Category: Internet Of Things

Pay-TV security technology is relevant for the Internet Of Things

D-Link DCH-3150 myDLink  motion sensor

An Internet-Of-Things sensor that would require regular software updates to be secure

Article

Content security vendors need to prevent babycam hacking nightmares | VideoNet

My Comments

A problem that will get worse in this day and age is weak security affecting home automation and security. This is based around easy-to-misconfigure hardware pitched at home users on a “set it and forget it” basis. It has led to consumer IP-based cameras being hacked and their content being thrown to undesirable Websites.

This is driven by a common mindset associated with devices sold to consumers where the goal is to buy it. install it and use it without requiring the consumer to worry about it more.

The Pay-TV ecosystem invests in and uses a high-security path to protect the expensive content such as the Hollywood blockbusters or the big-league sports that it provides to its subscribers. This is always evolved and updated to counteract new threats to this ecosystem and to handle new applications. They also used the “end-to-end” approach including supplying hardware to consumers and updating the software in this hardware automatically and without the consumer having to do anything extra.

Similarly, regular-computer setups have been made secure with Microsoft and Apple delivering security updates to Windows and MacOS X on a regular basis as threats come about. This is because of these systems having a heritage of being used in the business environment for a long time.

The article raised the concept of companies who provide home monitoring and allied services offering a turnkey installation and configuration service to their customers as a premium service or simply alerting customers to misconfigured hardware and hacking attempts if customers prefer to install their own hardware. They could use the Pay-TV technology to secure the content path between the cameras and the Web dashboards or mobile apps that the customers use.

“Blind updating”

AVM FRITZ!Box 3490 - Press photo courtesy AVM

AVM FRITZ!Box – self-updating firmware = secure network infrastructure

What I would like to see more is the ability to patch network-infrastructure hardware in a similar manner to what is done with pay-TV, regular-computer operating systems and some cloud-hosted services. This is where security updates and patches are delivered and installed automatically to these devices. In some cases, it may be preferable to provide an interactive update process for major software versions that add or change a device’s functionality.

A good step in the right direction was AVM with their Fritz!Box routers where they introduced the concept of automatic software updating to this class of device when they released new firmware for the Fritz!Box 7490.

These processes will have to require manufacturers to instigate software authentication and verification workflows and have their devices verify software updates before deploying them. This is to prevent the deployment of malware to these devices.

Send to Kindle

Fiat Chrysler are now facing the security issues associated with the connected car

Articles

Jeep Grand Cherokee outside family house - press picture courtesy of Fiat Chrysler North America

Jeep Grand Cherokee – make sure that the uConnect system runs the latest firmware

Jeep drivers: Install this security patch right now – or prepare to DIE | The Register

From the horse’s mouth

Fiat Chrysler

Blog Post

UConnect Website (Go here to update your vehicle)

Vehicle list

Model Model-years affected
Chrysler
200 2015
Dodge
Durango 2014
Viper 2013-2014
Jeep
Cherokee 2014
Grand Cherokee 2014
RAM
1500 2013-2014
2500 2013-2014
3500 2013-2014
4500 / 5500 2013-2014

The vehicles affected would be equipped with a uConnect-capable 8.4” touchscreen radio system.

My Comments

The connected car is now being highlighted as a device that has security issues. This was exemplified previously by BMW when they rolled out a patch for their connected infotainment system in the newest vehicles because of a security risk.

Now it is Fiat Chrysler’s turn where their UConnect connected infotainment system which has a stronger link with the car’s powertrain was needing a software update because of this same issue. It was brought about by a discovery that a pair of hackers found in relation to a 2014 Jeep Cherokee owned by one of these hackers concerning undesirable remote control of this “family 4WD”. The software can be downloaded by vehicle owners who have an affected 2013-2015 vehicle and can be done by downloading the update file from the UConnect Website to a USB memory stick then transferring that file to your vehicle. If you are not confident with this process, you can have the mechanics at the dealership where you bought the vehicle from perform this upgrade, while your vehicle is being serviced by them.

