Category: Internet Of Things

Finnish building-management systems cop the brunt of cyberattacks

Article

There needs to be a level of cyber-security awareness regarding the design and maintenance of building-automation systems

There needs to be a level of cyber-security awareness regarding the design and maintenance of building-automation systems

Finns chilling as DDoS knocks out building control system | The Register

My Comments

Two apartment buildings in Finland became victims of distributed denial-of-service attacks which nobbled their building-management systems. This caused the buildings’ central heating and domestic hot water systems to enter a “safety shutdown” mode because the remote management systems were in an endless loop of rebooting and both these systems couldn’t communicate to each other. The residents ended up living in cold apartments and having cold showers because of this failure.

What is being realised is that, as part of the Internet Of Things, building-management equipment is being seen to be vulnerable, due to factors like the poor software maintenance and an attitude against hardening these systems against cyber-attacks. Then there is the issue of what level of degraded-but-safe functionality should exist for these systems if they don’t communicate to a remote management computer. This also includes the ability for the systems themselves to pass alarm information to whoever is in charge.

This situation has called out data-security issues with design and implementation of dedicated-purpose “backbone devices” connected to the Internet; along with the data-security and service-continuity risks associated with cloud-based computing. It is also an issue that is often raised with essential services like electricity, gas and water services or road-traffic management being managed by Internet-connected computers with these computers being vulnerable to cyberattack.

One of the issues raised included the use of firewalls that run up-to-date software and configurations to protect these systems from cyberattack.

I would also look at a level of fail-safe operation for building management systems that can be implemented if the Internet link to remote management computers dies; along with the ability to use cellular-telephony SMS or similar technology to send alarm messages to building management during a link-fail condition. The fail-safe mode could be set up for a goal of “safe, secure, comfortable” quasi-normal operation if the building-local system identifies itself as operating in a safe manner.

Send to Kindle

You could be using your phone to sign in to Facebook on the big screen

Article

Apple TV 4th Generation press picture courtesy of Apple

You could be able to log in to Facebook on this device using your smartphone’s Facebook client

Facebook Login Updated for tvOS, FireTV, Android | AdWeek SocialTimes

From the horse’s mouth

Facebook

Developer News Press Release

Improving Facebook Login For TV and Android

My Comments

A holy grail that is being achieved for online services is to allow users to authenticate with these services when using a device that has a limited user interface.

TV remote control

A typical smart-TV remote control that can only offer “pick-and-choose” or 12-key data entry

An example of this is a Smart TV or set-top device, where the remote control for these devices has a D-pad and a numeric keypad. Similarly, you have a printer where the only interface is a D-pad or touchscreen, with a numeric keypad only for those machines that have fax capabilities.

Here, it would take a long time to enter one’s credentials for these services due to the nature of the interface. This is down to a very small software keyboard on a touchscreen, using “SMS-style” text entry on the keypad or “pick-and-choose” text entry using the D-pad.

Facebook initially looked at this problem by displaying an authentication code on the device’s user interface or printing this code out when you want to use it from that device. Then you go to a Web-enabled computer or mobile device and log in to facebook.com/device and transcribe that code in to the page to authenticate the device with Facebook.

Here, they are realising that these devices have some role with the Social Web, whether to permit single sign-on, allow you to view photos on your account or use it as part of a comment trail. But they also know that most of us are working our Facebook accounts from our smartphones or tablets very frequently and are doing so with their native mobile client app.

But they are taking a leaf out of DIAL (DIscovery And Launch) which is being used as a way to permit us to throw YouTube or Netflix sessions that we start on our mobile devices to the big screen via our home networks. It avoids a long rigmarole of finding a “pairing screen” on both the large-screen and mobile apps, then transcribing a PIN or association code from the large screen to the mobile client to be able to have it on the TV screen,

This is where you will end up authenticating that big-screen app's Facebook login request

This is where you will end up authenticating that big-screen app’s Facebook login request

What Facebook are now doing for the 4th generation Apple TV (tvOS) and Android-based TV/video peripheral platforms (Android TV / Amazon FireTV) is to use the mobile client app to authenticate.

