Category: Internet Of Things

August responds to its smart lock’s security weaknesses by patching its software

Article August Smart Lock press picture courtesy of August

IoT manufacturer caught fixing security holes | The Register

Here’s what happened when someone hacked the August Smart Lock | CNet

My Comments

The Internet Of Things, along with network hardware focused at consumers and small businesses, has been considered a thorn in the side of people who are involved with data security. This is because of a poor software-maintenance cycle associated with these devices along with customers not installing new software updates for these devices.

Recently, at the DEFCON “hack-a-thon” conference in Las Vegas, a few of the smart locks were found to have software weaknesses that made them vulnerable.

But August, who makes one of these smart locks which are retrofitted to existing “bore-through” single-cylinder tubular deadbolts, answered this issue in a manner that is considered out-of-place for the “Internet Of Things”. Here, they issued software patches to rectify these security issues and offered them as a user-downloadable firmware update.

What is a sad reality for a lot of these devices is that the manufacturer rarely maintains the firmware that runs these devices, if not at all. Some manufacturers think that this practice is about having to “add functionality” to these devices which they would rather do with subsequent models or product generations. But this kind of updating is about making sure that the software ecosystem associated with the product is secure and stable with all the “bugs” ironed out. Similarly, it is also about making sure that the product is complying with industry standards and specifications so as to work properly with other devices.

August uses the latest iterations of their smartphone apps to deploy the firmware updates to their products, typically requiring that you place your phone with the app running near the door that is equipped with these locks.

The computing security industry and computing press congratulated August on responding to the security weakness in its products through a firmware update with “The Register” describing it as being beyond the norm for the “Internet Of Everything”. But they wanted more in the form of them disclosing the nature of the threats in the lock’s firmware in a similar manner to how Microsoft, Google or Apple would disclose weaknesses in their operating-system software.

This issue also is something that is applying to home-network equipment like routers, along with toys and games that connect to the Internet. What is being called out for is a feedback loop where bugs and other software deficiencies in all these devices are called out and a simplified, if not automatic, in-field software-update process takes place whenever newer firmware that answers these problems is released. This also includes the manufacturers disclosing the security issues that have been found and explaining to customers how to mitigate the risks or update the affected software.

Send to Kindle

Qarnot uses computers to provide free room heat for buildings

Qarnot Q.Rad press image courtesy of Qarnot

Qarnot Q.rad heater is actually a computer

One of the common ways of using electricity to provide room heat in a building is to use a panel or column heater that has a material like oil heated by an electric element.A variant that existed in the UK and, to some extent, Australia was a “storage heater” or “heat bank” that used a heavier material like bricks that stored more heat and was heated during overnight when the power was cheaper. Then this material diffuses this heat in to the room. These kind of heaters are able to provide this diffused heat to take the chill off a room but were expensive to run.

But Qarnot, a French cloud-computing firm, have looked at the issue of using the waste heat from a computer integrated in this heater to heat a room or building. Here, they have designed the Q.Rad which connects to your home network and electrical power and works as a data-server for their distributed-computing effort while using the waste heat to heat a room.

It also implements an integrated power meter so that you can be reimbursed for the power that it uses as part of the cloud-computing network, effectively providing “free heat”. But a question that can be raised for implementation in markets like Australia, New Zealand or, increasingly, the USA is the requirement to calculate transferred data and establish a mechanism to refund users’ bandwidth charges for this data. This is because of the practice where ISPs are either charging for data transferred or throttling users’ bandwidth if they transfer more than an allotted amount of data.

Qarnot Q.Rad exploded view press image courtesy of Qarnot

Processing power inside this heater – the waste heat from that goes to keeping you warm

The data that Qarnot processes using these heaters is typically for the likes of research labs, banks and animation studios where they “offload” calculations in to this cloud-computing array. They also have the ability to seek out distributed-computing research projects of the SETI or Folding@Home kind to keep the network alive and generating heat where needed. For data security, these heaters don’t implement any storage for the distributed-computing client’s data while implementing end-to-end encryption for this data,

Qarnot will implement an “upgrade and replace” program so that higher-speed processors are used in the Q.Rad computing heaters and there is the ability to deal with failed equipment quickly and easily to assure high availability.

