Category: Internet Of Things

A four-horse race for voice-driven home assistants

Articles

Apple Homepod smart speaker press picture courtesy of Apple Inc.

Apple Homepod smart speaker – a competitor to Amazon, Google and Microsoft

Apple readying Siri-powered home assistant: report | Yaho 7 News

From the horse’s mouth

Apple

Press Release

My Comments

The voice-driven home assistant has approached a point of competition where there are four different actors involved.

This class of computing device is based around a speakerphone-type device that can respond to your voice by answering questions you put to it cause certain actions to occur at your command. It was initially brought on by Amazon with their Echo speaker and Alexa voice assistant, but was subsequently answered by Google with their Home speaker based on their Google Now platform.

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

The Amazon Alexa platform now faces some healthy competition from Apple as well

Very recently Microsoft touted one of these speakers that is based on the Cortana voice-driven personal assistant platform. Not to be outdone, Apple just announced a smart speaker and voice-driven home assistant based on their Siri voice-driven personal assistant.

All of these companies have positioned themselves in a highly-competitive manner by using the same approach to how they present their devices. Here, they allow independent hardware vendors to license these technologies to use in their own “smart-speaker” or similar products. In the case of Amazon Alexa and Microsoft Cortana, these systems can even show information in a visual manner on screen-equipped devices, whether that be in the form of a listing or a graphical “at-a-glance” display.

Harman Invoke Cortana-driven smart speaker press picture courtesy of Harman International

Harman Invoke Cortana-driven smart speaker

Similarly, they have extended their voice-driven assistant platforms by allowing third parties to add “skills” to them whether in the near term or later. These are additional abilities that users can add to their voice-driven assistant to make it perform additional tasks or interface with other devices. It also underscores the activity that these platform vendors are undertaking to integrated their voice-driven home assistant with home-automation and allied devices, allowing for things like dimming the lights or adjusting the heating at your command.

Let’s not forget that Amazon, Microsoft and Apple have over-the-top communications platforms equipped with videocall and messaging abilities that either are or will be integrated to their voice-driven home-assistant platforms. Amazon created their Alexa-based IP-telephony platform from scratch, adding it to the crowded sea of IP-communications platforms so it can tie in with their Alexa home-assistant platform. It could allow for you to ask Alexa, Cortana or Siri to immediately “drop a line” to someone using Alexa Messaging, Skype or iMessage / Facetime respectively. You could even use this to instantiate a videocall between yourself and your correspondent if both of you are using suitable equipment.

What do I see of this? Personally, I would find that hardware manufacturers such as the respected audio-equipment names may offer smart speakers and similar equipment that works across multiple platforms, requiring the user to determine which platform they want to use during setup or at a later time. Similar software developers who write interfaces for online service may be required to write “skills” for each of the platforms.

I also see it as being very similar to 1989 when there were multiple graphic-user-interfaces on the market with each computer platform having its own mouse-driven interface. Hello to “Hey Siri”, “Hi Cortana”, “OK Google” or “Alexa” to dim those lights, close that garage, start Spotify or whatever as you talk to that speaker.

You don’t need to use an iOS or Android smartphone to manage Amazon Echo

Article

Dell XPS 13 Kaby Lake Ultrabook

You can set up an Amazon Echo with just this kind of computer

How to set up a smart home using Windows 10 and Amazon Echo | Windows Central

My Comments

If you are dabbling with the idea of a voice-controlled smart-home assistant, you may find that some of these setups are dependent on you running an app on an iOS or Android mobile device to set them up or manage them. There are some users out there who may not be able to or want to use a mobile device that works on those two platforms.

For example, there are people like a lot of the older generation who prefer to work with a baseline mobile phone or a landline phone service as well as a regular computer for the communications and personal IT needs. There are also some of us who run a smartphone that is based on Windows 10 Mobile or a similar platform.

