Category: Internet Of Things

Google demonstrates their Google Home concept during Super Bowl 2017

Part of the experience of watching American Football’s annual ultimate playoff that occurs every February is to see the ads that are run during the commercial breaks. This is because, a company has to stump up at least US$5 million per “spot” to get an ad in front of the USA’s many eyeballs who will be watching the Super Bowl. Here, it is also the time that advertisers pull out the stops to show the most impressive and memorable commercials that could end up being run when they want to extend the campaign further.

Google used this year’s Super Bowl to demonstrate the concept of their Google Home voice-activated home assistant platform competing with Amazon Alexa. But is shows what these voice-operated home assistants are all about. Most of the functionality you will see in this ad will require you to install smart-home devices that control your existing lighting or heating.

Have a look at this if you missed it during this year’s “ad parade”.

Send to Kindle

Passive Wi-Fi–a new trend for battery-operated Wi-Fi network devices

Articles

‘Passive Wi-Fi’ researchers promise to cut Wi-Fi power by 10,000x | PC World (IDG)

New “Passive Wi-Fi” Could Drastically Cut Power Needs For Connected Devices | Fortune

Passive WiFi – 10,000 times less power consumption than trad WiFi | Telecom TV

US engineers unveil Passive Wi-Fi, which consumes 10,000 times less power | Android Authority

Video (Click / Tap to play)

My Comments

A new direction that is being looked at for the Wi-Fi wireless-network ecosystem is the use of “passive Wi-Fi”. This is where Wi-Fi endpoints will not be needing the use of analogue RF amplification circuitry and can simply reflect these wireless signals back to access points or routers.

Traditional active Wi-Fi setups work analogously to a torch (flashlight) that is being used where it is actively putting out the light thanks to its batteries. But passive Wi-Fi works in a similar vein to a mirror that simply reflects the light without using any energy.

The advantage here with passive Wi-Fi is that devices implementing that technology don’t need to draw lots of current for them to operate on the network. This is so appealing towards mobile devices implementing it as a battery-saving measure.

But it also appeals towards how devices related to the smart home or Internet-Of-Things will be designed. This is because these devices can be designed to work for a long time on up to three AA or AAA Duracells or a coin battery, or could use energy-harvesting technologies like solar power or kinetic energy but work with a Wi-Fi network rather than the Bluetooth LE, Zigbee or Z-Wave networks that are optimised for low energy.

Here, it may be feasible to directly connect these devices to your home network and the Internet without the need to use bridge devices to achieve this goal. This is although it can be feasible to integrate Bluetooth LE, Zigbee and/or Z-Wave bridging functionality in to a Wi-Fi-capable router or access point, especially if there is a market expectation to have these devices also serve as “smart-home” or “IoT” hubs.

At the moment, passive Wi-Fi can work between 30-100 feet on a line-of-sight or through walls while passing a bandwidth of up to 11Mbps. The prototypes have been demonstrated with traditional Wi-Fi network equipment including a router and smartphone and this has proven that they can work in a standard Wi-Fi network. But there have been issues raised about requiring routers and access points to broadcast a “wake-up” call for these devices to report their presence and status.

A question that can be asked as this technology is designed is whether it could be feasible to design a Wi-FI front-end to switch between active and passive mode. Here, it could appeal to devices that enter passive mode simply to save energy but “go active” while in use with obvious use cases being mobile devices or Wi-Fi-based handheld controllers.

What it could lead to is that the goal to optimise all of the building-wide wireless-data technologies for low-power use has been nearly completed with the ability to have devices that exploit these technologies able to run for a long time on ordinary batteries.

Send to Kindle

Z-Wave to be the first standards group to mandate secure IoT

Article

Nest Learning Thermostat courtesy of Nest Labs

Z-Wave now requires a secure-by-design approach for Internet Of Things devices using its technology like these room thermostats

IoT gear will need better security to win a Z-Wave badge | PC World

Previous coverage on this topic

A Clear Reality Surfaces With The Internet Of Things

EU wants to establish a security baseline for Internet Of Things

August responds to its smart lock’s security weaknesses by patching its software

My Comments

The recent Mirai botnet denial-of-service cyber-attacks including an attack against a data-security journalist have raised serious questions regarding designing the software for dedicated-purpose devices like network-infrastructure devices and the “Internet Of Things”. Here, it raised concern regarding default or hard-coded passwords along with poorly-maintained software as being a few of the issues that lead to lax security proactices for the dedicated-purpose devices.