Householders are still able to adjust the heater to their preferred comfort level and make it reflect their lifestyle by using a smartphone app or the controls on the heater. This kind of thermostatic control is achieved by deflecting some of the workload away from the heater that is not needed when there isn’t the need for heat output.

They rate the output of a single unit to around 500 watts which would cover a 150-300 foot area in an insulated building. Qarnot are also pitching these heaters as part of the smart-building concept by having them able to be equipped with sensors and being programmable for any IoT / building-automation application. Similarly, Qarnot have added functionality like USB or Qi wireless charging to these heaters so users can charge mobile devices on them.

At the moment, these heaters are being issued to large buildings in Europe and the USA where 20 units or more need to be deployed. But in 2017, Qarnot wants to release these heaters to individuals who want to take advantage of this heating concept. For householders, this may be seen as being advantageous for “always-needed low-output” heating applications such as kitchens, downstairs areas in split-level houses and similar areas.

In some cases, Qarnot could make it feasible to have the Q.Rad heaters provide services to a network, whether as a router, NAS, home-automation hub or something similar. This could be achieved through the use of extra hardware or software to fulfil these tasks.

What Qarnot has done is to harvest waste heat from computing processes and use this for heating rooms in buildings with little cost to the building owner.

Send to Kindle

Telstra joins the smart-home bandwagon

Article

Telstra Is Launching A Smart Homes Monitoring System | Lifehacker Australia

Telstra Has A Smart Home Monitoring System Coming Later This Year | Gizmodo

From the horse’s mouth

Telstra

Press Release

My Comments

What can a telco, pay-TV provider or ISP do when they face competition in the Internet-service, pay-TV, mobile communications or similar markets? Some of them have looked towards contributing to the smart-home market, whether offering their own service or rebranding a service offered by a specialist company under their own label.

Telstra is the latest to engage in this practice by offering a subscription smart-home service. Here, they will offer a “Watch and Monitor” security-focused service and an “Automation and Energy” home-automation service. This will be about ideas like knowing things like if a particular person has come home or whether that door that is meant to be locked is locked or whether that appliance like the iron is on or off. It can also be about having the heating turned down when no-one is up and around.

The hardware links to your home network and the Internet via Wi-Fi but most likely may use the Zigbee technology as the “low-power” wireless backbone. Each system will have a “Smart Home Hub” which links all the devices together and to the Internet and you will find that an iOS or Android mobile-platform app or a Web-based user interface will be the main control surface.

The Wi-Fi link also serves an indoor network camera and an outdoor network camera, both of which are HD-capable. There is a smart-thermostat kit which will link to your home’s heating and cooling system which may apply to those of us who use a central heating or cooling system of some sort. Telstra are also offering the Lockwood smart deadbolt which is like the Yale Real Living Connected Deadbolt that comes from ASSA Abloy. There are also the Sengled Element LED touch smart lights which are intended as replacements for most light-bulb setups along with a smart power plug that monitors current being used along with the ability to turn the appliance on or off.

Other sensors include a window sensor, a door sensor which is a magnet-reed contact sensor and a wide-beam PIR sensor that can be set up for “pet-alley” mode with all these devices talking to the Smart Hub wirelessly most likely via Zigbee technology.

Of course, like a lot of these home-automation systems, it will be a self-install package but Telstra may point you towards specialists who can help you with installation and setup requirements.

The system, which will be offered to customers irrespective of whether they maintain a Telstra communications service or not, is intended to be launched later this year.

Personally, I would like to see Telstra offer the subscription-based service as part of a cost-effective “multiple-play” telecommunications + entertainment service for those customers who value the idea of having “many eggs in one basket” by concentrating their business with one provider.

