for, but it’s clear Microsoft isn’t simply supplying software packages to run in cars.
The patent licensing deal seems like a step back from Microsoft’s more ambitious efforts with cars over the years. Microsoft first unveiled its Windows in the car concept nearly three years ago, but it has failed to make it a reality.
Tomi Engdahl says:
Campus radio
http://embeddedexperience.blogspot.fi/2017/01/campus-radio.html
mong other LPWA and cellular technologies, LoRa is exceptional as it enables both public and private network solutions.
Now the game is changing little by little, as cellular network vendors are interested in providing technology for license free bands, enabling campus radio or Factory Area Network type of applications.
Ericsson among others is pushing NB-IOT to globally available 2.4GHz band. The band is very popular and some challenges of co-existence with Wifi and other 2.4GHz radios remains to be solved.
Nokia has recently introduced concept called Innovation Platform, consisting of small cell LTE basestation, cloud hosted cellular backend and cloud application platform. Nokia is seeking for new licence-free band for the technology, and negotiating with national authorities in different countries to get 3.5GHz band available for private campus radio use.
Problem with alternative frequency bands is that there are no end-devices – modems – readily available, and it’s uncertain what will be the pricing and schedule. It may take long until cellular technologies can compete with LPWA in private network solutions, in terms of cost and power consumption at end device side.
As of Today, LoRa is good candidate for many LPWA solutions like meter reading, as well as for Factory Area Networks when no high data rate is needed.
LoRa specification is evolving
LoRa makes it easy to make retro-fit sensor network installation, as separate site-specific network planning project is not needed, unlike in case of WiFi, Bluetooth, or similar technologies.
Tomi Engdahl says:
IoT Edge Design Demands A New Approach
http://semiengineering.com/iot-edge-design-demands-a-new-approach/
A low-cost proof-of-concept is necessary in designing IoT edge devices.
A new breed of designers has arrived that is leveraging the advances in sensing technology to build the intelligent systems at the edge of the IoT.
These systems play in every space: on your body, at home, the car or bus that you take to work, and the cities, factories, office buildings, or farms that you work. The energy that you consume and how you travel, by air, land, or sea, all have IoT edge solutions being developed. And, space probes, telescopes, and satellites explore the far edges of the universe.
The widely-dispersed edge of the IoT and the thousands of small, innovative design teams working there are enabling the rapid development of the IoT.
Who are the new breed of designers? They work in small teams, collaborate online, and they require affordable design tools that are easy to and quickly produce results. Their goal is to deliver a functioning device to their stakeholders while spending as little money as possible to get there. Many work for companies that don’t have millions of dollars for traditional design tools, don’t have the time or desire to deal with the overhead of a central CAD department, work in a small company with very limited resources, or are one of the many new startups in this space. These teams all have one thing in common: they require the capability to develop a proof-of-concept for system validation in order to capitalize on this enormous opportunity. Even with the huge potential, the edge is very cost-sensitive, requiring a very low-cost proof-of-concept.
ARM offers the DesignStart portal that allows designers fast and easy access to a trial selection of ARM products without charge. In addition, Mentor Graphics provides the Tanner EDA design tools for free evaluation and ARM offers approved design partners for SoC development help.
For your project, the portal offers the ARM Cortex-M0 processor that you can download and use for design and simulation without charge. This is the ideal solution to your rapid proof-of-concept project. The ARM Cortex-M0 is a low-power 32-bit processor with a small footprint.
ARM DESIGNSTART
https://www.arm.com/develop/designstart?utm_campaign=201703-designstartutm_source=mentorutm_medium=SemiEngArticleutm_term=designstart
Tomi Engdahl says:
Shut the Backdoor! More IoT Cybersecurity Problems
http://hackaday.com/2017/03/22/shut-the-backdoor-more-iot-cybersecurity/
Tomi Engdahl says:
Smart Tech Doesn’t End the Hidden Factory
https://www.designnews.com/automation-motion-control/smart-tech-doesn-t-end-hidden-factory/137912586556466?cid=nl.x.dn14.edt.aud.dn.20170322
The manufacturing inefficiencies associated with Six Sigma’s “hidden factory” are not eliminated by advanced technology.
Can shiny new plant technology solve the underlying system inefficiencies known as the “hidden factory?” The Six Sigma Institute identifies the hidden valley as a set of activities in the manufacturing process that result in reduction of quality or efficiency and is not known to managers or others seeking to improve the process.”
In the race to implement new manufacturing technologies and systems, such as the Industrial Internet of Things, it is often forgotten that factories and operations already have systems in place—and the inner workings of these systems tend to actively resist any change forced upon them. So says John Carrier, senior lecturer of system dynamics at the MIT Sloan School of Management . He notes that the “hidden factory” that results from counterproductive and unpredictable old and new technologies will, over time, results in an unknown “process” that delivers defect-laden products behind schedule.