This led to the European Union wanting to call a baseline standard for device-software security, with a customer-facing indicator similar to energy-efficiency labels on appliances or nutrition-rating labels on foodstuffs. Here, the standard wanted to look at “default-for-security” setup routines along with the issue of software maintenance.

But Z-Wave who establish a short-range wireless-connectivity standard for home-automation devices have had to answer this issue by requiring that devices using this technology implement their Security 2 (S2) secure-operations framework before the device can wear the Z-Wave logo. It is similar to various standards logos like Dolby noise reduction, DLNA or HDMI where equipment has to be compliant to these standards before they can show these logos and customers can see that logo as an indicator of compatibility.

Here, the requirement includes the use of a human-readable PIN number and/or a machine-readable QR code for authenticating devices to a Z-Wave network. As well, Z-Wave setups must implement a strong secure key exchange along with implementation of a Transport Layer Security 1.1 data tunnel for IP setups. It is mandatory for the endpoint devices like light bulbs, light switches and thermostats along with “hub” and similar devices that connect Z-Wave devices to the home network and Internet.

A question that may be raised with certain device classes like smart locks or security systems is whether a PIN number that you set using the device’s control surface, especially an “administrator” or “master” PIN number, does constitute a PIN number for the Security 2 (S2) framework.

At the moment, what Z-Wave have done is to address the issue of “secure setup” for this class of device. They haven’t dealt with the issue of software maintenance which is still a thorn in the side for dedicated-function devices and this may be something that others in the industry may need to deal with.

Send to Kindle

Finnish building-management systems cop the brunt of cyberattacks

Article

There needs to be a level of cyber-security awareness regarding the design and maintenance of building-automation systems

There needs to be a level of cyber-security awareness regarding the design and maintenance of building-automation systems

Finns chilling as DDoS knocks out building control system | The Register

My Comments

Two apartment buildings in Finland became victims of distributed denial-of-service attacks which nobbled their building-management systems. This caused the buildings’ central heating and domestic hot water systems to enter a “safety shutdown” mode because the remote management systems were in an endless loop of rebooting and both these systems couldn’t communicate to each other. The residents ended up living in cold apartments and having cold showers because of this failure.

What is being realised is that, as part of the Internet Of Things, building-management equipment is being seen to be vulnerable, due to factors like the poor software maintenance and an attitude against hardening these systems against cyber-attacks. Then there is the issue of what level of degraded-but-safe functionality should exist for these systems if they don’t communicate to a remote management computer. This also includes the ability for the systems themselves to pass alarm information to whoever is in charge.

This situation has called out data-security issues with design and implementation of dedicated-purpose “backbone devices” connected to the Internet; along with the data-security and service-continuity risks associated with cloud-based computing. It is also an issue that is often raised with essential services like electricity, gas and water services or road-traffic management being managed by Internet-connected computers with these computers being vulnerable to cyberattack.

One of the issues raised included the use of firewalls that run up-to-date software and configurations to protect these systems from cyberattack.

I would also look at a level of fail-safe operation for building management systems that can be implemented if the Internet link to remote management computers dies; along with the ability to use cellular-telephony SMS or similar technology to send alarm messages to building management during a link-fail condition. The fail-safe mode could be set up for a goal of “safe, secure, comfortable” quasi-normal operation if the building-local system identifies itself as operating in a safe manner.

Send to Kindle

You could be using your phone to sign in to Facebook on the big screen

Article

Apple TV 4th Generation press picture courtesy of Apple

You could be able to log in to Facebook on this device using your smartphone’s Facebook client

Facebook Login Updated for tvOS, FireTV, Android | AdWeek SocialTimes

From the horse’s mouth

Facebook

Developer News Press Release

Improving Facebook Login For TV and Android

My Comments

A holy grail that is being achieved for online services is to allow users to authenticate with these services when using a device that has a limited user interface.