This is not so with the Amazon Echo and most other devices that work on the Amazon Alexa platform. When they are in action, they are not dependent on you running a mobile-platform app to have them work properly, rather you just talk to Alexa, the voice-driven home assistant. It is also underscored by the fact that you could purchase the Amazon Echo Dot module which works with a set of powered speakers or a stereo system equipped with an AUX or similar line-level input for US$49.

Most of this interaction in managing your Amazon Echo devices is through the Alexa website (http://alexa.amazon.com), which you can visit using any Web browser.

Adding Amazon Echo devices

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

This Echo doesn’t need to be managed by an iPhone or Android smartphone

Other Alexa-based devices may work through a different setup procedure, perhaps through an on-device Website, Android / iOS mobile app or the device’s control surface.

  • If you are adding an Echo device, you just need to log in with your Amazon account credentials. Then plug in and turn on your Amazon Echo device.
  • The ring light on your Amazon Echo device will glow orange while it is listed on the abovementioned Web site. This is also because the Echo device is pre-registered to your Amazon account when you bought it through Amazon.
  • You may then have to click the “Set up a new device” option to start enrolling it with your home network. On the other hand, you may just need to proceed to the next step.
  • Then you hold down the Action button on the Echo device for five seconds. This is whereupon you will see a list of Wi-Fi networks that the Echo can connect to.
  • Here, you select your home network’s SSID (Wi-Fi network name) and click Connect. You may be asked for your network’s Wi-Fi password which you subsequently enter to come on board. There is an option for this to be saved securely to your Amazon account, which can come in handy if you are dealing with multiple Echo devices.
  • Once the ring light is blue, feel free to talk to Alexa.

Managing Skills and Smart Home devices

The Amazon Alexa Website is also where you can manage what your Amazon Echo or Alexa-compliant device does.

The Skills option allows you to add “skills” which provide an audio-based link to various smart-home hardware and online services. This can also include the ability to book a Uber or other taxi/hire-car service that has a suitable Alexa Skill for example.

As well, some smart-home devices that you add to your home network whether directly or via a hub cam be detected by the Amazon Echo through the “Smart Home” option in the Alexa Webpage.

To get the best out of this resource, create a Favourite / Bookmark in your Web browser or a desktop or similar shortcut in your operating system to the Amazon Alexa Website so you know where to go if you want to manage that Echo or add that Alexa Skill.

But you are not needing to use a mobile-platform app to have your Alexa-based devices how you want, rather simply using your favourite Web browser on your favourite computer device.

Designing for highly-compatible Internet Of Things

Article

D-Link DCH-3150 myDLink motion sensor

Smart Home and Internet Of Things devices need to be designed for compatibility and security before they become popular

How to bring true interoperability to the Internet of Things | Network World

My Comments

Increasingly, the concept of the “smart home” or Internet Of Things is becoming very real. Here, we are seeing a lot more consumer-electronics devices, home appliances and similar devices become connected to the home network and the Internet.

The “app-cessory” approach to network-controlled devices, where the only way to control these devices via your home network is through a manufacturer-supplied mobile-platform app, has now had its day. This typically asked that the device to be connected to your iOS or Android smartphone or tablet using one of three paths: a Bluetooth connection to the mobile device in the same vein as a Bluetooth headset; a Wi-Fi network created by the device that is controlled by the mobile-platform device; or the home network’s Wi-Fi segment.

The trend that is affecting these devices is to interlink them with a platform-based voice-driven “home assistant” of the Amazon Alexa or Google Home ilk. Here, the requirement is for the manufacturer to provide a “skill” or something similar to the “home-assistant” platform so that Alexa, for example, can interact with the device.

But the article is now highlighting the requirement for increased compatibility with the Internet Of Things. This is where the same device can operate across a range of different network setups and operating platforms.

Use of highly-capable hardware interfaces at the media-connection level

A direction that has assured “out-of-the-box” interoperability for regular-class and mobile-class computer devices along with an increasing number of consumer-electronics devices is to implement one or more multi-mode front-ends when handling the different interface types.