At the same time, the US Congress is legislating for security standards concerning connected vehicles including software protection for the vehicles’ powertrain, steering or braking in the form of the “Security and Privacy In Your Car Act” (SPY Car Act). This is in a similar vein to various design rules and standards that nations require vehicles to comply with for safety like seatbelt or lighting requirements. Even the US Senator Markey called out that drivers shouldn’t have to choose between being connected or being protected.

Again, this is a class of devices which is easily driven by the marketing impetus to have them on the market. But there needs to be a culture to encourage a secure environment for connected vehicles as there is for desktop computing.

One way would be a continual update process for the firmware associated with the connected vehicle, including aftermarket setups that have any effect on the vehicle’s steering, brakes or powertrain. This would preferably be in the form of a blind-update process like what happens with most operating systems when you set them to automatically update and patch.

Personally, this could be facilitated by having the connected vehicle work with the home network whenever it is garaged at home. This would then allow it to download the updates overnight while it is not in use. As well, the motorist should have the chance to choose what updates are provided like with enterprise variants of operating systems.

Send to Kindle

The BBC Model B computer returns with a pocket-size vengeance

BBC Model B microcomputer By Soupmeister (Acorn BBC Model B) [CC BY-SA 2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons

BBC Model B personal computer – the core of an original computer-education project that took place in the UK during the early 1980s

Article

BBC reveals Micro:bit, a programmable PC that fits in your pocket | PC World

Micro:bit : la BBC veut distribuer des nano ordinateurs aux enfants britanniques | ZDNet.fr (French language / Langue française)

From the horse’s mouth

BBC

Press Release

Microsoft

Press Release

TouchDevelop Website

Video

Bluetooth SIG

Blog Post

My Comments

In the early 1980s, the BBC undertook a computer-education project which was based around a series of television programmes along with a specially-commissioned computer. This computer, known as the BBC Model B computer and built by Acorn who were a relatively-new home-computer manufacturer in the UK, was sold to schools so that students can work along with the TV programmes which explored, amongst other things, coding in BASIC and interfacing and controlling other devices.

One feature that the BBC Model B had was an 8-bit user port which was used for directly interfacing digital circuits along with a “game port” typically used for analogue joysticks and knob-style “paddles” but serving as an analogue input. Some of the printed and visual courseware associated with this computer was dedicated to teaching how to use these “real-world” interfaces.

This system was Acorn’s main founding stone and Acorn evolved to become a company who sold RISC-based microprocessors and defined the ARM microarchitecture used in most of today’s smartphones, smart TVs and similar devices.

But Acorn had clawed back to their roots with an ARM-based pocket-sized board computer similar to the Arduino and Raspberry Pi. This computer has been developed in conjunction with the BBC in order to continue on the legacy left by the original BBC Model B computer.

It has 25 LEDs that can be programmed to light up and flash messages, 2 user-programmable buttons and sensors in the form of an accelerometer and compass along with input-output connections for users to connect to other circuits. It uses Bluetooth Smart (BLE) technology to interface with other devices including regular and mobile computer devices. As well, it can connect to a computing device via USB and be programmed via a browser-based software development kit called TouchDevelop which Microsoft worked on.

The TouchDevelop setup uses the Web-based interface along with a choice of programming languages as a way to program the device. It also involves two-stage compilation with the Block Editor script being compiled to turn out C++ code which is then subsequently compiled and linked to turn out machine code to be downloaded and flashed to the BBC Micro Bit.

Like the previous BBC Model B computer, this will be delivered in to UK secondary schools and students will have their own Micro Bit computer so they can learn how to program the Internet Of Everything as part of their computer education.

The goal is to have this computer replicate what the BBC Model B computer had done for British computer education and the success in bringing about a UK-based software industry. Here, they want to have Britain putting a clear foot in the door for Internet Of Things.

Send to Kindle

Telephone Interview–UPnP Forum (Wouter van der Beek)

Introduction

UPnP Forum logo courtesy of UPnP ForumI have had the chance to interview Wouter van der Beek who is the Vice President of the UPnP Forum which defines the standards and specifications associated with UPnP technology. This interview is primarily about the direction that the UPnP Forum and this technology is heading in the face of current personal-computing trends like cloud computing and the Internet Of Things.