TV remote control

A typical smart-TV remote control that can only offer “pick-and-choose” or 12-key data entry

An example of this is a Smart TV or set-top device, where the remote control for these devices has a D-pad and a numeric keypad. Similarly, you have a printer where the only interface is a D-pad or touchscreen, with a numeric keypad only for those machines that have fax capabilities.

Here, it would take a long time to enter one’s credentials for these services due to the nature of the interface. This is down to a very small software keyboard on a touchscreen, using “SMS-style” text entry on the keypad or “pick-and-choose” text entry using the D-pad.

Facebook initially looked at this problem by displaying an authentication code on the device’s user interface or printing this code out when you want to use it from that device. Then you go to a Web-enabled computer or mobile device and log in to facebook.com/device and transcribe that code in to the page to authenticate the device with Facebook.

Here, they are realising that these devices have some role with the Social Web, whether to permit single sign-on, allow you to view photos on your account or use it as part of a comment trail. But they also know that most of us are working our Facebook accounts from our smartphones or tablets very frequently and are doing so with their native mobile client app.

But they are taking a leaf out of DIAL (DIscovery And Launch) which is being used as a way to permit us to throw YouTube or Netflix sessions that we start on our mobile devices to the big screen via our home networks. It avoids a long rigmarole of finding a “pairing screen” on both the large-screen and mobile apps, then transcribing a PIN or association code from the large screen to the mobile client to be able to have it on the TV screen,

This is where you will end up authenticating that big-screen app's Facebook login request

This is where you will end up authenticating that big-screen app’s Facebook login request

What Facebook are now doing for the 4th generation Apple TV (tvOS) and Android-based TV/video peripheral platforms (Android TV / Amazon FireTV) is to use the mobile client app to authenticate.

Here, you use a newer version of the Facebook mobile client, the Facebook Lite client or the Google Chrome Custom Tabs to authenticate with the big screen across the home network. The TV or set-top device, along with the mobile device running the Facebook mobile client both have to be on the same logical network which would represent most small networks. It is irrespective of how each device is physically connected to the network such as a mobile device using Wi-Fi wireless and the Apple TV connected via HomePlug AV500 powerline to the router for reliability.

What will happen is that the TV app that wants to use Facebook will show an authentication code on the screen. Then you go to the “hamburger” icon in your Facebook mobile client and select “Device Requests” under Apps. There will be a description of the app and the device that is wanting you to log in, along with the authentication code you saw an the TV screen. Once you are sure, you would tap “Confirm” to effectively log in from the big screen.

At the moment, this functionality is being rolled out to tvOS and Android-based devices with them being the first two to support the addition and improvement of application programming interfaces. But I would see this being rolled out for more of the Smart TV, set-top box and similar device platforms as Facebook works through them all.

Spotify login screen

This kind of single-sign-on could apply to your Smart TV

One issue that may have to crop up would be to cater for group scenarios, which is a reality with consumer electronics that end up being used by all of the household. Here, software developers may want to allow multiple people to log in on the same device, which may be considered important for games with a multiplayer element, or to allow multiple users to be logged in but with one user having priority over the device at a particular time like during an on-screen poll or with a photo app.

Another question that could be raised is where Facebook is used as the “hub” of a user’s single-sign-on experience. Here, an increasing number of online services including games are implementing Facebook as one of the “social sign-on” options and the improved sign-on experience for devices could be implemented as a way to permit this form of social sign-on across the apps and services offered on a Smart TV for example. It could subsequently be feasible to persist current login / logout / active-user status across one device with all the apps following that status.

Other social-media, messaging or similar platforms can use this technology as a way to simplify the login process for client-side devices that use very limited user interfaces. This is especially where the smartphone becomes the core device where the user base interacts with these platforms frequently.

Send to Kindle

EU wants to establish a security baseline for Internet Of Things

Article

Netgear DG834G ADSL2 wireless router

The security of network connectivity equipment is now in question thanks to the Krebs On Security DDoS attack

The EU’s latest idea to secure the Internet of Things? Sticky labels | Naked Security Blog

My Comments

The European Commission wants to push forward with a set of minimum standards for data security especially in context with “dedicated-function” devices including the “Internet Of Things” or “Internet Of Everything”. This also includes a simplified consumer-facing product-label system along with a customer-education program very similar to what has taken place in most countries concerning the energy efficiency of the appliances or the nutritional value of the foodstuffs we purchase.