In the case of radio, it can mean being able to handle Wi-Fi, Bluetooth, Zigbee or similar technologies concurrently.With the wired networks, it would be about working with different media protocols over the same kind of wire, being Cat5 unshielded twisted pair, TV-antenna coaxial cable, AC wires used to power your appliances or traditional telephone wires.

Devolo Home Control Central Unit (Zentrale) press photo courtesy of Devolo

Devolo Home Control Central unit connected to router

In the case of a wireless connection, this is represented by the use of Bluetooth for peripheral-class device connection and Wi-Fi wireless networking to the latest standard for connecting to the home network and the Internet. Smartphones and some tablets will also implement a mobile-broadband modem that works across recent cellular mobile-telephony standards as well. As well, some consumer-electronics devices may implement a multifunction radio front-end that supports Zigbee or Z-Wave, typically to provide support for an RF-based remote control.

There are a significant number of “smart-home” or “Internet Of Things” devices that are designed to work solely with Bluetooth, Zigbee or Z-Wave. Examples of these range from temperature sensors, smart locks and movement sensors. These devices, typically battery-operated devices, use one of these technologies because of the fact that they are very thrifty on battery power thus allowing them to work on up to 3 AA Duracells or a 3V “pill-size” battery for months at an end or to work only on “harvested” power like kinetic energy.

But, if they want to liaise with your home network and the Internet, they have to deal with a gateway device that links between them and the home network. It is because, at the time of writing, no-one has effectively brought a Wi-Fi-capable single-mode or multimode radio front-end chipset that permits a battery-operated device to work in a power-efficient manner.

But another approach being called for is to have an Internet gateway device i.e. a home or small-business router being equipped with support for Bluetooth, Zigbee and / or Z-Wave along with Wi-Fi and Cat5 Ethernet for the home network. To the same extent, a Wi-Fi infrastructure device like an access point or range extender could simply be a bridge between other radio-network types like Zigbee or Bluetooth and the home network facilitated by the Wi-Fi or wired home-network connection.

Some manufacturers even have an “IoT hub” or gateway that links their Bluetooth, Zigbee or Z-Wave devices to your home network via an Ethernet connection. Here, this is offered as part of enabling their devices for online control via a Web dashboard or mobile-platform app. The current situation with most of these hubs is that they have the online-service hub that works with the manufacturer’s device.

There needs to be the ability to facilitate setups involving multiple gateways that link the home network with Zigbee or similar “IoT” radio segments. This is a reality with most of these devices being limited in their radio coverage in order to conserve battery power because they are expected to run on a commodity battery supply like two or three AA Duracells for months at a time or, in some cases, work on harvested electrical energy. You may find that having one of the gateways located near an IoT endpoint device like a smart lock may assure reliable connected operation from that device.

In these setups, there needs to be the ability to see a collection of these “IoT-specific” radio segments as one logical segment, along with the ability to discover and enumerate each device no matter which gateway or bridge device it is connected to and what kind of networks is used as the backbone.

Flexible software to the application level

Kwikset Kevo cylindrical deadbolt in use - Kwikset press image

To provide extended monitoring and control to the Kwikset Kevo deadbolt, you have to use a Bluetooth bridge supplied by Kwikset

Another issue raised regarding the Internet Of Things is compatibility across multiple software platforms and protocols.

A design practice that has been known to be successful was for recent network-connected home-AV equipment like Wi-Fi wireless speakers to support Apple AirPlay, Google Chromecast and DLNA “out of the box”. Here, you could stream content to these devices using most computer devices, whether it be your iPhone, Android tablet or Windows computer, or whether it is hosted on your NAS device.

Here, the goal is for a device to support many different software platforms, frameworks and protocols that are needed to do its job. To the same extent, it could be feasible for a device to work with different cloud services like Google Home, Amazon Alexa or IFTTT. What this can mean is that a device can work with different control and display surfaces from different manufacturers. It also means that the data that a piece of equipment shares is set in a known standard so that any software developer working on an IoT project can make use of this data in their code.