Here, you use a newer version of the Facebook mobile client, the Facebook Lite client or the Google Chrome Custom Tabs to authenticate with the big screen across the home network. The TV or set-top device, along with the mobile device running the Facebook mobile client both have to be on the same logical network which would represent most small networks. It is irrespective of how each device is physically connected to the network such as a mobile device using Wi-Fi wireless and the Apple TV connected via HomePlug AV500 powerline to the router for reliability.

What will happen is that the TV app that wants to use Facebook will show an authentication code on the screen. Then you go to the “hamburger” icon in your Facebook mobile client and select “Device Requests” under Apps. There will be a description of the app and the device that is wanting you to log in, along with the authentication code you saw an the TV screen. Once you are sure, you would tap “Confirm” to effectively log in from the big screen.

At the moment, this functionality is being rolled out to tvOS and Android-based devices with them being the first two to support the addition and improvement of application programming interfaces. But I would see this being rolled out for more of the Smart TV, set-top box and similar device platforms as Facebook works through them all.

Spotify login screen

This kind of single-sign-on could apply to your Smart TV

One issue that may have to crop up would be to cater for group scenarios, which is a reality with consumer electronics that end up being used by all of the household. Here, software developers may want to allow multiple people to log in on the same device, which may be considered important for games with a multiplayer element, or to allow multiple users to be logged in but with one user having priority over the device at a particular time like during an on-screen poll or with a photo app.

Another question that could be raised is where Facebook is used as the “hub” of a user’s single-sign-on experience. Here, an increasing number of online services including games are implementing Facebook as one of the “social sign-on” options and the improved sign-on experience for devices could be implemented as a way to permit this form of social sign-on across the apps and services offered on a Smart TV for example. It could subsequently be feasible to persist current login / logout / active-user status across one device with all the apps following that status.

Other social-media, messaging or similar platforms can use this technology as a way to simplify the login process for client-side devices that use very limited user interfaces. This is especially where the smartphone becomes the core device where the user base interacts with these platforms frequently.

Send to Kindle

EU wants to establish a security baseline for Internet Of Things

Article

Netgear DG834G ADSL2 wireless router

The security of network connectivity equipment is now in question thanks to the Krebs On Security DDoS attack

The EU’s latest idea to secure the Internet of Things? Sticky labels | Naked Security Blog

My Comments

The European Commission wants to push forward with a set of minimum standards for data security especially in context with “dedicated-function” devices including the “Internet Of Things” or “Internet Of Everything”. This also includes a simplified consumer-facing product-label system along with a customer-education program very similar to what has taken place in most countries concerning the energy efficiency of the appliances or the nutritional value of the foodstuffs we purchase.

This issue has been driven by a recent cyber attack on the Krebs On Security blog where the “Mirai” botnet was used to overload that security blog, the latest in a string of many attacks that were inflicted against data-security journalist Brian Krebs. But this botnet was hosted not on regular computers that were running malware downloaded from questionable Internet sites, nor was it hosted on Web hosts that were serving small-time Websites running a popular content management system. It was based on poorly-secured “dedicated-function” devices like network-infrastructure devices, video-surveillance devices, printers and “Internet Of Things” devices that had their firmware meddled with.

Nest Learning Thermostat courtesy of Nest Labs

… as could other Internet-Of-Things devices like these room thermostats

There will be issues that concern how we set network-enabled equipment up to operate securely along with the level of software maintenance that takes place for their firmware. A question always raised in this context is the setup or installation procedure that you perform when you first use these devices – whether this should be about a “default-for-security” procedure like requiring an administrator password of sufficient strength to be set before you can use the device.

But I also see another question concerning the “durables” class of equipment like refrigerators, televisions, building security and the like which is expected to be pushed on for a long time, typically past the time that a manufacturer would cease providing support for it. What needs to happen is an approach towards keeping the software maintained such as, perhaps, open-sourcing it or establishing a baseline software for that device.

Manufacturers could be researching ways to implement centralised simplified secure setup for consumer “Internet-Of-Things” devices along with maintaining the software that comes with these devices. This could be also about working on these issues with industry associations so that this kind of management can work industry-wide.

But the certification and distinct labelling requirement could be about enforcing secure-by-design approaches so that customers prefer hardware that has this quality. Similarly, a distinct label could be implemented to show that a device benefits from regular secure software maintenance so that it is protected against newer threats.