Send to Kindle

A call-for-help program has been developed for Microsoft Band

Article

Microsoft Band App Provides Discreet Reporting For Domestic Violence  | SuperSite For Windows

Previous coverage on this topic

Doncare has launched a mobile-phone app to help people in domestic-violence situations

From the horse’s mouth

Band Aid

Home Page

My Comments

Previously, I had given some space to an iOS mobile-platform app written in conjunction with Doncare Community Services in Doncaster to provide domestic-violence survivors access to the necessary information. This app provide the one-stop information shop functionality but could be quickly deleted from a mobile device if the user is in danger of ending up in trouble for seeking help, which can happen in an abusive relationship.

For those of you who are based in the UK, this has recently become a cause celebre thanks to it being woven in to BBC’s “The Archers” radio serial which highlighted an abusive relationship that was taking place in to one of its storylines.

But another project has been finished where a wearable is used as a tool for summoning help in these situations.  This is in the form of “Band Aid” which is an app that works with the Microsoft Band to detect when the wearer is under undue stress and invite them to have the paired smartphone call the national emergency-services number or a user-determined help number like a trusted friend or domestic-violence helpline. The user can override the software to bypass stress-sensing during exercise or similar situations.

There is further development taking place with this software such as working alongside support and refuge centres for domestic and relationship violence sufferers. There is also some work taking place with “social listening” and machine-learning to identify the behaviour of one who is under threat.

The “Band Aid” project has been developed as part of the “HackForHer” hackathon which is a programming challenge for software solutions that can help and enable women. Here, these kind of hackathons can flesh out ways that technology can help particular user groups in particular situations.

Personally, I would like to see this program be “taken further” to facilitate help in other situations like independent ageing (fall detection), living with chronic illnesses with a high fall risk like diabetes or epilepsy, or living with mental illnesses. The sensors in wearables like the Microsoft Band, the Apple Watch and the Android Wear smartwatches are able to monitor body signs along with the wearable’s gyroscope sensor being able to detect falls and similar situations while machine learning that is part of the software can identify what is normal compared to what is abnormal.

Here, it could detect if one is about to have a diabetic coma or epileptic seizure, or needs help because they as an old person fell. Having this kind of software work with the “Internet Of Everything” can work well for identifying risk-taking behaviour such as a person who is living alone not entering the kitchen to feed themselves or making sure that a person has taken medicines that they have to take.

What is happening is that it is the first time devices in the platform wearables or Internet-Of-Things class, along with the concept of machine learning, are being exploited as a personal-welfare device rather than as a wellness or “keep-fit” device. Here, this avoids the need to wear extra clutter to achieve a goal of ideal personal safety or health.

Send to Kindle

Controlling your garage door or gate from your smartphone

Relevant article:

Detached garage

Very soon your smartphone could control your garage door

Smart Garage Door Systems | Postscapes

Introduction

A feature that is available for your remote-controlled garage door or gate is the ability for you to control it using your smartphone. But this feature is primarily available from a few American-based home-automation manufacturers with some companies who sell garage-door openers offering add-on kits for their products to enable them to have this functionality. This is while the rest of these vendors offer them as a kit that is retrofitted to an existing garage-door opener or gate controller.

What do they offer?

Your smartphone is your garage door remote control

Smartphone and garage door transmitter

This Android smartphone could supplant that garage door opener

This avoids the need for you to fossick for a garage-door opener transmitter or worry whether the transmitter’s battery has died when you leave or arrive and some of these systems may have the ability to let you know if that garage door is actually closed or not. This may avoid the need to glance nervously in the rear-vision mirror when you leave to see if that door is closing as I have seen someone that I have known do when they and I left their house in their car, or to turn around to check if that gate is properly closed.

There is also the opportunity for the software developer who write the smartphone apps for these garage door controllers to exploit your smartphone platform’s abilities like asking your platform’s voice-driven personal assistant (Siri, Google Now, Cortana) whether the garage door’s open or not or telling it to close the door. Similar you can set a notification to pop up using your smartphone platform’s notification interface if certain conditions are met like the garage door being open too long or at odd hours.