For example, the Open Connectivity Foundation’s standards which include the UPnP standards and are supported by the “open-frame” computing community, along with the Apple HomeKit framework will be required to be supported by network-connected devices.

Here, it will be about identifying every one of the standards supported by the physical medium that the IoT device uses to link with other devices and the network. Then implementing all of the current standards supported by that medium in a vendor-agnostic manner.

Secure by design

An issue that has been raised recently is the issue of data security practices implemented by the software that runs Internet-Of-Things and dedicated-purpose devices. Situations that have come to the fore include the Mirai botnet that scoped in network videosurveillance cameras and home-network routers to perform distributed denial-of-service attacks against online resources like the Krebs On Security Website and the DNS records held by Dyn, a dynamic-DNS provider, affecting a large number of Internet household names.

Here, the issue being called out is designing the software in this class of device for security along with a continual software-maintenance cycle. But it also includes the implementation of secure-software-execution practices not uncommon with the latest desktop and mobile operating systems. This includes secure-boot, trusted-execution and sandboxing to prevent unwanted code from running along with data-in-transit protection and authentication at the network level.

The concept of a continual software-maintenance approach where the firmware and other software associated with the Internet Of Things is always updated with these updates installed “in the field” as they are available, allows for the removal of software bugs and security exploits as they become known. It also allows the software to be “tuned” for best performance and manufacturers can even roll out newer functionality for their devices.

In some cases, it could even lead to a device being compatible with newer and revised standards and protocols rather than seeing one that ends up being limited because it doesn’t support the newer better protocol. But there can be the question about this kind of software update being used as a way to enforce unpopular device-design requirements upon an existing installed base of devices and changes how they operate. This could be brought about by a government mandate or an industry expectation, such as an eco-requirement for HVAC equipment required by a state energy-conservation department or a digital-rights-management expectation required at the behest of Hollywood.

To make the IoT hardware and software ecosystem work properly, there needs to be an underscored requirement for compatibility with prior and newer devices along with the ability to work securely and with properly-maintained software.

Frigidaire offers a window-mount room air-conditioner that connects to your home network

Article

Google Home welcomes 12 new partners in big smart home update | CNET

Frigidaire Cool Connect uses app-linked smarts to chill hot homes | CNet

Dreading summer already? Frigidaire’s smart window air conditioner lets you cool on demand | Digital Trends

From the horse’s mouth

Frigidaire USA

Frigidaire Smart Room Air Conditioner with Wifi Control

Product Page (8000 BTU model / 10000 BTU model / 12000 BTU model )

My Comments

Typically, the traditional single-piece room air-conditioner that was installed through a window or a wall cut-out was never seen as anything special by their manufacturers. These noisy boxes that kept your room cool (or warm in the case of reverse-cycle units) didn’t come with anything special as far as their features were concerned.

Recently-issued models started to come with remote control abilities but could be controlled using your home network thanks to a Tado or similar “virtual-remote-control” kit. But Frigidaire raised the ante for this class of air-conditioner by offering a model that can directly work with your home network.

The Frigidaire Cool Connect air-conditioner can be installed in a window like the rest of these beasts but this is where the similarity stops. Here, it looks very similar to one of the advanced network-capable multiroom speakers thanks to a mesh-like grille that covers the bottom half of the unit. The top edge of the unit has the output vents that blow the air upwards and may limit its installation to somewhere up to halfway up the wall.

As well, the essential controls such as to turn it off and on or adjust the comfort level are simply touch-buttons on the top edge towards the front while the temperature is shown through the front of the unit. There is also a card remote control that you use for managing the essential functions from afar.