While new technology won’t necessarily eliminate underlying inefficiencies in plant systems, it can bring them to light. “When you wire things up and get the data, you’re going to learn things you didn’t want to know,” said Carrier. “The technology is new, but systems never change. All the difficulties people have had from building the pyramids to installing SAP are the same. As long as you have more than five people and you’re doing tasks in sequence, you’re going to have problems.”
The most direct way to discover hidden and costly problems is to measure everything. New tech can help with measurement. “The first benefit of connectivity is visibility into how your system is run. You’ll start measuring what’s going wrong. That’s a huge factor in revealing the hidden factory,” said Carrier. “But if you’re not careful in how you implement the new technology, the old system will reject it.”
Trying to apply best practices to address inefficiencies can also fail to deliver solutions.
Getting rid of the hidden factory is always temporary. It’s human nature to slide toward workarounds and idiosyncratic processes.
In order to make sure the hidden factory doesn’t undermine the advantages of new technology, Carrier says that executives need to decode cultural and workforce factors prior to making an investment in new tech. “There is an overemphasis on visioning at the expense of fully understanding existing systems and the people who must use the technology,” said Carrier.
Tomi Engdahl says:
Metasploit upgraded to sniff out IoT weakspots in corporate networks
Radio frequency testing probes for foreign bodies
https://www.theregister.co.uk/2017/03/22/metasploit_iot_upgrade/
Rapid7 has upgraded its popular Metasploit pen-testing tool to help IT security teams and consultants probe for IoT-related weaknesses in corporate environments.
Metasploit’s hardware bridge for radio frequency testing – the RFTransceiver – will grant teams greater visibility of foreign IoT devices. “The importance of RF testing will continue to escalate as the IoT ecosystem further expands,” according to Rapid7.
Tomi Engdahl says:
Google Maps will now let you share your location, creating a whole new set of privacy concerns
Every step you take …
http://www.recode.net/2017/3/22/15016062/google-maps-share-location-privacy
Google has announced new features for Google Maps, including some that make it easier to share your location with contacts, which could spur privacy concerns.
Altogether, the updates don’t mark a sweeping change as the company has been careful about how it tweaks the service. That’s because Maps is Google’s most-used app after YouTube and the fourth-most-used app overall with over 95 million people accessing it every month, according to comScore. Maps has become crucial to Google’s mobile strategy.
Given that, it’s noteworthy that the changes don’t include any new ways for Google to make money from Maps.
Location sharing is the most significant update. People can let anyone else know where they are by sending a text message with a link. The link can be opened by anyone, even if they don’t have the Maps app. People can also share their location within the app to others who use Maps.
That could raise all kinds of privacy concerns. The links, for example, can be shared to anyone else through a simple copy and paste, whether or not the original user intended their information to be known to a wider circle. The links will expire after three days, or earlier if the user sets the date.
Share your trips and real-time location from Google Maps
https://blog.google/products/maps/share-your-trips-and-real-time-location-google-maps/
Tomi Engdahl says:
IoT will soon be bringing half of roaming money
The Internet of Things will significantly affect the operators’ income generation. When even billions of devices connected to the operator’s network, they accounted for a roaming revenues will increase significantly.
ROCCO (Roaming Consulting Company) and MALE (Uni-Fi Roaming Solutions) have studied the IoT’s impact on operators’ revenue. According to them, as much as 50 per cent of operators’ roaming revenue comes IoT network connected devices by 2020.
Source: http://www.etn.fi/index.php/13-news/6048-iot-tuo-pian-puolet-roaming-rahasta
Tomi Engdahl says:
Planes, Trains, Automobiles, and Digital Transformation
http://www.securityweek.com/planes-trains-automobiles-and-digital-transformation
When most people think about technology innovation in the transportation sector, connected and self-driving cars immediately come to mind. But digital transformation is happening across other transportation industries as well.
Long recognized for its excellence across the supply chain, DHL has added head-mounted displays that use augmented reality to streamline the picking process, increasing employee productivity while maintaining shipment accuracy.
Tomi Engdahl says:
Senators Reintroduce Bills to Improve Cybersecurity of Vehicles and Airplanes
http://www.securityweek.com/senators-reintroduce-bills-improve-cybersecurity-vehicles-and-airplanes
Legislation Would Protect Drivers From Auto Security and Privacy Risks, Implement Cybersecurity Standards for Aircraft
The Security and Privacy in Your Car (SPY Car) Act directs the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal standards to secure our cars and protect drivers’ privacy, as well as establishes a rating system – or “cyber dashboard” – that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards. In 2014, Senator Markey released the report “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” which detailed major gaps in how auto companies are securing connected features in cars against hackers.