It usually just requires something to happen in a significant manner to be a wake-up call regarding computer and data security. But once a standard is worked out, it could answer the question of keeping “dedicated-purpose” computing devices secure.

Send to Kindle

August responds to its smart lock’s security weaknesses by patching its software

Article August Smart Lock press picture courtesy of August

IoT manufacturer caught fixing security holes | The Register

Here’s what happened when someone hacked the August Smart Lock | CNet

My Comments

The Internet Of Things, along with network hardware focused at consumers and small businesses, has been considered a thorn in the side of people who are involved with data security. This is because of a poor software-maintenance cycle associated with these devices along with customers not installing new software updates for these devices.

Recently, at the DEFCON “hack-a-thon” conference in Las Vegas, a few of the smart locks were found to have software weaknesses that made them vulnerable.

But August, who makes one of these smart locks which are retrofitted to existing “bore-through” single-cylinder tubular deadbolts, answered this issue in a manner that is considered out-of-place for the “Internet Of Things”. Here, they issued software patches to rectify these security issues and offered them as a user-downloadable firmware update.

What is a sad reality for a lot of these devices is that the manufacturer rarely maintains the firmware that runs these devices, if not at all. Some manufacturers think that this practice is about having to “add functionality” to these devices which they would rather do with subsequent models or product generations. But this kind of updating is about making sure that the software ecosystem associated with the product is secure and stable with all the “bugs” ironed out. Similarly, it is also about making sure that the product is complying with industry standards and specifications so as to work properly with other devices.

August uses the latest iterations of their smartphone apps to deploy the firmware updates to their products, typically requiring that you place your phone with the app running near the door that is equipped with these locks.

The computing security industry and computing press congratulated August on responding to the security weakness in its products through a firmware update with “The Register” describing it as being beyond the norm for the “Internet Of Everything”. But they wanted more in the form of them disclosing the nature of the threats in the lock’s firmware in a similar manner to how Microsoft, Google or Apple would disclose weaknesses in their operating-system software.

This issue also is something that is applying to home-network equipment like routers, along with toys and games that connect to the Internet. What is being called out for is a feedback loop where bugs and other software deficiencies in all these devices are called out and a simplified, if not automatic, in-field software-update process takes place whenever newer firmware that answers these problems is released. This also includes the manufacturers disclosing the security issues that have been found and explaining to customers how to mitigate the risks or update the affected software.

Send to Kindle

Qarnot uses computers to provide free room heat for buildings

Qarnot Q.Rad press image courtesy of Qarnot

Qarnot Q.rad heater is actually a computer

One of the common ways of using electricity to provide room heat in a building is to use a panel or column heater that has a material like oil heated by an electric element.A variant that existed in the UK and, to some extent, Australia was a “storage heater” or “heat bank” that used a heavier material like bricks that stored more heat and was heated during overnight when the power was cheaper. Then this material diffuses this heat in to the room. These kind of heaters are able to provide this diffused heat to take the chill off a room but were expensive to run.

But Qarnot, a French cloud-computing firm, have looked at the issue of using the waste heat from a computer integrated in this heater to heat a room or building. Here, they have designed the Q.Rad which connects to your home network and electrical power and works as a data-server for their distributed-computing effort while using the waste heat to heat a room.

It also implements an integrated power meter so that you can be reimbursed for the power that it uses as part of the cloud-computing network, effectively providing “free heat”. But a question that can be raised for implementation in markets like Australia, New Zealand or, increasingly, the USA is the requirement to calculate transferred data and establish a mechanism to refund users’ bandwidth charges for this data. This is because of the practice where ISPs are either charging for data transferred or throttling users’ bandwidth if they transfer more than an allotted amount of data.

Qarnot Q.Rad exploded view press image courtesy of Qarnot

Processing power inside this heater – the waste heat from that goes to keeping you warm

The data that Qarnot processes using these heaters is typically for the likes of research labs, banks and animation studios where they “offload” calculations in to this cloud-computing array. They also have the ability to seek out distributed-computing research projects of the SETI or Folding@Home kind to keep the network alive and generating heat where needed. For data security, these heaters don’t implement any storage for the distributed-computing client’s data while implementing end-to-end encryption for this data,

Qarnot will implement an “upgrade and replace” program so that higher-speed processors are used in the Q.Rad computing heaters and there is the ability to deal with failed equipment quickly and easily to assure high availability.