But the difference with this room air-conditioner compared to the others out there is that can connects to your home network via Wi-Fi and be controlled using an iOS or Android app. Here, you can control the essential functions or set the 24-hour timer for pre-emptive scheduled cooling such as to have your place cool before you arrive. Here, these functions can be managed over the Internet, which can be good for starting the Frigidaire Cool Connect air-conditioner to get the home cool well before you arrive as a way of dodging that heat-wave.

A feature that impressed me about the Frigidaire Cool Connect air-conditioner is that you can have a cluster of these units controlled as a group. This can be of use with larger areas where a single unit isn’t enough to cool a room or premises down. Or you have individual units installed in particular rooms like a bedroom and the living room but want to manage them both at once for actions like dropping that heat-wave temperature down or turning them off when it’s cold enough.

Let’s not forget that you can use a device that supports the Google Home or Amazon Alexa voice-driven home assistants to control the Frigidaire Cool Connect air-conditioner. Here, you could issue commands for the essential functions like turning the system on or off or increasing or decreasing the comfort level.

What has been shown here is that Frigidaire, now a part of the Electrolux appliance behemoth, is raising the bar for an appliance class often overlooked by many other appliance manufacturers. Here, they have offered a single-piece window-mount room air-conditioner that can be part of the connected home.

Google demonstrates their Google Home concept during Super Bowl 2017

Part of the experience of watching American Football’s annual ultimate playoff that occurs every February is to see the ads that are run during the commercial breaks. This is because, a company has to stump up at least US$5 million per “spot” to get an ad in front of the USA’s many eyeballs who will be watching the Super Bowl. Here, it is also the time that advertisers pull out the stops to show the most impressive and memorable commercials that could end up being run when they want to extend the campaign further.

Google used this year’s Super Bowl to demonstrate the concept of their Google Home voice-activated home assistant platform competing with Amazon Alexa. But is shows what these voice-operated home assistants are all about. Most of the functionality you will see in this ad will require you to install smart-home devices that control your existing lighting or heating.

Have a look at this if you missed it during this year’s “ad parade”.

Passive Wi-Fi–a new trend for battery-operated Wi-Fi network devices

Articles

‘Passive Wi-Fi’ researchers promise to cut Wi-Fi power by 10,000x | PC World (IDG)

New “Passive Wi-Fi” Could Drastically Cut Power Needs For Connected Devices | Fortune

Passive WiFi – 10,000 times less power consumption than trad WiFi | Telecom TV

US engineers unveil Passive Wi-Fi, which consumes 10,000 times less power | Android Authority

Video (Click / Tap to play)

My Comments

A new direction that is being looked at for the Wi-Fi wireless-network ecosystem is the use of “passive Wi-Fi”. This is where Wi-Fi endpoints will not be needing the use of analogue RF amplification circuitry and can simply reflect these wireless signals back to access points or routers.

Traditional active Wi-Fi setups work analogously to a torch (flashlight) that is being used where it is actively putting out the light thanks to its batteries. But passive Wi-Fi works in a similar vein to a mirror that simply reflects the light without using any energy.

The advantage here with passive Wi-Fi is that devices implementing that technology don’t need to draw lots of current for them to operate on the network. This is so appealing towards mobile devices implementing it as a battery-saving measure.

But it also appeals towards how devices related to the smart home or Internet-Of-Things will be designed. This is because these devices can be designed to work for a long time on up to three AA or AAA Duracells or a coin battery, or could use energy-harvesting technologies like solar power or kinetic energy but work with a Wi-Fi network rather than the Bluetooth LE, Zigbee or Z-Wave networks that are optimised for low energy.

Here, it may be feasible to directly connect these devices to your home network and the Internet without the need to use bridge devices to achieve this goal. This is although it can be feasible to integrate Bluetooth LE, Zigbee and/or Z-Wave bridging functionality in to a Wi-Fi-capable router or access point, especially if there is a market expectation to have these devices also serve as “smart-home” or “IoT” hubs.