What is UPnP

This is a collection of standard for interlinking network-connected devices at an application level. It is to facilitate discovery of the devices by other devices on that network along with the ability to benefit from what the device has. The idea had been seeded 15 years ago when the home network was becoming commonplace thanks to affordable but powerful computers along with affordable broadband Internet services, but there needed to be foolproof ways to allow most people to set up, manage and benefit from these networks without requiring extensive computer skills.

Freebox Révolution - courtesy Iliad.fr

Freebox Révolution – an example of equipment designed with UPnP in mind

This has been facilitated initially with the Internet Gateway Device which has simplified management of Internet access for devices on a home network. If you use a UPnP-capable router and have its UPnP IGD function enabled, you don’t have to meddle around with different settings to get an online game or Skype to work via the Internet.

DLNA collections listed as sources on the TV

DLNA content collections listed as sources on a Samsung Smart TV

It has also been facilitated with DLNA-capable media devices which use the UPnP AV MediaServer or MediaRenderer device control protocols. This is where you could use a smart TV or a Blu-Ray player to discover photos or vides kept on your computer or network-attached storage device or “push” music from a Windows computer, NAS or Android smartphone to a Wi-Fi-enabled wireless speaker. Here, it has become to that point where UPnP and DLNA have become so synonymous as an expectation for anything that uses the home network to provide or play / show multimedia content in a similar way that Dolby noise reduction was an expected feature for good-quality cassette players.

The foolproof way of setting up and using UPnP-capable network equipment has, for that matter, had me look for devices that support these specifications when I am involved in buying or specifying network equipment.

New Directions for UPnP

UPnP’s New Zones of Relevance

Previously, the Universal Plug And Play technology was confined to the home network which encompassed computers and related devices that existed in one’s home and connected to a router which served as the network’s Internet “edge”.

Thanks to trends like the highly-mobile devices like smartphones, tablets and laptops; the online services and cloud computing, and the increasing role of social media in our lives;  the UPnP technology and, to some extent, the home network has changed its zone of relevance. This encompasses the following zones of relevance:

  • Personal, which would encompass the devices we take with us or have on ourselves like smartphones, tablets, smartwatches and fitness bands
  • Home, which would encompass what we have at home such as computers, routers, NAS units, home AV, appliances and the like, even encompassing devices associated with comfort, energy management and security
  • Car, which encompasses the technology associated or integrated in our vehicles like infotainment systems or powertrain-management systems
  • Workplace / Business which encompasses the computing and communications technologies used in the office and would also encompass devices associated with comfort, energy management and security
  • Industry which would encompass systems that provide the backbone for the modern life.

It also encompasses the Internet Of Things where devices can be required to be sensors or actuators for other devices and services in a universal manner.

An example of this was to establish some Device Control Protocols like the Telephony DCPs with a view to look towards the many zones of relevance and increase the UPnP ecosystem’s relevance to more users.

Cloud and Remote Access now part of UPnP

One major change is to integrate cloud computing, remote access and online services in to the UPnP ecosystem. Previously, a UPnP ecosystem was encompassing just one network, typically your home network and required each endpoint to be on the same network.

Different zones of relevance

UPnP is now about online services and remote access

Now situations have risen such as the desire to gain access to your content held at your home from your friend’s home or a hotel, or exhibit pictures held on Facebook or Dropbox on our smart TVs at home. Similarly, even in the same home, not all devices are connected to the same home network such as portable devices drifting in to Wi-Fi “dark spots” where there is very little reception or devices that are connected to a “guest network” on our routers.

Now cloud and remote access were written on as an annex to the UPnP Device Architecture but support for this is a requirement for UPnP+ certification. This is to factor in the ability for a UPnP “realm” to transcend across multiple logical networks.

One of the key additions was to integrate XMPP in to UPnP as part of the Cloud initiative in order to provide a level open playing field for cloud-driven applications. This also will provide for secure transport of the necessary data. It is more centred around the concept of creating virtual rooms which UPnP devices and services are invited in to as needed with these rooms being part of different logical networks or IP subnets.

