Security risk against enterprises continues undimmed as IoT popularity grows

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

The increased popularity of the IoT leading to growing adoption is one of the main reasons for more cybersecurity attacks against enterprises and utilities, according to a new Navigant Research report.

The report, titled “Managing IoT Cybersecurity Threats in the Energy Cloud Ecosystem”, evaluates cybersecurity threats in relation to IoT affecting enterprises and utilities alike. With IoT popularity, new threats are coming in and the need for a stronger IoT security lingers.

According to the report, over the last few years, the need to shield cybersecurity attacks has heightened as corporates are demanding robust security along value and supply chains. So far as domestic consumers are concerned, similar demand to improve security of IoT devices and services is noted.

Neil Strother, principal research analyst with Navigant Research, said: “The mushrooming number of IoT devices being deployed by utilities and other enterprises carries an obvious and growing security risk. Smart managers need a comprehensive strategy to stay ahead of potentially devastating threats to IoT assets. No longer can managers rely on an old-school reactive approach; instead, they and their security teams must adopt the latest proactive and predictive tools and methodologies to keep devices and systems safe.”

Another report from Navigant Research has placed Philips Lighting, Acuity Brands, Eaton, and OSRAM among the leading players in the IoT lighting market. The report evaluated a total of 16 vendors including the giants – Cisco, Intel, Schneider Electric, and Siemens – although they are labelled as challengers and not contenders or leaders. Navigant Research argues that the global IoT lighting market is all set to touch $ 5.5 billion by 2027 from $ 808.2 million in 2018.

iottechnews.com: Latest from the homepage

Cash For Apps: Make money with android app

Philips Lighting, Acuity Brands and OSRAM leading IoT for lighting market

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

Philips Lighting, Acuity Brands, Eaton, and OSRAM are among the leading players in the Internet of Things (IoT) for lighting market, according to a new report from Navigant Research.

The report, which can be found here, assesses 16 vendors in total, including larger vendors, such as Cisco, Intel, Schneider Electric, and Siemens. These players are all placed as challengers, as opposed to contenders or leaders.

Navigant Research argues that the total global market for IoT lighting is set to hit $ 5.5 billion by 2027, up from $ 808.2 million this year.

The research firm defines IoT for lighting as ‘adding value beyond illumination.’ “Connectivity and communication can happen between devices within the lighting system and between lighting devices and non-lighting devices,” it adds. “Within lighting systems, such communication can be accomplished through lighting controls. Networked lighting controls achieve many of the aspects described in this definition of IoT lighting solutions.”

The report assesses a variety of questions, including the drivers pushing ahead the IoT for lighting market, global revenue forecasts, and the strengths and weaknesses of each company.

“The leaders within this report have separated themselves from the competition through a broad solution portfolio, strong partner relationships, and advanced technology development,” said Krystal Maxwell, Navigant research analyst. “Contenders and challengers in this market will need to improve in various ways, from expanding their solution offerings, to increasing sales, to differentiating themselves through unique features and applications.”

In terms of how smart lighting equates to the IoT, a blog post from OSRAM explains the link. “Currently, we are at the infancy stage of what the IoT will enable – today we are seeing just a sliver’s worth of applications from a very big pie of potential applications,” the blog notes. Smart lighting is playing a pivotal role, unlocking the power of the IoT and smart building applications.

“Lighting is ubiquitous throughout all buildings and every luminaire is connected to a source of power,” it adds. “It is the perfect conduit for collecting data on what is happening in the building at any given time.”

You can read the Navigant synopsis here.

iottechnews.com: Latest from the homepage

Cash For Apps: Make money with android app

VMware furthers IoT strategy with new edge computing solutions

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

MWC VMware has unveiled an advancement of its IoT strategy focusing on new edge computing solutions for specific use cases including Asset Management and Smart Surveillance at Mobile World Congress 2018.

To be featured at the new edge computing solutions are VMware vSAN hyper-converged infrastructure (HCI) software, VMware vSphere and VMware Pulse IoT Center. For the formulations, VMware will collaborate with several partners including Axis Communications and Wipro Limited.

Targeting the surveillance industry, VMware and Axis Communications are partnering on an IoT solution that features Axis’ advanced surveillance capabilities including IP cameras and 4G/LTE routers which can be deployed for protection of employees and properties. With VMware Pulse IoT Center, customers can manage, monitor, and secure their Axis cameras and routers. In the initial phase, the solution will be available on select Dell EMC servers and include the option of Dell Edge Gateways.