At the moment, passive Wi-Fi can work between 30-100 feet on a line-of-sight or through walls while passing a bandwidth of up to 11Mbps. The prototypes have been demonstrated with traditional Wi-Fi network equipment including a router and smartphone and this has proven that they can work in a standard Wi-Fi network. But there have been issues raised about requiring routers and access points to broadcast a “wake-up” call for these devices to report their presence and status.

A question that can be asked as this technology is designed is whether it could be feasible to design a Wi-FI front-end to switch between active and passive mode. Here, it could appeal to devices that enter passive mode simply to save energy but “go active” while in use with obvious use cases being mobile devices or Wi-Fi-based handheld controllers.

What it could lead to is that the goal to optimise all of the building-wide wireless-data technologies for low-power use has been nearly completed with the ability to have devices that exploit these technologies able to run for a long time on ordinary batteries.

Z-Wave to be the first standards group to mandate secure IoT

Article

Nest Learning Thermostat courtesy of Nest Labs

Z-Wave now requires a secure-by-design approach for Internet Of Things devices using its technology like these room thermostats

IoT gear will need better security to win a Z-Wave badge | PC World

Previous coverage on this topic

A Clear Reality Surfaces With The Internet Of Things

EU wants to establish a security baseline for Internet Of Things

August responds to its smart lock’s security weaknesses by patching its software

My Comments

The recent Mirai botnet denial-of-service cyber-attacks including an attack against a data-security journalist have raised serious questions regarding designing the software for dedicated-purpose devices like network-infrastructure devices and the “Internet Of Things”. Here, it raised concern regarding default or hard-coded passwords along with poorly-maintained software as being a few of the issues that lead to lax security proactices for the dedicated-purpose devices.

This led to the European Union wanting to call a baseline standard for device-software security, with a customer-facing indicator similar to energy-efficiency labels on appliances or nutrition-rating labels on foodstuffs. Here, the standard wanted to look at “default-for-security” setup routines along with the issue of software maintenance.

But Z-Wave who establish a short-range wireless-connectivity standard for home-automation devices have had to answer this issue by requiring that devices using this technology implement their Security 2 (S2) secure-operations framework before the device can wear the Z-Wave logo. It is similar to various standards logos like Dolby noise reduction, DLNA or HDMI where equipment has to be compliant to these standards before they can show these logos and customers can see that logo as an indicator of compatibility.

Here, the requirement includes the use of a human-readable PIN number and/or a machine-readable QR code for authenticating devices to a Z-Wave network. As well, Z-Wave setups must implement a strong secure key exchange along with implementation of a Transport Layer Security 1.1 data tunnel for IP setups. It is mandatory for the endpoint devices like light bulbs, light switches and thermostats along with “hub” and similar devices that connect Z-Wave devices to the home network and Internet.

A question that may be raised with certain device classes like smart locks or security systems is whether a PIN number that you set using the device’s control surface, especially an “administrator” or “master” PIN number, does constitute a PIN number for the Security 2 (S2) framework.

At the moment, what Z-Wave have done is to address the issue of “secure setup” for this class of device. They haven’t dealt with the issue of software maintenance which is still a thorn in the side for dedicated-function devices and this may be something that others in the industry may need to deal with.

Finnish building-management systems cop the brunt of cyberattacks

Article

There needs to be a level of cyber-security awareness regarding the design and maintenance of building-automation systems

There needs to be a level of cyber-security awareness regarding the design and maintenance of building-automation systems

Finns chilling as DDoS knocks out building control system | The Register

My Comments

Two apartment buildings in Finland became victims of distributed denial-of-service attacks which nobbled their building-management systems. This caused the buildings’ central heating and domestic hot water systems to enter a “safety shutdown” mode because the remote management systems were in an endless loop of rebooting and both these systems couldn’t communicate to each other. The residents ended up living in cold apartments and having cold showers because of this failure.