Making UPnP “safe for business”

Empire State Building picture courtesy of <a href="http://ny-pictures.com/nyc/photo/photographer/604482/araswami">araswami</a> and <a href="http://ny-pictures.com/nyc/photo/">New York Pictures</a

UPnP – to be safe for business

You may also wonder whether there are steps to make UPnP technologies “safe for business”? There are some steps that have taken place to assure this goal because the different zones of relevance like workplace / business and industry place a key emphasis on security.

One of these is the DeviceProtection DCP which allows the creation of a “network of trust” amongst UPnP Devices and Control Points. This will be mandatory as part of UPnP+ certification whereas it was simply an optional feature for UPnP networks. Other DCPs that will become mandatory for UPnP+ certification include the “management” DCPs: DeviceManagement, ConfigurationManagement and SoftwareManagement which look after how a device is set up and updated.

Of course, these are considered “retrofit” solutions which assure secure links and setups and any security concept is primarily about “buying time” from hackers.

As well, DLNA had integrated various content-protection measures in to the VIDIPATH specification which encompasses UPnP AV standards to assure secure content delivery for premium content like Hollywood films and big-league sports.

The Internet Of Things

Rethinking Device Control Protocols

Previously the UPnP Forum placed emphasis on the Device Control Protocol as being the way to describe a UPnP device and what it can do. This ended up with each of these protocols taking a long time to develop, whether at the initial stages or as they were being revised.

Examples of these were the UPnP Internet Gateway Device which described what a modem or router was about and this was shaped by telcos and network-equipment vendors; and the AV Device which described media storage, playback and control with this being shaped by most of the main consumer-electronics names.

As well as the long time it took to develop a Device Control Protocol, there was the risk of focusing these protocols on an application-specific vertical plane with functionality being duplicated amongst multiple protocols.

The new direction was enshrined in the “Internet Of Things Management And Control” DCP which is focused around the particular tasks a sensor or actuator device can do. This also enshrines language and data models that can be used to define applications. But it allows a sensor or actuator which does the same thing to be described the same way.

There were two examples we talked of: – a temperature sensor, and a lamp used as part a home automation or building automation setup. A temperature sensor measures temperature but it could be part of a room thermostat, a weather station or a fridge, but it does the same job by measuring and reporting the current temperature. A lamp is turned on and off or has its brightness increased or decreased but this could work as part of a “smart home” setup or as part of a building automation setup for an office building or an apartment block.

As well, the data models can be evolved for particular applications and there is a short turnaround time required to set a data model in stone. This could allow one to define an application-level device class based on a collection of sensors and the kind of measurements to be used.

Network Bridges

Another reality that UPnP would face is devices based on other standards. This encompasses sensor and similar devices that work on networks like Zigbee, Z-Wave and Bluetooth that don’t work on an IP/Ethernet-based structure or Ethernet-based technology that doesn’t implement IP as a way to liaise with devices at higher levels. In a lot of cases, these networks have come about due to an expectation that battery-operated sensor and similar devices are expected to run for six months or more on a single set of commodity “dry-cell” batteries like AA-size Duracells or CR2035 “button-size” batteries.

The UPnP Internet Of Things effort also includes Device Control Protocols to address Network Bridges so they can work in a UPnP or UPnP+ ecosystem. This should solve a very common problem with “smart-home” devices typically smart locks and central-heating controls, where Internet-connectivity bridges for these devices are supplied by the manufacturer and are designed to work only with that manufacturer’s devices.

Achieving vendor universality

The UPnP Forum has made big strides in achieving vendor universality but it still relied on the use of logo programs like DLNA or Designed For Windows or potential buyers pouring through specifications to achieve this goal when buying or specifying devices. But some competing ecosystems typically required one physical device such as a wireless speaker to have physical and logical support for each of them, thus the row of logos that adorn the top edge of a device.

But they would like to use concepts like Network Bridges to provide support across different logical ecosystems and have UPnP as a “glue” between the ecosystems.

Conclusion

By stripping the UPnP platform to functions that are on an elementary level, it means that the ecosystem can be evolved to newer requirements that work across any computing zone-of-relevance independent of where the data source or destination is.