Wrought iron gates

Even wrought-iron gates like these can be controlled with your smartphone

The software developers can even provide support for the in-car or smartwatch interfaces that are an extension of these mobile operating systems so that your CarPlay or Android Auto infotainment setup in the car, or your Apple Watch or Android Wear smartwatch is your key to your garage door or gate.

Increased security and manageability

All these garage door controllers have similar functionality to a smart lock where you can issue extra keys to other people yet have the ability to take the keys away from them or provide limited usage periods for these keys.

For example, you could allow your houseguests to have access to the garage or give the keys to a friend who is storing their car in your garage. Similarly, you could allow your nanny to have access to your property through the front gates for the duration of her shift.

You gain this functionality through the mobile-platform app or a Web-based dashboard in the case of those systems that connect to your home network. In a lot of cases, the latter example allows you to manage your garage from another Internet-connected computer like your workplace’s computer.

How do they work

Connecting to the garage door or gate opener

Most of these systems are designed to work on a universal-connection setup where the smartphone controller interface mimics the manual pushbutton that is used to open the garage door from inside. This is achieved through a relay (your car has these to control the headlights, horn or starter motor from the switches on the dashboard) or an optocoupler which has its switching contacts wired in parallel to the manual pushbutton and these are brought closed for a short moment when the controller wants the door opened or closed. This action causes the garage door or the gates to start opening or closing depending on their current position. The setup allows for the circuits in both the devices to be isolated thus reducing the risk of cross-voltage damage occurring while allowing for this control.

The systems that support Wi-Fi-based connectivity also provide the ability to work with a sensor that determines whether the garage door is open or closed. This allows them to report on this status either in an event-driven manner or under control of the controller’s app. This goal can be achieved using a wireless sensor that uses an integrated tilt switch and is attached to your single-panel or multi-panel lift-up garage door; or the better units may simply allow you to connect a door-contact switch to the garage door. This can work well with roller doors, sliding or swing doors including gates.

A few of these systems even have their own video-surveillance camera or can work with IP-based video-surveillance cameras so you can see if the garage door is opening or closing as well as knowing if anyone is in the garage. Some of them also offer a visual and/or audio alert so you and others know if the garage door or gate is being opened or closed, with this functionality being offered as a “get-out-of-the-way” safety warning.

The GoGoGate controller allows for increased flexibility by permitting different wiring scenarios like a separate “open” and “close” button which may be encountered with more advanced setups. On the other hand, some garage-door-opener manufacturers may offer kits that enable you to control their products from your smartphone.

An issue that may plague a lot of these controllers is that they aren’t weatherproof to outdoor conditions and installers may have to house them in weatherproof housings if they want to use them with gates.

Connecting to your smartphone

Some of these garage door controllers connect to your smartphone using a Bluetooth 4.0 interface while most of the others use a Wi-FI network interface that is linked to your home network’s Wi-Fi segment.

A few of the controllers also offer an “own-access-point” mode where they serve as their own Wi-Fi access point just for controlling your garage door or gates. In this latter case, you have to make sure your smartphone discovers and switches to that network before you can control your garage door.

Some of the controllers like the GoGoGate system may even provide for Ethernet connectivity, perhaps in the form of using an Ethernet-based USB network adaptor. This feature cannot be discounted because it can allow the use of HomePlug AV500 or HomePlug AV2 powerline adaptors to provide a reliable network link to the home network and the Internet. Use this with a HomePlug Wi-Fi access point and you could assure reliable remote access from your car outside the garage or front gates.

Software

All of the smartphone-capable garage door controllers, like other home-automation devices, rely on control apps that are peculiar to a vendor’s controller system.

They will allow you to control multiple garage doors as long as the controllers are from the same vendor. The software even allows for property-level grouping and caters toward garages which have two or three separately-opened doors. So this means that you don’t need to install a new app for each door.

The Wi-Fi-based systems that connect to your home network also work with a management Website so you can see access logs or manage your system from a regular computer. Some of them also link to a remote-access server which would be referred to as a “cloud” setup, typically established by the vendor. This would allow for functions like email alerts or the ability to open or close your garage door from work.