What is being realised is that, as part of the Internet Of Things, building-management equipment is being seen to be vulnerable, due to factors like the poor software maintenance and an attitude against hardening these systems against cyber-attacks. Then there is the issue of what level of degraded-but-safe functionality should exist for these systems if they don’t communicate to a remote management computer. This also includes the ability for the systems themselves to pass alarm information to whoever is in charge.

This situation has called out data-security issues with design and implementation of dedicated-purpose “backbone devices” connected to the Internet; along with the data-security and service-continuity risks associated with cloud-based computing. It is also an issue that is often raised with essential services like electricity, gas and water services or road-traffic management being managed by Internet-connected computers with these computers being vulnerable to cyberattack.

One of the issues raised included the use of firewalls that run up-to-date software and configurations to protect these systems from cyberattack.

I would also look at a level of fail-safe operation for building management systems that can be implemented if the Internet link to remote management computers dies; along with the ability to use cellular-telephony SMS or similar technology to send alarm messages to building management during a link-fail condition. The fail-safe mode could be set up for a goal of “safe, secure, comfortable” quasi-normal operation if the building-local system identifies itself as operating in a safe manner.

You could be using your phone to sign in to Facebook on the big screen

Article

Apple TV 4th Generation press picture courtesy of Apple

You could be able to log in to Facebook on this device using your smartphone’s Facebook client

Facebook Login Updated for tvOS, FireTV, Android | AdWeek SocialTimes

From the horse’s mouth

Facebook

Developer News Press Release

Improving Facebook Login For TV and Android

My Comments

A holy grail that is being achieved for online services is to allow users to authenticate with these services when using a device that has a limited user interface.

TV remote control

A typical smart-TV remote control that can only offer “pick-and-choose” or 12-key data entry

An example of this is a Smart TV or set-top device, where the remote control for these devices has a D-pad and a numeric keypad. Similarly, you have a printer where the only interface is a D-pad or touchscreen, with a numeric keypad only for those machines that have fax capabilities.

Here, it would take a long time to enter one’s credentials for these services due to the nature of the interface. This is down to a very small software keyboard on a touchscreen, using “SMS-style” text entry on the keypad or “pick-and-choose” text entry using the D-pad.

Facebook initially looked at this problem by displaying an authentication code on the device’s user interface or printing this code out when you want to use it from that device. Then you go to a Web-enabled computer or mobile device and log in to facebook.com/device and transcribe that code in to the page to authenticate the device with Facebook.

Here, they are realising that these devices have some role with the Social Web, whether to permit single sign-on, allow you to view photos on your account or use it as part of a comment trail. But they also know that most of us are working our Facebook accounts from our smartphones or tablets very frequently and are doing so with their native mobile client app.

But they are taking a leaf out of DIAL (DIscovery And Launch) which is being used as a way to permit us to throw YouTube or Netflix sessions that we start on our mobile devices to the big screen via our home networks. It avoids a long rigmarole of finding a “pairing screen” on both the large-screen and mobile apps, then transcribing a PIN or association code from the large screen to the mobile client to be able to have it on the TV screen,

This is where you will end up authenticating that big-screen app's Facebook login request

This is where you will end up authenticating that big-screen app’s Facebook login request

What Facebook are now doing for the 4th generation Apple TV (tvOS) and Android-based TV/video peripheral platforms (Android TV / Amazon FireTV) is to use the mobile client app to authenticate.

Here, you use a newer version of the Facebook mobile client, the Facebook Lite client or the Google Chrome Custom Tabs to authenticate with the big screen across the home network. The TV or set-top device, along with the mobile device running the Facebook mobile client both have to be on the same logical network which would represent most small networks. It is irrespective of how each device is physically connected to the network such as a mobile device using Wi-Fi wireless and the Apple TV connected via HomePlug AV500 powerline to the router for reliability.

What will happen is that the TV app that wants to use Facebook will show an authentication code on the screen. Then you go to the “hamburger” icon in your Facebook mobile client and select “Device Requests” under Apps. There will be a description of the app and the device that is wanting you to log in, along with the authentication code you saw an the TV screen. Once you are sure, you would tap “Confirm” to effectively log in from the big screen.