Householders are still able to adjust the heater to their preferred comfort level and make it reflect their lifestyle by using a smartphone app or the controls on the heater. This kind of thermostatic control is achieved by deflecting some of the workload away from the heater that is not needed when there isn’t the need for heat output.

They rate the output of a single unit to around 500 watts which would cover a 150-300 foot area in an insulated building. Qarnot are also pitching these heaters as part of the smart-building concept by having them able to be equipped with sensors and being programmable for any IoT / building-automation application. Similarly, Qarnot have added functionality like USB or Qi wireless charging to these heaters so users can charge mobile devices on them.

At the moment, these heaters are being issued to large buildings in Europe and the USA where 20 units or more need to be deployed. But in 2017, Qarnot wants to release these heaters to individuals who want to take advantage of this heating concept. For householders, this may be seen as being advantageous for “always-needed low-output” heating applications such as kitchens, downstairs areas in split-level houses and similar areas.

In some cases, Qarnot could make it feasible to have the Q.Rad heaters provide services to a network, whether as a router, NAS, home-automation hub or something similar. This could be achieved through the use of extra hardware or software to fulfil these tasks.

What Qarnot has done is to harvest waste heat from computing processes and use this for heating rooms in buildings with little cost to the building owner.

Send to Kindle

Telstra joins the smart-home bandwagon

Article

Telstra Is Launching A Smart Homes Monitoring System | Lifehacker Australia

Telstra Has A Smart Home Monitoring System Coming Later This Year | Gizmodo

From the horse’s mouth

Telstra

Press Release

My Comments

What can a telco, pay-TV provider or ISP do when they face competition in the Internet-service, pay-TV, mobile communications or similar markets? Some of them have looked towards contributing to the smart-home market, whether offering their own service or rebranding a service offered by a specialist company under their own label.

Telstra is the latest to engage in this practice by offering a subscription smart-home service. Here, they will offer a “Watch and Monitor” security-focused service and an “Automation and Energy” home-automation service. This will be about ideas like knowing things like if a particular person has come home or whether that door that is meant to be locked is locked or whether that appliance like the iron is on or off. It can also be about having the heating turned down when no-one is up and around.

The hardware links to your home network and the Internet via Wi-Fi but most likely may use the Zigbee technology as the “low-power” wireless backbone. Each system will have a “Smart Home Hub” which links all the devices together and to the Internet and you will find that an iOS or Android mobile-platform app or a Web-based user interface will be the main control surface.

The Wi-Fi link also serves an indoor network camera and an outdoor network camera, both of which are HD-capable. There is a smart-thermostat kit which will link to your home’s heating and cooling system which may apply to those of us who use a central heating or cooling system of some sort. Telstra are also offering the Lockwood smart deadbolt which is like the Yale Real Living Connected Deadbolt that comes from ASSA Abloy. There are also the Sengled Element LED touch smart lights which are intended as replacements for most light-bulb setups along with a smart power plug that monitors current being used along with the ability to turn the appliance on or off.

Other sensors include a window sensor, a door sensor which is a magnet-reed contact sensor and a wide-beam PIR sensor that can be set up for “pet-alley” mode with all these devices talking to the Smart Hub wirelessly most likely via Zigbee technology.

Of course, like a lot of these home-automation systems, it will be a self-install package but Telstra may point you towards specialists who can help you with installation and setup requirements.

The system, which will be offered to customers irrespective of whether they maintain a Telstra communications service or not, is intended to be launched later this year.

Personally, I would like to see Telstra offer the subscription-based service as part of a cost-effective “multiple-play” telecommunications + entertainment service for those customers who value the idea of having “many eggs in one basket” by concentrating their business with one provider.