Another feature to expect for some of these connected garage-door-controller systems is the ability to integrate with smart-home subsystems. This feature may be delivered in the form of a software update for better-designed systems, but some smart-home platforms like Apple’s HomeKit or Google’s Nest may require the garage-door controller system to be accepted by the platform’s vendor.

Conclusion

Although there are 11 systems on the market that link your garage door or gate to your smartphone, the market is still immature and fragmented as is the rest of the “smart-home” product market.

What needs to happen is for companies involved with garage doors and front gates for the residential and small-business market to share knowledge in order to enable the garage door or front gate to be part of the smart home. Manufacturers could sell the technology on a basis that allows different vendors to integrate in to their systems thus allowing for a quicker time-to-market for newer products or a reduced need to “reinvent the wheel”. As far as retailers go, it could include reselling the various systems whether with a new installation or to retrofit to existing installations.

For most of us, it may simply be about inquiring with your garage-door contractor about the existence of Bluetooth-based or Wi-Fi-based garage door controllers and seeking to have them installed.

Send to Kindle

Bluetooth to benefit from speed and range improvements

Articles

Bluetooth is getting big range and speed boosts in 2016 | Engadget

From the horse’s mouth

Bluetooth SIG

Press Release

My Comments

There is some talk about Bluetooth issuing a new major specification that will be tweaked further for the Internet Of Things. There have been some devices that implement Bluetooth 4.0 in this context, primarily in the form of some smart locks, but there are some limitations with operating range for example, especially when these devices work with network bridges to enable cloud-based control and monitoring.

Here they want to pitch it as a competitor to ZIgbee and Z-Wave for “smart-home”, industrial automation and location-based-service applications. The goal with this is to provide an increased operating range (typically 4x the current operating range) and 100% speed improvement but give the devices increased power efficiency. This may allow for operation for a long time like six months on commodity batteries – think of 2 or 3 AA-size or AAA-size Duracells or one coin-size battery of the kind used with watches or car-alarm keyfobs.

Similarly,Bluetooth wants to add “mesh support” where some devices act as radio repeaters for other devices to allow for building-wide coverage. This is something already practised with Zigbee and Z-Wave and could bring about Bluetooth as another option for that smart-home or building-automation system.

But with Bluetooth in the equation, a network bridge for an “Internet Of Things” setup may have to work with Z-Wave, Zigbee and Bluetooth if the goal is to provide an on-ramp to mobile or Internet control. On the other hand, it could be feasible for a device to be designed to work with smartphones and tablets while servicing a building-automation setup, using only one radio transceiver and a well-known data communications standard.

Send to Kindle

A clear reality surfaces with the Internet Of Things

Article

Linksys EA8500 broadband router press picture courtesy of Linksys USA

A tight healthy operating software update cycle can keeep routers and other devices from being part of botnets

Hacked Shopping Mall CCTV Cameras Are Launching DDoS Attacks | Tripwire – The State Of Security

My Comments

What is being highlighted now is that devices that are normally dedicated-purpose devices are becoming more sophisticated in a way that they are effectively computers in their own right. This was highlighted with some network video-surveillance cameras used as part of a shopping mall’s security armour.

What had happened was that these cameras were found to be compromised and loaded with malware so that they also are part of a botnet like what comonly happened in the 2000s where multiple computers loaded with malware were used as part of zombie attacks on one or more targets. In a similar way to a poorly-maintained computer, they were found to run with default passwords of the “admin – admin” kind and were subject to brute-force dictionary attacks.

AVM FRITZ!Box 3490 - Press photo courtesy AVM

AVM FRITZ!Box – self-updating firmware = secure network infrastructure

The article’s author highlighted that there need to be work done concerning dedicated-purpose devices, whether they are the network-infrastructure devices like routers or devices that are part of the “Internet Of Everything”.

Here, the devices need to run constantly-updated software, which is something that is considered necessary if the device is expected to have a long service life. The best example would be some of the routers offered to the European market like the Freebox Révolution or the AVM Fritz!Box where they receive constantly-updated firmware that at least can be downloaded at the click of an option button or, preferably, automatically updated like what happens with Windows and OS X and what is done with recent iterations of the AVM Fritz!Box firmware.