Send to Kindle

A set-top box could aggregate the Internet Of Things

Article

Set top boxes could work as the hub of an "Internet Of Things" network

Set top boxes could work as the hub of an “Internet Of Things” network

The cable box might solve the Internet of Things’ biggest problem | Engadget

My Comments

This article suggested that a set-top box or PVR could do more than select channels or be a customer interface to a pay-TV system.

There is a problem that exists with the Internet Of Things where manufacturers herd their smart-home devices in to “silos” that are controlled by the apps they develop or work on a particular physical link like Z-Wave, Zigbee, Bluetooth or Wi-Fi. This makes it hard to create a heterogenous system based around these devices and either requires many apps on your smartphone or requires many gateway boxes to be connected to your home network.

Draytek Vigor 2860N VDSL2 business VPN-endpoint router press image courtesy of Draytek UK

.. as could modem-routers

But it suggested that a cable box or similar device could do a better job by aggregating the different “silos” that exist in the Internet Of Things. They even suggested that an advanced set-top box could work as a control/display surface such as to pause what you are watching and throw up a video of whoever is in the garage, courtesy of a security camera installed therein, when your garage door opener is actuated. Another application I could think of would be that if you start your kettle boiling or coffee dripolator making coffee, you could then start watching your favourite show knowing that a message would pop up on the screen letting you know that the kettle or coffee pot is ready. You could even use the TV remote to adjust the heat or air-con to your liking with the current setting appearing as a pop-up message.

This has been highlighted in the concept of cable companies and telcos offering “multiple-play” services with fixed-broadband Internet, fixed-line telephony, pay-TV and/or mobile telephony in the one package, encouraging customers to have all their “eggs in one basket”. The telco or cable company would then be able to realise that Integrating a home-automation / security service in to their service mix is another way to keep customers loyal to them. This is even if a customer dispenses with a service like pay-TV or fixed-line telephony. Here, a set-top box for their pay-TV and/or an Internet-gateway device like a modem-router that they lease or sell to customers could be the actual device that does the bridging.

A data-security advantage has been found where all bridging functionality is confined to one device because that device can be hardened against cyber attack. But I also look at the fact that two “hub” devices can work in tandem, offering some functionality to each other. In this case, the aforementioned set-top box could work as a rich control / display surface for the modem-router and other devices in the IoT ecosystem as well as serving as a repeater or secondary access point for wireless systems that support this functionality.

At least the idea has been thrown about regarding adding functionality to existing devices like set-top boxes and modem-routers rather than having a home network riddled with dedicated-function devices.

Send to Kindle

Pre-baked operating systems to be the norm for the Internet Of Everything

Article

Google reportedly building an OS for the Internet of Things | Engadget

My Comments

As part of developing Windows 10, Microsoft released a variant of the operating system for small-form embedded devices such as what would represent the “Internet Of Things” or “Internet Of Everything”. Now Google has fronted up with a similar operating system that is pitched for the same purpose.

But why these operating systems? Designing a device that is to be “connected” typically requires the manufacturer to shoehorn a task-specific operating system for this device and typically these devices require one that has a small storage, memory and power footprint.  There is also the expectation that the device will have very limited user interaction capabilities, perhaps only a switch and LED.

These operating systems won’t require the manufacturer to reinvent the wheel for functionality like communications or power management. Rather they can concentrate on what the device is all about and build the code necessary for its functionality. This may also allow them to concentrate on differentiating the device they build from the “rest of the pack” and make it more compelling.

But could this bring forth a level playing field for the “Internet Of Everything” which assures connectivity and interoperability along with devices that are secure by design?

Send to Kindle

Microsoft implements Internet of Things to support ageing at home

Article – From the horse’s mouth

Lab Of Things Helping Seniors Who Live Alone | Microsoft Research

My Comments

I have provided a lot of coverage regarding the concept of technology assisting the “ageing at home” principle where older and infirm people can stay at home and live in dignity knowing that the people close to them and their carers can act as a safety net for them.

Here, I had covered technology being used to guide seniors with shopping and food-preparation along with use of existing technology like cameras for medical observation. I have also covered in an article about CSIRO doing research in this field with a view of using the “Internet Of Everything” technology like energy sensors, movement sensors and smart locks to assess whether someone is keeping well such as knowing if they are going in to the kitchen to keep themselves nourished or if they are surfacing and going outside to collect the paper or mail.