Send to Kindle

A call-for-help program has been developed for Microsoft Band

Article

Microsoft Band App Provides Discreet Reporting For Domestic Violence  | SuperSite For Windows

Previous coverage on this topic

Doncare has launched a mobile-phone app to help people in domestic-violence situations

From the horse’s mouth

Band Aid

Home Page

My Comments

Previously, I had given some space to an iOS mobile-platform app written in conjunction with Doncare Community Services in Doncaster to provide domestic-violence survivors access to the necessary information. This app provide the one-stop information shop functionality but could be quickly deleted from a mobile device if the user is in danger of ending up in trouble for seeking help, which can happen in an abusive relationship.

For those of you who are based in the UK, this has recently become a cause celebre thanks to it being woven in to BBC’s “The Archers” radio serial which highlighted an abusive relationship that was taking place in to one of its storylines.

But another project has been finished where a wearable is used as a tool for summoning help in these situations.  This is in the form of “Band Aid” which is an app that works with the Microsoft Band to detect when the wearer is under undue stress and invite them to have the paired smartphone call the national emergency-services number or a user-determined help number like a trusted friend or domestic-violence helpline. The user can override the software to bypass stress-sensing during exercise or similar situations.

There is further development taking place with this software such as working alongside support and refuge centres for domestic and relationship violence sufferers. There is also some work taking place with “social listening” and machine-learning to identify the behaviour of one who is under threat.

The “Band Aid” project has been developed as part of the “HackForHer” hackathon which is a programming challenge for software solutions that can help and enable women. Here, these kind of hackathons can flesh out ways that technology can help particular user groups in particular situations.

Personally, I would like to see this program be “taken further” to facilitate help in other situations like independent ageing (fall detection), living with chronic illnesses with a high fall risk like diabetes or epilepsy, or living with mental illnesses. The sensors in wearables like the Microsoft Band, the Apple Watch and the Android Wear smartwatches are able to monitor body signs along with the wearable’s gyroscope sensor being able to detect falls and similar situations while machine learning that is part of the software can identify what is normal compared to what is abnormal.

Here, it could detect if one is about to have a diabetic coma or epileptic seizure, or needs help because they as an old person fell. Having this kind of software work with the “Internet Of Everything” can work well for identifying risk-taking behaviour such as a person who is living alone not entering the kitchen to feed themselves or making sure that a person has taken medicines that they have to take.

What is happening is that it is the first time devices in the platform wearables or Internet-Of-Things class, along with the concept of machine learning, are being exploited as a personal-welfare device rather than as a wellness or “keep-fit” device. Here, this avoids the need to wear extra clutter to achieve a goal of ideal personal safety or health.

Send to Kindle

Controlling your garage door or gate from your smartphone

Relevant article:

Detached garage

Very soon your smartphone could control your garage door

Smart Garage Door Systems | Postscapes

Introduction

A feature that is available for your remote-controlled garage door or gate is the ability for you to control it using your smartphone. But this feature is primarily available from a few American-based home-automation manufacturers with some companies who sell garage-door openers offering add-on kits for their products to enable them to have this functionality. This is while the rest of these vendors offer them as a kit that is retrofitted to an existing garage-door opener or gate controller.

What do they offer?

Your smartphone is your garage door remote control

Smartphone and garage door transmitter

This Android smartphone could supplant that garage door opener

This avoids the need for you to fossick for a garage-door opener transmitter or worry whether the transmitter’s battery has died when you leave or arrive and some of these systems may have the ability to let you know if that garage door is actually closed or not. This may avoid the need to glance nervously in the rear-vision mirror when you leave to see if that door is closing as I have seen someone that I have known do when they and I left their house in their car, or to turn around to check if that gate is properly closed.

There is also the opportunity for the software developer who write the smartphone apps for these garage door controllers to exploit your smartphone platform’s abilities like asking your platform’s voice-driven personal assistant (Siri, Google Now, Cortana) whether the garage door’s open or not or telling it to close the door. Similar you can set a notification to pop up using your smartphone platform’s notification interface if certain conditions are met like the garage door being open too long or at odd hours.

Wrought iron gates

Even wrought-iron gates like these can be controlled with your smartphone

The software developers can even provide support for the in-car or smartwatch interfaces that are an extension of these mobile operating systems so that your CarPlay or Android Auto infotainment setup in the car, or your Apple Watch or Android Wear smartwatch is your key to your garage door or gate.

