Losant secures $5.2 million in Series A financing to meet surging IoT solutions demand

Losant, a US-based startup that helps enterprises build IoT solutions, prepares itself to meet the surging demand for next generation connected solutions by securing a sum of $ 5.2 million in a Series A financing round.

Securing the amount, Charlie Key, CEO of Losant, said: “We’re excited to see our platform power intelligent solutions across a gamut of industries and use-cases. Our customers are pushing new boundaries in industrial equipment monitoring, asset tracking, smart buildings, and more. With endless possibilities, Losant is uniquely positioned to help thousands of companies in their IoT journey.”

The round was led by CincyTech. Revolution’s new Rise of the Rest seed fund, TechNexus, and Vine Street Ventures also took part.

Mike Venerable, CEO of CincyTech, said: “Connected experiences are going to transform business and personal experiences for all of us in the next decade. Billions, not millions, of connected devices are being deployed across all domains. Losant's reliable and scalable platform for IoT is being used in an accelerating number of scenarios that represent the connected future.”

JD Vance, Rise of the Rest seed fund managing partner, said: “Losant’s use of next generation IoT solutions has the potential to change every industry and business and the fact that it’s a promising Ohio-grown startup makes it that much more exciting. We are thrilled to invest in Losant alongside CincyTech, who has been helping entrepreneurs build successful technology companies in southwest Ohio for a decade.”

iottechnews.com: Latest from the homepage

IoT by name or nature? Delivering experience over appearance

The last few years have seen a whole raft of IoT vanity projects, where connectivity for connectivity’s sake was the order of the day. Everything from connected loo-roll holders that warned when paper levels were low (if only there was a pre-existing, simpler way), to flip flops that had IoT capability crammed in and called ‘smart shoes’.

The practical use of these types of products being next to zero, many consumers have been driven to despair. And from a business perspective too, IoT by name rather than nature can be damaging. There is the worrying potential for organisations to divert millions of dollars into IoT projects without a clear handle on their objectives, and possibly worse, without a thorough testing plan throughout to ensure the app delivers as intended.

Gartner estimates that by 2020, there will be seven billion connected business devices out there. In this digital transformation boom, companies are investing vast sums in IoT capabilities, and the B2B IoT market is growing fast. But the question remains, how much of this growth actually benefits customers? And how can organisations ensure that when they embark on an IoT project, that the project is useful and consistently delivers the value it should to its intended audience?

Delivering real value

Instead of businesses trying to nail down their own version of what an IoT ‘vision’ should look like, perhaps everyone could be better served by taking a look at those doing it successfully and using this intelligence to optimise IoT offerings from inception to delivery. Like any other mission-critical area, IoT needs a strategy and a vision way before its inception.

Companies like Volvo Car Group seem to be doing things right. Klas Bendrik, their SVP & CIO, was at a recent awards ceremony to receive recognition for the work Volvo is doing with their connected cars and cloud technology, embracing the IoT, when he said: “We take the best available technology and make it work in the most useful way for our customers. It’s about using technology to provide tangible real-life benefits, rather than providing technology just for the sake of it.”

This is exactly the point. Other companies would do well to try and live up to approaches that deliver clear value (in this case, more efficient and/or safer cars, helping people’s journeys). If they can deliver initiatives that have real benefit for customers, this success will make the IoT ever more popular. In turn, this only makes it more valuable and relevant to day to day life and business. Therefore, performance and availability of connected devices will become key differentiators when it comes to an ever more competitive and crowded market place.

Test, test, and test again

The lesson here is that companies investing in IoT have to put the time into doing it right, and in most instances, this means proper monitoring and testing in order to guarantee continuous performance that will actually add true business value. If the idea was to create a digital app to delight customers, then it’s vital to ensure the app delivers against this vision. In short, it needs to work and stand the test of time and popularity. 

We know that connected IoT devices have a high level of dependency on speed of communication. This can open them up to issues such as unreliable network hardware or slow internet connection. Testing IoT devices to make sure that they’re not losing data, failing to respond, and work in any scenario, is imperative.