Microsoft is working with their research laboratories in China to address the issue of ageing at home in the Asian communities. This is because these communities are becoming increasingly older like most of the world thanks to the good healthcare that is being made available to them.

Here, they are identifying how older people who are living independently at home coping, including factoring in cultural issues. They are also implementing robotics to build a medical-supplies trolley to serve the medicines that these people will need at the proper times as well as shoehorning the Kinect movement sensor as a fall sensor to detect if one is falling or convulsing.

The medicine trolley doesn’t just work with medicines that require regular doses but also can work with medicines that are taken in response to symptoms like asthma attacks and is based around knowing what the symptoms will look like. The Kinect sensor as a fall sensor has to work in a manner to assure personal privacy which is important because of the fact that some of these falls or convulsions can occur when one is using the bathroom or toilet and these devices could be located there.

What I see of this is various technologies that make use of the computer, the home network and the Internet Of Everything are being used to create a safety net for older people or people with chronic illnesses who want to preserve independence and dignity.

Send to Kindle

Securifi to release home-automation-capable routers

Article

Touchscreen-enabled routers double as home automation hubs | Engadget

From the horse’s mouth

Securifi

Almond routers

Product Page

My Comments

Previous, if you were to integrate home automations or the “Internet Of Everything” to your home network, you had to use a separate “bridge” device for sensor devices that worked with Zigbee or Z-Wave. Most of these devices worked as a control surface for these devices such as showing their current status or turning appliances on at certain times or in response to certain events.

Now Securifi have built up the latest iteration of their Almond series touch-controlled routers and integrated Zigbee in them and Z-Wave in the Almond+ premium version. Both these devices can be set up to work as wireless access points or range extenders as well as routers.

They have the ability to show the current state of nominated sensors or allow you to control the sensors from the router’s touchscreen. But they also have a time-switch functionality or triggered functionality so that an appliance can come on or off according to certain conditions. These use the application-based standards associated with Zigbee and Z-Wave which is on an open-frame basis.

As well, Securifi have been working on iOS and Android apps that provide the ability to manage the home-automation ability from your smartphone’s or tablet’s screen. This may mean that you can check whether that heater in your room was actually on using your iPhone’s display and turn it off remotely as you are getting in your car rather than run in to check that it is off as I have seen before. As well, you could avoid having to glance in that rear-view mirror as you drive out slowly from home to check if that garage door is closing properly.  Securifi could extend the Almond app to work with the iOS and Android in-car, wearable and voice-assistant functionalities in order to show the various status reports on your dashboard or smartwatch or allow you to ask Siri or Google Now the current status of various appliances.

Could this be a chance for router manufacturers to integrate the home-automation hub functionality in some of their products? Here, it could open up the path for more of the smart-home ideas to come across for most people and reduce the need for extra boxes to be part of your home network.

Send to Kindle

A smart-lock solution arrives for the Euro-standard mortice lock

Article – French language / Langue Française

La Poste vend aussi des serrures connectées (The Post Office also sells smart locks) | Le Figaro (France)

From the horse’s mouth

La Poste

PostAccess Product Page

Press Release

Video (Click to play – French language)

My Comments

At the moment, most smart-lock solutions are catering towards the “bore-through” cylindrical deadbolt that is common in the USA and some other countries.

But there is an established “open-frame” cylinder-mortice-lock platform, known as the “Euro-profile” platform, which has a strong presence “across the board” in most of Britain and Europe and has some presence in Oceania. This is based around a single-piece module that houses the key cylinder and / or a thumb-turn which slides in to a mortice lock or multi-bolt locking system already installed in to a door. This platform hasn’t been served by this technology until now.

La Poste, the French post-office, have started marketing a smart-lock kit as part of their foray in to the connected-home scene. This is based around a “swap-in” module that replaces the cylinder module or cylinder / thumbturn module that is part of a European-standard mortice lock or multi-point locking system and, like some of the other smart locks, works with a fob or your Bluetooth-linked smartphone dependent on the package.