As well, a device’s setup routine should require the user to create secure credentials for the management interface. In some cases, if a device is part of a system, the system-wide management console could exchange system-specific access credentials with the member devices.

What has commonly been said is that the Internet of Things needs to face a severe security incident as a “wake-up call” for such devices to be “designed for security”. This is similar to incidents involving desktop computing, the Internet and mobile computing have served a similar purpose like the way Windows implemented privilege escalation on an as-needed basis since Windows Vista.

Send to Kindle

The electronic door lock becomes more than a door-security device

Article

Vingcard Elsafe Classic hotel room lock

These electronic door locks that hotels use are being seen now also as data-capture tools

Electronic locks as data-analysis tools | Hotel Management

My Comments

A trend that is becoming real is for electronic door locks to serve as sensors or peripherals for other computing applications as well as performing their gatekeeping duties and is going to make this device class become a very important part of the Internet Of Things.

This has been highlighted with the hotel environment because it is often the first place that people experiences these devices when they let themselves in to their hotel room while they stay at their favourite hotel.

An increasing number of these systems work in an “online” fashion where they use technologies like Zigbee to exchange data through the building in a real-time manner. But they also keep operational data like an access log local to the lockset itself.

The new expectations for this class of online-based locking system start with the ability to notify the hotel’s maintenance department if the lockset’s batteries are becoming weak and are able to report system diagnostic issues to this same department if there are other problems. There is also the activity monitoring functionality which can augment how Front Desk or Houskeeping perform their work as well as working alongside energy-management setups to determine occupancy. As well, these locking systems can be seen as a tool to help hoteliers with their job in assuring the safety, security and welfare of their guests such as being able to detect if one or more wrong cards are tried against one or more locks or if a guestroom door is left open.

Personally, I also see the app-based ecosystem place another requirement on these locks where they have to convey user preferences to the other technology in the room. For example, the heating could be set to a particular temperature and fan mode while the clock-radio is set to wake you at a time you have set and the TV lights up and switches to a channel you prefer the moment you tap your phone on the lock and open the door.

The article determined that the core gatekeeping functionality is being reduced to a secondary role and these devices are ending up either as sensors or peripherals for various computer-intelligence systems.

But this same concept could apply to the residential smart lock

But this same concept could apply to the residential smart lock

But could this same trend apply to the new smart locks that are being pitched for the home? In some ways, yes!

Smart locks that connect to the home network and the Internet, typically via a network bridge, will end up being required to support working with a Web-based or mobile-based management dashboard. In some cases, they may be required to notify users of situations like whether a door is left unlocked or not, if a certain person like your teenager has come home or of system-status events like weak batteries.

Another expectation that is being drummed up is for these locks to cause heating and lighting to come on at user-preferred settings courtesy of a home-automation system or turn off the heating when everyone leaves the house. Yale even underscored the idea of one user creating multiple entry codes on their Real Living Connected Deadbolt to support “situation-specific” presets like the possibility of a particular user code that you use when it’s date night. This is because the deadbolt can be linked in to a home-automation system courtesy of an optional Zigbee or Z-Wave module.

Further expectations that would be placed on electronic door-locking devices would include integration with personnel-welfare systems such as ageing at home or independent living for people with mental disorders. Such a system could observe patterns of activity to learn the user’s normal activity pattern such as identifying that the door is opened and closed at particular times, then signal the relatives or a caregiver if activity goes against the grain, such as if there is no activity or a door is left open for too long.

It shows that in some cases, your favourite hotel can be where you find yourself experience a technology that you could end up using at home.

Send to Kindle

Don’t forget about SDIO in the Internet Of Things

SD card

The SD card specification is also an expansion-interface specification

When people talk of the hardware issues concerning the Internet Of Things, a  technology that is being constantly forgotten about is the SDIO expansion connection.