This issue has been driven by a recent cyber attack on the Krebs On Security blog where the “Mirai” botnet was used to overload that security blog, the latest in a string of many attacks that were inflicted against data-security journalist Brian Krebs. But this botnet was hosted not on regular computers that were running malware downloaded from questionable Internet sites, nor was it hosted on Web hosts that were serving small-time Websites running a popular content management system. It was based on poorly-secured “dedicated-function” devices like network-infrastructure devices, video-surveillance devices, printers and “Internet Of Things” devices that had their firmware meddled with.

Nest Learning Thermostat courtesy of Nest Labs

… as could other Internet-Of-Things devices like these room thermostats

There will be issues that concern how we set network-enabled equipment up to operate securely along with the level of software maintenance that takes place for their firmware. A question always raised in this context is the setup or installation procedure that you perform when you first use these devices – whether this should be about a “default-for-security” procedure like requiring an administrator password of sufficient strength to be set before you can use the device.

But I also see another question concerning the “durables” class of equipment like refrigerators, televisions, building security and the like which is expected to be pushed on for a long time, typically past the time that a manufacturer would cease providing support for it. What needs to happen is an approach towards keeping the software maintained such as, perhaps, open-sourcing it or establishing a baseline software for that device.

Manufacturers could be researching ways to implement centralised simplified secure setup for consumer “Internet-Of-Things” devices along with maintaining the software that comes with these devices. This could be also about working on these issues with industry associations so that this kind of management can work industry-wide.

But the certification and distinct labelling requirement could be about enforcing secure-by-design approaches so that customers prefer hardware that has this quality. Similarly, a distinct label could be implemented to show that a device benefits from regular secure software maintenance so that it is protected against newer threats.

It usually just requires something to happen in a significant manner to be a wake-up call regarding computer and data security. But once a standard is worked out, it could answer the question of keeping “dedicated-purpose” computing devices secure.

Send to Kindle

August responds to its smart lock’s security weaknesses by patching its software

Article August Smart Lock press picture courtesy of August

IoT manufacturer caught fixing security holes | The Register

Here’s what happened when someone hacked the August Smart Lock | CNet

My Comments

The Internet Of Things, along with network hardware focused at consumers and small businesses, has been considered a thorn in the side of people who are involved with data security. This is because of a poor software-maintenance cycle associated with these devices along with customers not installing new software updates for these devices.

Recently, at the DEFCON “hack-a-thon” conference in Las Vegas, a few of the smart locks were found to have software weaknesses that made them vulnerable.

But August, who makes one of these smart locks which are retrofitted to existing “bore-through” single-cylinder tubular deadbolts, answered this issue in a manner that is considered out-of-place for the “Internet Of Things”. Here, they issued software patches to rectify these security issues and offered them as a user-downloadable firmware update.

What is a sad reality for a lot of these devices is that the manufacturer rarely maintains the firmware that runs these devices, if not at all. Some manufacturers think that this practice is about having to “add functionality” to these devices which they would rather do with subsequent models or product generations. But this kind of updating is about making sure that the software ecosystem associated with the product is secure and stable with all the “bugs” ironed out. Similarly, it is also about making sure that the product is complying with industry standards and specifications so as to work properly with other devices.

August uses the latest iterations of their smartphone apps to deploy the firmware updates to their products, typically requiring that you place your phone with the app running near the door that is equipped with these locks.

The computing security industry and computing press congratulated August on responding to the security weakness in its products through a firmware update with “The Register” describing it as being beyond the norm for the “Internet Of Everything”. But they wanted more in the form of them disclosing the nature of the threats in the lock’s firmware in a similar manner to how Microsoft, Google or Apple would disclose weaknesses in their operating-system software.

This issue also is something that is applying to home-network equipment like routers, along with toys and games that connect to the Internet. What is being called out for is a feedback loop where bugs and other software deficiencies in all these devices are called out and a simplified, if not automatic, in-field software-update process takes place whenever newer firmware that answers these problems is released. This also includes the manufacturers disclosing the security issues that have been found and explaining to customers how to mitigate the risks or update the affected software.