Here, the hardware based around a high-security outside cylinder module which “drives” the lock’s bolt and provides access using a traditional key. This interlinks with an inside module that has a thumbturn along with the electronics including the Bluetooth Smart radio subsystem that is part of the PostAccess system. It also has an integrated door-alarm which can be set up to work as a simple “buzzer alarm” that sounds when someone opens the door, or it can simply be set to sound if someone attempts to force the door open.

It also works with an NFC card reader that looks like a wireless doorbell and comes with the PostAccess Sérénité package. This card reader actually links with the lock using Bluetooth Smart technologies so it can read NFC cards, badges or wristbands and use these as keys.

People who buy the PostAccess Services Connectée package also receive a Wi-Fi – Bluetooth bridge that links the lock to your home network, This allows for you to manage your PostAccess lock remotely through a Web portal that is set up by La Poste in France. The standards around the online service encompass a high-security data transfer setup between the PostAccess smart lock and the servers which are located in France.

What I like of this smart lock is that it is the first product of its kind to work with the Euro-profile cylinder-mortice-lock platform purely on a retrofit basis in a manner that suits a “screwdriver expert”. As well, it is the first product of its type to be a hub for two peripheral devices i.e. the NFC card reader and a home-network bridge while working with smartphones for authentication and management purposes.

Like other early entrants in to the network-based connected-home or “Internet Of Things” idea, it will show the problems and bugs associated with these devices. This is where you rely on particular vendor-supplied equipment, smartphone apps and services to get the full benefit from them and they don’t work on an “open-frame” platform. To approach this better, the manufacturers would need to make the PostAccess smart lock software-upgradeable to newer “open-platform” standards

La Poste could be seeing this as a way to get their foot in the door to the connected home rather than trying to run their own “n-box” triple-play Internet service in to a highly-competitive Internet-service market. They could take this further with other products of the connected-home class and / or build out their Services Connectée package for remote home management.

To make the “smart-lock” idea work, there has to be an emphasis on seeing more products of this class appear on all of the commonly-used form-factors that the typical door lock appears in. As well, there has to be the ability to see the connected-home “Internet-Of-Things” concept mature on a level playing field along with encouraging a distinct role for these devices in the connected home.

Send to Kindle

BMW delivers a security update to its ConnectedDrive cars

Articles

BMW 120d car

BMW cars with ConnectedDrive will benefit from an over-the-air software security patch

Your BMW just downloaded a security patch | Engadget

BMW patches in-car software security flaw | IT News

BMW Group ConnectedDrive increases data security | BMW Blog (BMW enthusiasts’ online magazine)

From the horse’s mouth

BMW Group

Press Release

My Comments

BMW ConnectedDrive user interface press picture courtesy of BMW Group

BMW ConnectedDrive user interface – where you can manually draw down that update

An issue that is constantly being raised regarding the Internet Of Everything is data and network security, including making sure the devices work to end-users’ expectations for proper, safe and secure operation. One of the constant mantras associated with this goal is to have a continual software-update cycle for these devices with the ability for customers to place new software in these devices in the field like you can with a regular computer or a smartphone.

BMW had brought about the ConnectedDrive online vehicle management and infotainment system to their newer BMW, MINI and Rolls Royce cars. But they discovered a flaw in the software and wrote a patch to rectify this problem. You would normally think that to have this patch delivered in to the vehicle management system, you would need to bring the car in to the dealership and this would be done as part of its regular preventative-maintenance servicing.

Here, it would typically involve you having to book the car in with the dealership including determining whether you need to use the courtesy car or not, drive it there at the appointed day and time and pick up the courtesy car if you needed it, then make a point of heading back to the dealership before they close to collect your car when it is ready.

But BMW had worked on delivering the software patch to the car via the mobile broadband link that the ConnectedDrive system depends upon for its functionality. Here, you would be advised that the update is taking place and at an appropriate time, the software patch would be applied. If you had garaged the car, you can manually “draw down” the update to your car once you drive it out of your garage.

What I see of this is the proactive way that the BMW Group have been able to use what is taken for granted with most computer operating systems to roll out critical software patches to their vehicles, which is something to be considered of importance when it comes to data security. This has to work not just through the life-cycle of a vehicle but beyond especially in markets where vehicles are likely to benefit from long service lives.

Send to Kindle