VMware and Wipro are also working together to provide manufacturers a complete edge to cloud IoT solution for enhanced productivity and efficiency of machineries and other assets. The new solution will feature Wipro's IoT offerings and integrate many IoT platforms that are hosted on-premises or in the cloud.  

Ray O’Farrell, executive vice president & chief technology officer, VMware, said: “Building an edge computing solution today is a time-intensive exercise most enterprises can’t afford. Today, VMware unveils hyper-converged edge computing solutions that are cost-effective and will enable customers to build and scale secure, use case-specific IoT solutions that work for them from the edge all the way to the cloud, relying on proven, tested software they already use and trust.

“Together with ecosystem partners Axis, Wipro Limited and Dell EMC, we’re excited to deliver the first of many tailored solutions to meet the unique IoT needs of our enterprise customers,” O’Farrell added.

Picture credit: VMware

iottechnews.com: Latest from the homepage

Cash For Apps: Make money with android app

Google Assistant rolls out ‘routines’ and plans deeper integration with hardware — and even telcos

Google Assistant is rolling out its ‘routines’ feature and plans to embed itself deeper into devices — even integrating directly with telcos.

First announced back in October, the routines feature allows several commands to be linked together from a single phrase. For example, saying “Hey Google, I’m home” may switch on your lights, play some music, set a comfortable temperature, and get the kettle boiling.

Perhaps most intruiging are Google’s plans to integrate with telecoms providers

The virtual assistant integrates with a wide range of IoT devices today for specific actions such as turning on your Hue lights. Google will soon integrate with the specific hardware of a device so a user could say “Hey Google, open my camera’s portrait mode” for smartphones with the feature.

While it’s camera-based features Google is focusing on first, the company plans to expand it to other innovations that hardware manufacturers may debut in the coming years. Initial partners include Sony, LG, and Xiaomi.

Perhaps most intruiging are Google’s plans to integrate with telecoms providers. Users could ask for things such as how much data is left in their plan, add certain features like roaming passes, or even ask for programs to be recorded in the case of companies which also offer DVRs with TV packages.

There’s no current timeline for the feature, but it sounds as if carriers are being supportive of Google’s plans. Initial carriers will include Sprint, Vodafone, Koodo, and Telus.

Are you impressed by Google Assistant’s features? Let us know in the comments.

iottechnews.com: Latest from the homepage

AT&T furthers IoT professional services capabilities with Ericsson

AT&T is furthering its professional services capabilities for IoT with Ericsson to help companies adopt and expedite IoT related solutions.

Global Device Certification is offered by AT&T with Ericsson including testing, verification and white glove support with regulatory approval for IoT devices. The Ericsson-AT&T team up implies that AT&T customers can lower their risk and speed timelines for the global expansion of IoT in over 150 nations.

On the Ericsson-AT&T collaboration for global device certification, Jeff Travers, head of IoT, Ericsson, said, “Through our collaboration for global device certification, AT&T and Ericsson are building a global ecosystem for IoT, enabling enterprises to capitalize on the opportunities of the Internet of Things. With these services, enterprises can reduce the risk of launching devices and decrease their time to market as they expand globally.”

Launched in January 2017, AT&T’s IoT professional services portfolio has drawn attention from enterprises across all sectors. Consequently, AT&T is expanding its core capabilities to include consulting, application solutions, device lifecycle solutions, and managed services and support.

Mike Troiano, vice president, IoT Solutions, AT&T, commented, “Companies want to connect things to extract value. We’re meeting that demand head-on by expanding our IoT professional services capabilities. Our services help businesses achieve scale and longevity in design, lower cost implementations, save time and resources, and innovate quicker.”

Smart water meter company, Badger Meter, which uses secure AT&T networks and AT&T Global SIM wireless connectivity, recently approached AT&T for its professional services to certify the water meter devices as it ventures into fresh markets. Both AT&T and Ericsson worked hand-in-hand to manage the global pre-launch process to bring down regulatory and technological complexities.

Meanwhile, AT&T is planning to offer mobile 5G with multi-gigabit speeds to customers of 12 US cities, including select parts of Dallas, Atlanta and Waco, Texas, by the end of 2018.  Additional cities to avail this service will be announced by AT&T soon.

iottechnews.com: Latest from the homepage

Research: Connected car owners would not buy a driverless

New research conducted by Solace indicates a lack of interest in driverless cars even from those currently enjoying connected technologies in their vehicle.

Drivers of connected cars are often seen to be early adopters, but it seems automotive manufacturers will have a hard time selling self-driving vehicles even to those at the cutting edge of technology.