Key to the customer experience is proactively monitoring your websites and applications, not to mention APIs – and to do it 24/7 rather than intermittently. So, before your valuable customers run into a wall and start making a lot of noise about any availability or performance issues, you can already be fixing the problem. Speed is crucial; performance indicators like page load times are directly linked to a loss of views and visitors – the longer you test people’s patience, the more risk you run of losing their trade.

There are more issues to consider, cyber-crime and data privacy not least amongst them. The downside of the IoT can be a dangerous one – and embarrassing. After all, who wants to get hacked by a kettle? Testing needs to push applications on all areas of performance, including how secure they are for end users.

Making sure that we get the most out of IoT projects shouldn’t rely on an ad hoc process which concerns only a few techie individuals in any given organisation. Not so long ago, Business Insider predicted that the Internet of Things will be the largest device market in the world by 2019. In a year or so, it will be more than double the size of the smartphone, PC, tablet, connected car, and the wearable market combined. By then, let’s hope all those devices are things we need (and love!), and work with 24/7 reliability. Proper testing can enable organisations to take the first step on this journey, and deliver leading customer experience.

iottechnews.com: Latest from the homepage

Live, die, repeat: The security shortcuts endangering IoT device adoption

IoT devices are repeatedly exhibiting the same flaws creating a massive vulnerable attack surface which will inevitably lead to more major attacks. We’ve already seen DDoS attacks increase 91 percent over the course of 2017 due to vulnerable deployed devices, yet estimates suggest only 9 percent of IoT vendor budgets are spent on security. This pitiful investment is leading to shortcuts and a ‘live, die, repeat’ attitude to development that spells disaster for the user and the long-term viability of the IoT seedbed.  

So what are these common issues that are cropping up time and again? Security research reveals specific issues across all aspects of IoT design, from access and connectivity, hardware and firmware, and update mechanisms. 

Access all areas

In terms of access, vendors often fail to implement ‘least privilege’ in the permissions on the device. Without this an attacker can quickly gain root access to the entire system. The root user log-in should require a password and this should not be set by default or hardcoded in as this could mean that one vulnerability, such as having telnet enabled, could provide root access.

Encryption is also another common failing, without which the attacker can recover keys, certificates, hashes, and passwords and again gain control. Using System on a Chip (SoC) to store encryption keys or sensitive information on the device using Trusted Platform Module (TPM) is the preferred option. A secure boot should also be implemented as without this the SoC cannot check the integrity of the bootloader, and the bootloader cannot check the integrity of the firmware. This can allow an attacker to modify firmware of the device, either by subverting controls on the firmware update process, or through physical access to devices.

Just because the device is encrypted doesn’t mean it is protected, however. Poor implementation of encryption such as encryption without MAC, hardcoded IV and weak key generation can all lead to compromise and steer clear of home-grown cryptography. Ensure encryption is extended to include firmware. Attacks can see malicious firmware deployed to devices so sign and validate the signature during updates and ensure that the HTTPS connection is secure, with SSL certificates validated.

Wireless weaknesses

Connectivity is also a major sticking point. There’s a tendency to assume that a local connection over a WiFi access point or Bluetooth Low Energy (BLE) confers some protection because of the limited range of the signal but this can still lead to drive-by attacks. Typically wireless communication is used to pass the user’s SSID and pre-shared key (PSK) to the device, often in plain text, which the attacker can then capture and use.

Redundant functions often provide a convenient entrance point for the attacker. Developers favour off-the-shelf toolkit such as BusyBox, described as the Swiss army knife of embedded Linux, but it’s important to minimise the use of these functions. Similarly, open ports or redundant web user interfaces should be disabled rather than left in place. Devices that ship with serial ports enabled are particularly vulnerable. This can allow the bootloader, a login prompt, or an unprotected shell to be accessed. Such debug headers may well be present for troubleshooting during the development and programming stages but should be disabled in the end consumer product, an issue often overlooked.