At the moment, this functionality is being rolled out to tvOS and Android-based devices with them being the first two to support the addition and improvement of application programming interfaces. But I would see this being rolled out for more of the Smart TV, set-top box and similar device platforms as Facebook works through them all.

Spotify login screen

This kind of single-sign-on could apply to your Smart TV

One issue that may have to crop up would be to cater for group scenarios, which is a reality with consumer electronics that end up being used by all of the household. Here, software developers may want to allow multiple people to log in on the same device, which may be considered important for games with a multiplayer element, or to allow multiple users to be logged in but with one user having priority over the device at a particular time like during an on-screen poll or with a photo app.

Another question that could be raised is where Facebook is used as the “hub” of a user’s single-sign-on experience. Here, an increasing number of online services including games are implementing Facebook as one of the “social sign-on” options and the improved sign-on experience for devices could be implemented as a way to permit this form of social sign-on across the apps and services offered on a Smart TV for example. It could subsequently be feasible to persist current login / logout / active-user status across one device with all the apps following that status.

Other social-media, messaging or similar platforms can use this technology as a way to simplify the login process for client-side devices that use very limited user interfaces. This is especially where the smartphone becomes the core device where the user base interacts with these platforms frequently.

EU wants to establish a security baseline for Internet Of Things

Article

Netgear DG834G ADSL2 wireless router

The security of network connectivity equipment is now in question thanks to the Krebs On Security DDoS attack

The EU’s latest idea to secure the Internet of Things? Sticky labels | Naked Security Blog

My Comments

The European Commission wants to push forward with a set of minimum standards for data security especially in context with “dedicated-function” devices including the “Internet Of Things” or “Internet Of Everything”. This also includes a simplified consumer-facing product-label system along with a customer-education program very similar to what has taken place in most countries concerning the energy efficiency of the appliances or the nutritional value of the foodstuffs we purchase.

This issue has been driven by a recent cyber attack on the Krebs On Security blog where the “Mirai” botnet was used to overload that security blog, the latest in a string of many attacks that were inflicted against data-security journalist Brian Krebs. But this botnet was hosted not on regular computers that were running malware downloaded from questionable Internet sites, nor was it hosted on Web hosts that were serving small-time Websites running a popular content management system. It was based on poorly-secured “dedicated-function” devices like network-infrastructure devices, video-surveillance devices, printers and “Internet Of Things” devices that had their firmware meddled with.

Nest Learning Thermostat courtesy of Nest Labs

… as could other Internet-Of-Things devices like these room thermostats

There will be issues that concern how we set network-enabled equipment up to operate securely along with the level of software maintenance that takes place for their firmware. A question always raised in this context is the setup or installation procedure that you perform when you first use these devices – whether this should be about a “default-for-security” procedure like requiring an administrator password of sufficient strength to be set before you can use the device.

But I also see another question concerning the “durables” class of equipment like refrigerators, televisions, building security and the like which is expected to be pushed on for a long time, typically past the time that a manufacturer would cease providing support for it. What needs to happen is an approach towards keeping the software maintained such as, perhaps, open-sourcing it or establishing a baseline software for that device.

Manufacturers could be researching ways to implement centralised simplified secure setup for consumer “Internet-Of-Things” devices along with maintaining the software that comes with these devices. This could be also about working on these issues with industry associations so that this kind of management can work industry-wide.

But the certification and distinct labelling requirement could be about enforcing secure-by-design approaches so that customers prefer hardware that has this quality. Similarly, a distinct label could be implemented to show that a device benefits from regular secure software maintenance so that it is protected against newer threats.

It usually just requires something to happen in a significant manner to be a wake-up call regarding computer and data security. But once a standard is worked out, it could answer the question of keeping “dedicated-purpose” computing devices secure.