Increased security and manageability

All these garage door controllers have similar functionality to a smart lock where you can issue extra keys to other people yet have the ability to take the keys away from them or provide limited usage periods for these keys.

For example, you could allow your houseguests to have access to the garage or give the keys to a friend who is storing their car in your garage. Similarly, you could allow your nanny to have access to your property through the front gates for the duration of her shift.

You gain this functionality through the mobile-platform app or a Web-based dashboard in the case of those systems that connect to your home network. In a lot of cases, the latter example allows you to manage your garage from another Internet-connected computer like your workplace’s computer.

How do they work

Connecting to the garage door or gate opener

Most of these systems are designed to work on a universal-connection setup where the smartphone controller interface mimics the manual pushbutton that is used to open the garage door from inside. This is achieved through a relay (your car has these to control the headlights, horn or starter motor from the switches on the dashboard) or an optocoupler which has its switching contacts wired in parallel to the manual pushbutton and these are brought closed for a short moment when the controller wants the door opened or closed. This action causes the garage door or the gates to start opening or closing depending on their current position. The setup allows for the circuits in both the devices to be isolated thus reducing the risk of cross-voltage damage occurring while allowing for this control.

The systems that support Wi-Fi-based connectivity also provide the ability to work with a sensor that determines whether the garage door is open or closed. This allows them to report on this status either in an event-driven manner or under control of the controller’s app. This goal can be achieved using a wireless sensor that uses an integrated tilt switch and is attached to your single-panel or multi-panel lift-up garage door; or the better units may simply allow you to connect a door-contact switch to the garage door. This can work well with roller doors, sliding or swing doors including gates.

A few of these systems even have their own video-surveillance camera or can work with IP-based video-surveillance cameras so you can see if the garage door is opening or closing as well as knowing if anyone is in the garage. Some of them also offer a visual and/or audio alert so you and others know if the garage door or gate is being opened or closed, with this functionality being offered as a “get-out-of-the-way” safety warning.

The GoGoGate controller allows for increased flexibility by permitting different wiring scenarios like a separate “open” and “close” button which may be encountered with more advanced setups. On the other hand, some garage-door-opener manufacturers may offer kits that enable you to control their products from your smartphone.

An issue that may plague a lot of these controllers is that they aren’t weatherproof to outdoor conditions and installers may have to house them in weatherproof housings if they want to use them with gates.

Connecting to your smartphone

Some of these garage door controllers connect to your smartphone using a Bluetooth 4.0 interface while most of the others use a Wi-FI network interface that is linked to your home network’s Wi-Fi segment.

A few of the controllers also offer an “own-access-point” mode where they serve as their own Wi-Fi access point just for controlling your garage door or gates. In this latter case, you have to make sure your smartphone discovers and switches to that network before you can control your garage door.

Some of the controllers like the GoGoGate system may even provide for Ethernet connectivity, perhaps in the form of using an Ethernet-based USB network adaptor. This feature cannot be discounted because it can allow the use of HomePlug AV500 or HomePlug AV2 powerline adaptors to provide a reliable network link to the home network and the Internet. Use this with a HomePlug Wi-Fi access point and you could assure reliable remote access from your car outside the garage or front gates.

Software

All of the smartphone-capable garage door controllers, like other home-automation devices, rely on control apps that are peculiar to a vendor’s controller system.

They will allow you to control multiple garage doors as long as the controllers are from the same vendor. The software even allows for property-level grouping and caters toward garages which have two or three separately-opened doors. So this means that you don’t need to install a new app for each door.

The Wi-Fi-based systems that connect to your home network also work with a management Website so you can see access logs or manage your system from a regular computer. Some of them also link to a remote-access server which would be referred to as a “cloud” setup, typically established by the vendor. This would allow for functions like email alerts or the ability to open or close your garage door from work.

Another feature to expect for some of these connected garage-door-controller systems is the ability to integrate with smart-home subsystems. This feature may be delivered in the form of a software update for better-designed systems, but some smart-home platforms like Apple’s HomeKit or Google’s Nest may require the garage-door controller system to be accepted by the platform’s vendor.

Conclusion

Although there are 11 systems on the market that link your garage door or gate to your smartphone, the market is still immature and fragmented as is the rest of the “smart-home” product market.