“Whether in their cars on the road or in aircraft in the sky, Americans should be protected from cyberattack and violations of their privacy,” said Senator Markey. “If hackers access the critical systems of a car or plane, disaster could ensue and our public safety could be compromised. We must ensure that as technologies change, our safety and privacy is maintained. I thank Senator Blumenthal for his partnership on this critical issue.”
“This critical legislation will help protect the public against cybercriminals who exploit advances in technology like wireless-connected aircraft and self-driving cars,”
Tomi Engdahl says:
Multiple Vulnerabilities Uncovered in Google Nest Cam
http://www.securityweek.com/multiple-vulnerabilities-uncovered-google-nest-cam
A security researcher took it to GitHub to disclose information on multiple vulnerabilities allegedly affecting Nest Cam and Dropcam Pro devices after receiving no response from Google for several months.
Tomi Engdahl says:
Data Leakage And The IIoT
http://semiengineering.com/data-leakage-and-the-iiot/
Connecting industrial equipment to the Internet offers big improvements in uptime and efficiency, but it adds security issues
The Internet of Things has raised concerns about people hacking into home networks or using armies of bots to disrupt communications. But with the Industrial IoT, the stakes are significantly higher—and the effects can last much longer.
Security tops the list of concerns as more industrial equipment is connected to the Internet, according to numerous industry insiders. That hasn’t stopped companies connecting industrial equipment to the Internet, because there are documented gains in efficiency, uptime and quality. But it has cast a shadow over these efforts, tempering how quickly companies add that connectivity and how they implement it. This is particularly true for large companies, which have more to lose, not to mention a long history of jealously guarding their data.
There is plenty of documentation for what can go wrong. The number of cyberattacks on industry is growing as more equipment is connected to the Internet, and so is the dollar value of those attacks. A Ponemon Institute study commissioned last year by IBM concluded that the average total cost of a single data breach is $4 million, up 29% since 2013.
“If you look at individual IIoT events, they often aren’t that important,” said Michael Ford, senior marketing development manager for Mentor Graphics‘ Valor Division. “But taken together, they can create a much bigger problem for companies.”
In the past, the complexity and size of an operation generally provided safeguards against data theft or leakage. But with commonly used data mining tools, it’s now possible to separate out meaningless shop floor data and hone in on the important events, which roughly adhere the 80/20 rule.
“It used to be that an employee would take out data they downloaded onto a USB,” said Ford. “But now a disgruntled employee can download the whole company’s data. Or worse, they can add data in. It would take a while before a company realizes all of the data is useless, or that everything is pointed to a competitor.”
Tomi Engdahl says:
An Android Phone Makes A Better Server Than You’d Think
http://hackaday.com/2017/03/22/an-android-phone-makes-a-better-server-than-youd-think/
There was a time a few years ago when the first Android phones made it to market, that they seemed full of promise as general purpose computers. Android is sort of Linux, right, or so the story went, so of course you must be able to run Linux on an Android phone and do all sorts of cool stuff with it.
But six years have passed since those days, phones have gotten much faster and so has the software for tasks such as rooting, so maybe it’s time to return to the topic of Linux on an Android device. [Pete Scargill] gave it a try when a friend gave him a Chinese quad-core Android phone with a broken screen. He proceeded to put a Debian installation on it, upon which he runs his collection of server processes.
Android Phone as Server
http://tech.scargill.net/android-phone-as-a-server/
Imagine turning your old, dust-covered phone into a sleek, battery backed-up server with unfeasibly long backup time, immunity to any mains spikes, a silent, fast Debian base for all the stuff in my script – which includes Node-Red, Apache/PHP, SQLITE (+ PHPLiteAdmin), MQTT, MC, Ha-Bridge and more! If you’ve been following this blog you’ll know about the script.
So this article applies to ROOTED Android phones and we’ve only tested around Android 5.0 onwards.
We’ve also tested this one OnePlus One (model BACON) and a Xiaomi Redmi 3 model IDO). The K10000 has now been up for several days.
Ok, bear with me – you have Node-Red on Linux – and MQTT. So, you run Tasker on the phone (in the Android section) with MQTT – and now you have access to and control of all of the Android facilities that TASKER can handle (i.e. just about the lot) from within the Debian environment. Doddle.. now all I need is some time!!
Tomi Engdahl says:
Google Cloud IoT Solutions
https://www.youtube.com/watch?v=51bq_Yhuof4
Events of interest fire off continuously in the physical world, and data that is material to decision making can’t always wait for offline analysis. Internet-equipped sensors on any physical item imaginable make it possible to ingest data continuously into the cloud, directly from the source at massive scale. Learn why Cloud Platform is the best place to build IoT initiatives, taking advantage of Google’s heritage of web-scale processing, analytics, and machine intelligence.
https://cloud.google.com/solutions/iot/
Tomi Engdahl says:
Dishwasher has directory traversal bug
Thanks a Miele-on for making everything dangerous, Internet of things security slackers
https://www.theregister.co.uk/2017/03/26/miele_joins_internetofst_hall_of_shame/
Don’t say you weren’t warned: Miele went full Internet-of-Things with a dishwasher, gave it a web server and now finds itself on the wrong end of a bug report and it’s accused of ignoring.