Exploiting buffer overflows is another prime way for the attacker to seize control of the device once it’s on the network but it’s possible to prevent this by using compile time hardening in the form of PIE, NX, ASLR, RELRO, Stack Canaries or Fortify. These are often included in embedded systems but can affect performance and battery life so some experimentation will be required. Consider also whether unsafe functions associated with buffer overflow are used ie strcpy, sprint, and gets, used in binaries on the system.

Keep it current

Is the software up to date? This sounds obvious but lots of devices have Certificate Authority (CA) bundles predating 2012, kernels dating back ten years, old versions of Busybox or even web server connections last accessed in 2005. Old CAs may have already been compromised but are still used by developers because it’s generally easier to leave them in place and simply switch off certificate validation. Unfortunately, this can then expose the device to man in the middle attacks. Check the certificate is correctly signed by a valid certificate authority, check that it matches the server name, and check that it hasn’t expired.

If IoT vendors take the necessary steps to address these common security failings these devices will no longer be so easy to hijack and to subvert. A failure to do so will inevitably lead to yet more behemoth botnets, as well as the emergence of malicious firmware updates and ransomware attacks, which could potentially threaten the viability of the IoT itself.

iottechnews.com: Latest from the homepage

Sigfox posts €50 million in revenue, reiterates plans for 60 country connectivity in 2018

Sigfox, the French-based Internet of Things (IoT) connectivity provider, has announced its 2017 results and 2018 roadmap, promising a network of 60 countries and more than a billion people worldwide.

Revenues went up to €50 million (£44.4m), a rise of more than 56% year over year, according to the company, while the total number of objects connected to the Sigfox network rose by 65% to a total of 2.5 million. Alongside this, the company’s network grew to 45 countries earlier this month, including Malaysia, South Korea, and Switzerland.

Looking at the company’s 2018 roadmap, alongside its network figures Sigfox is promising greater focus on its evangelisation strategy. To that end, the provider is launching Hacking House, a project that will ‘bring together students from around the world to learn about IoT and Sigfox’s pioneering technology’, as the company put it.

“There is tremendous value in IoT, which lies in the data that is generated by millions of connected objects across the globe,” said Ludovic Le Moan, co-founder and CEO of Sigfox in a statement. “It’s up to us to turn this golden opportunity into a multi-billion dollar industry, just like we did with petrol a century ago.

“Our challenge for the next few years will be to lower the cost of collecting that data to close to zero,” Le Moan added.

This makes for an interesting comparison when looking at Sigfox’s proclamations in November 2016. The company had just secured a €150m funding round and promised then what it promises today – coverage in 60 countries by 2018.

iottechnews.com: Latest from the homepage

IoT identity and management revenues to hit $21.5bn by 2022, says ABI Research

ABI Research projects that revenues from IoT identity and management are heading to hit the $ 21.5 billion benchmark by 2022, driven by IoT platform services together with security, cryptography, digital certificate management and data exchange services.

According to predictions put forward by the advisory firm in its report “​Thing Identity and Management Services”, IDoT (Identity of Things) services will realise robust growth over the next five years driven primarily by the industrial, manufacturing, and automotive industries.

Dimitrios Pavlakis, industry analyst at ABI Research, said: “Through ‘smarter gateways’, cloud services, and application programming interface (API)-focused solutions, thing identity and management services are steadily finding their way in a wider spectrum of IoT verticals.”

Although some industries are not so up-to-date in terms of security, vendors in the IoT market are finally making investment moves in encryption and device certificate management. Some of the leading verticals that are eating up over 60% of the total global revenues include aftermarket telematics, fleet management, OEM telematics, metering, home security, and automation.

Elsewhere, a BCC Research report projected that the value of the global IoT networking solutions market is anticipated to reach $ 1 trillion by 2022 at a CAGR of 21.6%. The report titled “Internet of Things (IoT) Networks: Technologies and Global Markets to 2022” highlighted that the Asia Pacific’s IoT networking solutions market is anticipated to grow at a CAGR of 27.6% through 2022, followed by Europe with a CAGR of 23.8% and market share of 31.3%.

iottechnews.com: Latest from the homepage