What needs to happen is for companies involved with garage doors and front gates for the residential and small-business market to share knowledge in order to enable the garage door or front gate to be part of the smart home. Manufacturers could sell the technology on a basis that allows different vendors to integrate in to their systems thus allowing for a quicker time-to-market for newer products or a reduced need to “reinvent the wheel”. As far as retailers go, it could include reselling the various systems whether with a new installation or to retrofit to existing installations.

For most of us, it may simply be about inquiring with your garage-door contractor about the existence of Bluetooth-based or Wi-Fi-based garage door controllers and seeking to have them installed.

Send to Kindle

Bluetooth to benefit from speed and range improvements

Articles

Bluetooth is getting big range and speed boosts in 2016 | Engadget

From the horse’s mouth

Bluetooth SIG

Press Release

My Comments

There is some talk about Bluetooth issuing a new major specification that will be tweaked further for the Internet Of Things. There have been some devices that implement Bluetooth 4.0 in this context, primarily in the form of some smart locks, but there are some limitations with operating range for example, especially when these devices work with network bridges to enable cloud-based control and monitoring.

Here they want to pitch it as a competitor to ZIgbee and Z-Wave for “smart-home”, industrial automation and location-based-service applications. The goal with this is to provide an increased operating range (typically 4x the current operating range) and 100% speed improvement but give the devices increased power efficiency. This may allow for operation for a long time like six months on commodity batteries – think of 2 or 3 AA-size or AAA-size Duracells or one coin-size battery of the kind used with watches or car-alarm keyfobs.

Similarly,Bluetooth wants to add “mesh support” where some devices act as radio repeaters for other devices to allow for building-wide coverage. This is something already practised with Zigbee and Z-Wave and could bring about Bluetooth as another option for that smart-home or building-automation system.

But with Bluetooth in the equation, a network bridge for an “Internet Of Things” setup may have to work with Z-Wave, Zigbee and Bluetooth if the goal is to provide an on-ramp to mobile or Internet control. On the other hand, it could be feasible for a device to be designed to work with smartphones and tablets while servicing a building-automation setup, using only one radio transceiver and a well-known data communications standard.

Send to Kindle

A clear reality surfaces with the Internet Of Things

Article

Linksys EA8500 broadband router press picture courtesy of Linksys USA

A tight healthy operating software update cycle can keeep routers and other devices from being part of botnets

Hacked Shopping Mall CCTV Cameras Are Launching DDoS Attacks | Tripwire – The State Of Security

My Comments

What is being highlighted now is that devices that are normally dedicated-purpose devices are becoming more sophisticated in a way that they are effectively computers in their own right. This was highlighted with some network video-surveillance cameras used as part of a shopping mall’s security armour.

What had happened was that these cameras were found to be compromised and loaded with malware so that they also are part of a botnet like what comonly happened in the 2000s where multiple computers loaded with malware were used as part of zombie attacks on one or more targets. In a similar way to a poorly-maintained computer, they were found to run with default passwords of the “admin – admin” kind and were subject to brute-force dictionary attacks.

AVM FRITZ!Box 3490 - Press photo courtesy AVM

AVM FRITZ!Box – self-updating firmware = secure network infrastructure

The article’s author highlighted that there need to be work done concerning dedicated-purpose devices, whether they are the network-infrastructure devices like routers or devices that are part of the “Internet Of Everything”.

Here, the devices need to run constantly-updated software, which is something that is considered necessary if the device is expected to have a long service life. The best example would be some of the routers offered to the European market like the Freebox Révolution or the AVM Fritz!Box where they receive constantly-updated firmware that at least can be downloaded at the click of an option button or, preferably, automatically updated like what happens with Windows and OS X and what is done with recent iterations of the AVM Fritz!Box firmware.

As well, a device’s setup routine should require the user to create secure credentials for the management interface. In some cases, if a device is part of a system, the system-wide management console could exchange system-specific access credentials with the member devices.

What has commonly been said is that the Internet of Things needs to face a severe security incident as a “wake-up call” for such devices to be “designed for security”. This is similar to incidents involving desktop computing, the Internet and mobile computing have served a similar purpose like the way Windows implemented privilege escalation on an as-needed basis since Windows Vista.

Send to Kindle