Send to Kindle

Qarnot uses computers to provide free room heat for buildings

Qarnot Q.Rad press image courtesy of Qarnot

Qarnot Q.rad heater is actually a computer

One of the common ways of using electricity to provide room heat in a building is to use a panel or column heater that has a material like oil heated by an electric element.A variant that existed in the UK and, to some extent, Australia was a “storage heater” or “heat bank” that used a heavier material like bricks that stored more heat and was heated during overnight when the power was cheaper. Then this material diffuses this heat in to the room. These kind of heaters are able to provide this diffused heat to take the chill off a room but were expensive to run.

But Qarnot, a French cloud-computing firm, have looked at the issue of using the waste heat from a computer integrated in this heater to heat a room or building. Here, they have designed the Q.Rad which connects to your home network and electrical power and works as a data-server for their distributed-computing effort while using the waste heat to heat a room.

It also implements an integrated power meter so that you can be reimbursed for the power that it uses as part of the cloud-computing network, effectively providing “free heat”. But a question that can be raised for implementation in markets like Australia, New Zealand or, increasingly, the USA is the requirement to calculate transferred data and establish a mechanism to refund users’ bandwidth charges for this data. This is because of the practice where ISPs are either charging for data transferred or throttling users’ bandwidth if they transfer more than an allotted amount of data.

Qarnot Q.Rad exploded view press image courtesy of Qarnot

Processing power inside this heater – the waste heat from that goes to keeping you warm

The data that Qarnot processes using these heaters is typically for the likes of research labs, banks and animation studios where they “offload” calculations in to this cloud-computing array. They also have the ability to seek out distributed-computing research projects of the SETI or Folding@Home kind to keep the network alive and generating heat where needed. For data security, these heaters don’t implement any storage for the distributed-computing client’s data while implementing end-to-end encryption for this data,

Qarnot will implement an “upgrade and replace” program so that higher-speed processors are used in the Q.Rad computing heaters and there is the ability to deal with failed equipment quickly and easily to assure high availability.

Householders are still able to adjust the heater to their preferred comfort level and make it reflect their lifestyle by using a smartphone app or the controls on the heater. This kind of thermostatic control is achieved by deflecting some of the workload away from the heater that is not needed when there isn’t the need for heat output.

They rate the output of a single unit to around 500 watts which would cover a 150-300 foot area in an insulated building. Qarnot are also pitching these heaters as part of the smart-building concept by having them able to be equipped with sensors and being programmable for any IoT / building-automation application. Similarly, Qarnot have added functionality like USB or Qi wireless charging to these heaters so users can charge mobile devices on them.

At the moment, these heaters are being issued to large buildings in Europe and the USA where 20 units or more need to be deployed. But in 2017, Qarnot wants to release these heaters to individuals who want to take advantage of this heating concept. For householders, this may be seen as being advantageous for “always-needed low-output” heating applications such as kitchens, downstairs areas in split-level houses and similar areas.

In some cases, Qarnot could make it feasible to have the Q.Rad heaters provide services to a network, whether as a router, NAS, home-automation hub or something similar. This could be achieved through the use of extra hardware or software to fulfil these tasks.

What Qarnot has done is to harvest waste heat from computing processes and use this for heating rooms in buildings with little cost to the building owner.

Send to Kindle

Telstra joins the smart-home bandwagon

Article

Telstra Is Launching A Smart Homes Monitoring System | Lifehacker Australia

Telstra Has A Smart Home Monitoring System Coming Later This Year | Gizmodo

From the horse’s mouth

Telstra

Press Release

My Comments

What can a telco, pay-TV provider or ISP do when they face competition in the Internet-service, pay-TV, mobile communications or similar markets? Some of them have looked towards contributing to the smart-home market, whether offering their own service or rebranding a service offered by a specialist company under their own label.

Telstra is the latest to engage in this practice by offering a subscription smart-home service. Here, they will offer a “Watch and Monitor” security-focused service and an “Automation and Energy” home-automation service. This will be about ideas like knowing things like if a particular person has come home or whether that door that is meant to be locked is locked or whether that appliance like the iron is on or off. It can also be about having the heating turned down when no-one is up and around.