The utterly predictable bug report at Full Disclosure details CVE-2017-7240, “Miele Professional PG 8528 – Web Server Directory Traversal”.
“The corresponding embedded Web server ‘PST10 WebServer’ typically listens to port 80 and is prone to a directory traversal attack, therefore an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks.”
[CVE-2017-7240] Miele Professional PG 8528 – Web Server Directory Traversal
http://seclists.org/fulldisclosure/2017/Mar/63
Miele Professional PG 8528 (washer-disinfector) with ethernet interface.
The corresponding embeded webserver “PST10 WebServer” typically listens
to port 80 and is prone to a directory traversal attack, therefore an
unauthenticated attacker may be able to exploit this issue to access
sensitive information to aide in subsequent attacks.
Tomi Engdahl says:
Remember, the S in IoT stands for “Security”.
The FDA requires information panel labeling for most food: I think it’s reasonable to want to know roughly what we’re eating.
I would not be surprised to see similar printed labeling requirements for IoT devices, in bite sized chunks that are more standardized than a device-specific EULA, e.g.:
This device runs on:
firmware A (unaudited)
web server B (UL approved)
update expiry date: Jan 1, 2020
This device may:
capture video, sound, and/or user input
send user data to our servers
send aggregated user data to 3rd parties
Source: https://news.ycombinator.com/item?id=13964206
Tomi Engdahl says:
IoT Devices are Dramatically Expanding Your Digital Footprint
http://www.securityweek.com/iot-devices-are-dramatically-expanding-your-digital-footprint
IoT Devices are Dramatically Expanding Your Digital Footprint IoT devices are the rage for consumers and business alike. While sound business has always been data-driven, consumers have latched onto data and remote control capabilities. IoT devices are convenient, giving us access and availability to things previously not possible unless you were physically in front of the device. They also can produce useful data for us to process and use to make better decisions.
IoT devices are giving me a sense of Déjà vu… like I have had to deal with this before … a few times.
Circa 2000-2005 when Virtual Machines started to become the go-to technology of the time, many a CIO was raising their fist in victory by consolidating physical hardware into a virtualized environment and claiming cost savings. Only the cost savings were negligible or non-existent when you factored in the massive expansion of the digital footprint that now had to be secured and managed.
Fast forward to the 2009’ish timeframe and a magical term called BYOD started to show up.
Just like VM’s and BYOD/Mobile, IoT devices can also create a major risk for organizations – by dramatically expanding their level of presence. All of these devices create more opportunities for cybercriminals to exploit. And I’ve read many reports projecting the number of “smart” devices to double or triple within the next four years. Most of these devices are consumer-based, lack basic cybersecurity features and are not under centralized management. Just look around your office and what do you see?
Not only are there more devices expanding your digital footprint, business and personal devices, apps and data are being co-mingled more than ever. What this all adds up to is potentially the largest digital footprint that is NOT under proper security management.
Cybercriminals recognize this!
And right now there is huge opportunity to cause harm via IoT devices, which is why I wrote that we will see more increasingly creative IoT attacks in the coming year.
The latest IoT-related threat to emerge in 2017 is Imeij, which has been detected in the wild targeting equipment made by Taiwanese manufacturer AVTech. Proof of concepts are also occurring with researchers highlighting how PLC controllers can be hacked and potentially taint water supply.
The reality is that IoT devices will continue to grow and be used by more individuals and businesses. The challenge is to account for these devices in your overall security and risk management process.
1. Get your policy in place. At the end of the day, it all starts with policy. This first step an organization needs to undertake is to define what IoT is and how it should be utilized within the organization via a policy that everyone can reference.
2. Designate clear ownership and accountability. For example, IoT devices intersect physical and logical security, so who in your organization owns this risk? Who is accountable?
3. Segment your network. The trusted cybersecurity best practice of network segmentation applies to IoT device risk.
Devices designated as IoT should live in their own zone and not be co-mingled with other traditional IT devices.
4. Information Technology Governance. In relation to item #1 above, IoT devices should be put through an IT Governance process before they can be placed into production – and that starts with procurement.
To be clear, I think IoT devices provide many productivity and information benefits. I’m for them. But, as with anything new, you need to prepare and plan for these devices being in your environment to maximize the value they provide, while minimizing the inherent risk of these network-enabled devices.