What is the SDIO expansion connection

This is a special SD card slot that also serves as an expansion interface in a similar vein to the PCI Express, miniPCI or ExpressCard slots used on desktop and laptop computers and, in a similar way, the USB port on most computing equipment. There are improved variants based on the iSDIO specification that take the load off the host device and allow it to work at its best.

It does have validity as an expansion interface for low-profile devices due to the size of the standard SD slot and it is then feasible to design add-on peripherals that extend slightly larger than the standard SD card.

But the SDIO technology is sadly being forgotten about as a low-profile expansion interface for many different computing-device applications including the Internet Of Things. This is more so if the goal is to either sell a device at a lower cost with reduced functionality but allow the user to add functionality as they see fit and when they can afford it, or to make a device be “futureproof” and satisfy new requirements.

Where I see SDIO being of value is with wireless network interface cards that add network or other connectivity to a device. This can be performed at the time of the device’s purchase or later on in the device’s lifespan through the user retrofitting a separately-purchased SDIO card in to the device.

An SDIO expansion module wouldn’t take up much room inside the device and can lead to a highly-integrated look for that device. It would appeal to a self-install application where the appliance has a user-accessible compartment like a battery compartment or terminal cover and the user opens this compartment to install the SDIO expansion module. Even a professional-install application can benefit especially if the idea is for a technician to install a highly-comprehensive “upgrade kit” or “functionality kit” in to a major appliance – a circuit board that is part of this kit could have one or more SDIO expansion slots.

This is compared to a USB setup where you need to deal with a relatively-large puck or dongle which can stick out of the device and not provide that finished look. There is also the issue of keeping a USB port open for local ad-hoc mass-storage or input-output requirements.

The issue of being able to add options to an existing device is real when it comes to the “durable” class of devices which are expected to have a very long service life as is expected for most devices targeted at business users or for so-called “white-goods” which are expected to run for at least 7 years, if not 10 years. Here, the ability to add extra functionality to these devices through their lifetime to suit newer needs is important as a way to get the most out of their lifecycle.

Applications

Digital photography

SDIO could benefit digital photography by allowing the user to add a Wi-Fi or Bluetooth SDIO card to a high-end digital camera or camcorder. A similar SDIO slot could be integrated in to a Speedlite flash or advanced LED movie light to allow for remote lighting and camera control courtesy of a Wi-Fi or Bluetooth link. The concept of camera control from a lighting device would appeal to some photographers who have the camera on the tripod with its shutter locked open and take the flash around different angles to illuminate the subject – the wireless link could also serve to remotely control the camera by using a shutter-control button on the flashgun..

This could lead to remote control of the camera using a mobile device with that device’s screen also working as a viewfinder. In the case of video recording, the camera could also share SMPTE timecode data with an audio recorder and, perhaps, another camera to work well with multi-camera or advanced “sound-off-camera” recording setups.

For sharing the finished product, Wi-Fi and Bluetooth cam play their part in this role with the ability to support file transfer to a computer or mobile device. A Wi-Fi setup may also allow the camera to exploit DLNA or Miracast setups to allow one to show the pictures on to a large TV screen. In some cases, a camera may have integrated support for file-share, photo-share or social-network functionality thus using the Wi-Fi or Bluetooth technology simply to upload the pictures or footage.

Electromechanical door locks

These devices, especially the “smart locks” that are starting to appear on the market, could benefit from the SDIO technology. For example, Assa Abloy offers a tubular deadbolt under the Yale and Lockwood brands which supports a “dual-mode” entry system where you can either enter a user code on a touchpad or use the regular key to open it. This deadbolt also has support for a “home automation” network module based on either Zigbee or Z-Wave technology, something that can be achieved by the user sliding that module in to the inside unit to integrate this deadbolt with a home-automation system.

Here, an SDIO slot in the interior unit in these locks can offer this kind of extended functionality. For example, a Bluetooth LE (Bluetooth Smart) SDIO card could make these locks work with platform-based smartphones or a Wi-Fi, Zigbee or Z-Wave SDIO card could integrate them with cloud-based monitoring and management services.