The hardware links to your home network and the Internet via Wi-Fi but most likely may use the Zigbee technology as the “low-power” wireless backbone. Each system will have a “Smart Home Hub” which links all the devices together and to the Internet and you will find that an iOS or Android mobile-platform app or a Web-based user interface will be the main control surface.

The Wi-Fi link also serves an indoor network camera and an outdoor network camera, both of which are HD-capable. There is a smart-thermostat kit which will link to your home’s heating and cooling system which may apply to those of us who use a central heating or cooling system of some sort. Telstra are also offering the Lockwood smart deadbolt which is like the Yale Real Living Connected Deadbolt that comes from ASSA Abloy. There are also the Sengled Element LED touch smart lights which are intended as replacements for most light-bulb setups along with a smart power plug that monitors current being used along with the ability to turn the appliance on or off.

Other sensors include a window sensor, a door sensor which is a magnet-reed contact sensor and a wide-beam PIR sensor that can be set up for “pet-alley” mode with all these devices talking to the Smart Hub wirelessly most likely via Zigbee technology.

Of course, like a lot of these home-automation systems, it will be a self-install package but Telstra may point you towards specialists who can help you with installation and setup requirements.

The system, which will be offered to customers irrespective of whether they maintain a Telstra communications service or not, is intended to be launched later this year.

Personally, I would like to see Telstra offer the subscription-based service as part of a cost-effective “multiple-play” telecommunications + entertainment service for those customers who value the idea of having “many eggs in one basket” by concentrating their business with one provider.

Send to Kindle

A call-for-help program has been developed for Microsoft Band

Article

Microsoft Band App Provides Discreet Reporting For Domestic Violence  | SuperSite For Windows

Previous coverage on this topic

Doncare has launched a mobile-phone app to help people in domestic-violence situations

From the horse’s mouth

Band Aid

Home Page

My Comments

Previously, I had given some space to an iOS mobile-platform app written in conjunction with Doncare Community Services in Doncaster to provide domestic-violence survivors access to the necessary information. This app provide the one-stop information shop functionality but could be quickly deleted from a mobile device if the user is in danger of ending up in trouble for seeking help, which can happen in an abusive relationship.

For those of you who are based in the UK, this has recently become a cause celebre thanks to it being woven in to BBC’s “The Archers” radio serial which highlighted an abusive relationship that was taking place in to one of its storylines.

But another project has been finished where a wearable is used as a tool for summoning help in these situations.  This is in the form of “Band Aid” which is an app that works with the Microsoft Band to detect when the wearer is under undue stress and invite them to have the paired smartphone call the national emergency-services number or a user-determined help number like a trusted friend or domestic-violence helpline. The user can override the software to bypass stress-sensing during exercise or similar situations.

There is further development taking place with this software such as working alongside support and refuge centres for domestic and relationship violence sufferers. There is also some work taking place with “social listening” and machine-learning to identify the behaviour of one who is under threat.

The “Band Aid” project has been developed as part of the “HackForHer” hackathon which is a programming challenge for software solutions that can help and enable women. Here, these kind of hackathons can flesh out ways that technology can help particular user groups in particular situations.

Personally, I would like to see this program be “taken further” to facilitate help in other situations like independent ageing (fall detection), living with chronic illnesses with a high fall risk like diabetes or epilepsy, or living with mental illnesses. The sensors in wearables like the Microsoft Band, the Apple Watch and the Android Wear smartwatches are able to monitor body signs along with the wearable’s gyroscope sensor being able to detect falls and similar situations while machine learning that is part of the software can identify what is normal compared to what is abnormal.

Here, it could detect if one is about to have a diabetic coma or epileptic seizure, or needs help because they as an old person fell. Having this kind of software work with the “Internet Of Everything” can work well for identifying risk-taking behaviour such as a person who is living alone not entering the kitchen to feed themselves or making sure that a person has taken medicines that they have to take.

What is happening is that it is the first time devices in the platform wearables or Internet-Of-Things class, along with the concept of machine learning, are being exploited as a personal-welfare device rather than as a wellness or “keep-fit” device. Here, this avoids the need to wear extra clutter to achieve a goal of ideal personal safety or health.

Send to Kindle