Similarly, this could come in handy with other usage classes like hotels.where, for example, Bluetooth could allow the card-based door lock to become part of the device ecosystem in the guest room. Here, this could be used to reset heating, alarm times, etc to a default setting when a new guest enters the room or implement Bluetooth Beacon technology to add value to conference settings.

Embroidery sewing machines

The premium “embroidery” sewing machines could implement an SDIO slot in order to allow the user to add Wi-Fi or Bluetooth functionality to these units. This would come in handy with firmware updates or to allow the user to upload patterns and OpenType fonts to these machines for use with particular embroidery and monogramming projects.

This latter application comes in to its own as the manufacturers supply “CAD” software with these machines so that people can create their own unique embroidery designs for their special projects.

Here, the SDIO cards could work as a way to network-enable these machines to work with the computer software and the home network.

Large and small household appliances

Companies who sell advanced household appliances and HVAC equipment could use SDIO to add some form of network connectivity after the appliance is installed. Here, the user can be encouraged to see these appliances, which have a service life of at least 7 years if not more, as being future-proof and able to answer current needs and expectations.

This is more so as these appliances move towards “app-cessory” operation where extra functionality is added to these devices courtesy of mobile-platform apps. Similarly, some manufacturers implement this kind of technology to communicate operating information to other appliances. An example of this is some GE washing machines and clothes dryers recently sold to the US market use a wireless link to transmit information about the load just washed to the dryer so that an optimum drying cycle for that load can be determined by that appliance.

This could benefit people who buy mid-tier appliances that are enabled for this kind of connectivity but purchase the SDIO modules and install these modules in the appliances themselves as they see fit.

Conclusion

The SDIO expansion standard can be valued as a option for adding connectivity to the Internet Of Things, whether at the point of purchase or at a later date. It also preserves a highly-integrated fit and finish for the application before and after the upgrade.

Send to Kindle

HP integrates secure firmware practices in to their enterprise laser printers

Article

HP adds protection against firmware attacks to enterprise printers | PC World

My Comments

An issue that has become a reality with dedicated-purpose devices like printers, network infrastructure hardware and the Internet Of Everything is making sure these devices run software that isn’t a threat to their users’ safety and security and the integrity of their users’ data.

Most device manufacturers tackle this through a regular software-update program but this requires users to download and deploy the newer firmware which is the software that runs these devices. It is also the same path where, in some cases, these devices acquire extra functionality. AVM, a German network-hardware manufacturer, took this further by providing automatic updating of their routers’ firmware so users don’t have to worry about making sure their router is up to date and secure.

But Hewlett-Packard have approached this issue from another angle by implementing watchdog procedures that make sure rogue software isn’t installed and running on their devices. Here, the printers implement a detection routine for unauthorised BIOS and firmware modifications in a similar manner to what is implemented with business-grade computers. This effort is based on their experience with developing regular computers including equipment pitched at business and government applications.

Here, when the printer validates the integrity of its BIOS during the start-up phase and loads a clean known-to-be-good copy of the BIOS if the software in the machine is compromised. Then, when the machine loads its firmware, it uses code-signing to verify the integrity of that firmware in a similar manner to what is done with most desktop and mobile operating systems. The firmware also implements an activity checker that identifies if memory operations are “against the grain” similar to well-bred endpoint-protection software. The watchdog software will cause the machine to restart from the known-to-be-good firmware if this happens.

Initially this functionality will be rolled out to this year’s LaserJet Enterprise printers and MFCs with any of the OfficeJet Enterprise X or LaserJet Enterprise machines made since 2011 being able to benefit from some of this functionality courtesy of a software update. There is a wish for this kind of functionality to trickle down to the consumer and small-business desktop printers that HP makes.

What I like of this is that HP has put forward the idea of continual software integrity checking in to embedded and dedicated devices. This isn’t a cure-all for security issues but has to be considered along with a continual software-update cycle. Personally these two mechanisms could be considered important for most dedicated-purpose device applications where compromised software can threaten personal safety, security or privacy; with the best example being Internet routers, modems and gateways.

Send to Kindle