More than half (57%) of the respondents in Solace’s research said they would not buy a self-driving car, even if they were reasonably priced.

Almost two-thirds (62%) believe the connected car technologies available in their current vehicles allow them to drive safer — something research backs up. Most of these cars offer assistive or semi-autonomous features rather than full self-driving capabilities.

Shawn McAllister, CTO of Solace, says:

"The automotive industry is focused on bringing self-driving cars to the mass market, but our survey showed that connected car drivers of all ages just aren't ready to hand over the wheel.

While advancements in autonomous vehicle technologies are incredibly exciting, it's important to keep an understanding of the consumer front and center. We hope our survey will help in this regard."

Solace’s findings match similar research (PDF) indicating the public’s wariness of giving up control to self-driving cars. Interestingly, older drivers appear to be more receptive to autonomous technologies than younger generations.

Almost half (46%) of millennials ages 18-25 would not trust their car to automatically react to driving conditions, whereas only a third of drivers 65 or older felt that way.

What are your thoughts on the research? Let us know in the comments.

iottechnews.com: Latest from the homepage

Losant secures $5.2 million in Series A financing to meet surging IoT solutions demand

Losant, a US-based startup that helps enterprises build IoT solutions, prepares itself to meet the surging demand for next generation connected solutions by securing a sum of $ 5.2 million in a Series A financing round.

Securing the amount, Charlie Key, CEO of Losant, said: “We’re excited to see our platform power intelligent solutions across a gamut of industries and use-cases. Our customers are pushing new boundaries in industrial equipment monitoring, asset tracking, smart buildings, and more. With endless possibilities, Losant is uniquely positioned to help thousands of companies in their IoT journey.”

The round was led by CincyTech. Revolution’s new Rise of the Rest seed fund, TechNexus, and Vine Street Ventures also took part.

Mike Venerable, CEO of CincyTech, said: “Connected experiences are going to transform business and personal experiences for all of us in the next decade. Billions, not millions, of connected devices are being deployed across all domains. Losant's reliable and scalable platform for IoT is being used in an accelerating number of scenarios that represent the connected future.”

JD Vance, Rise of the Rest seed fund managing partner, said: “Losant’s use of next generation IoT solutions has the potential to change every industry and business and the fact that it’s a promising Ohio-grown startup makes it that much more exciting. We are thrilled to invest in Losant alongside CincyTech, who has been helping entrepreneurs build successful technology companies in southwest Ohio for a decade.”

iottechnews.com: Latest from the homepage

IoT by name or nature? Delivering experience over appearance

The last few years have seen a whole raft of IoT vanity projects, where connectivity for connectivity’s sake was the order of the day. Everything from connected loo-roll holders that warned when paper levels were low (if only there was a pre-existing, simpler way), to flip flops that had IoT capability crammed in and called ‘smart shoes’.

The practical use of these types of products being next to zero, many consumers have been driven to despair. And from a business perspective too, IoT by name rather than nature can be damaging. There is the worrying potential for organisations to divert millions of dollars into IoT projects without a clear handle on their objectives, and possibly worse, without a thorough testing plan throughout to ensure the app delivers as intended.

Gartner estimates that by 2020, there will be seven billion connected business devices out there. In this digital transformation boom, companies are investing vast sums in IoT capabilities, and the B2B IoT market is growing fast. But the question remains, how much of this growth actually benefits customers? And how can organisations ensure that when they embark on an IoT project, that the project is useful and consistently delivers the value it should to its intended audience?

Delivering real value

Instead of businesses trying to nail down their own version of what an IoT ‘vision’ should look like, perhaps everyone could be better served by taking a look at those doing it successfully and using this intelligence to optimise IoT offerings from inception to delivery. Like any other mission-critical area, IoT needs a strategy and a vision way before its inception.

Companies like Volvo Car Group seem to be doing things right. Klas Bendrik, their SVP & CIO, was at a recent awards ceremony to receive recognition for the work Volvo is doing with their connected cars and cloud technology, embracing the IoT, when he said: “We take the best available technology and make it work in the most useful way for our customers. It’s about using technology to provide tangible real-life benefits, rather than providing technology just for the sake of it.”

This is exactly the point. Other companies would do well to try and live up to approaches that deliver clear value (in this case, more efficient and/or safer cars, helping people’s journeys). If they can deliver initiatives that have real benefit for customers, this success will make the IoT ever more popular. In turn, this only makes it more valuable and relevant to day to day life and business. Therefore, performance and availability of connected devices will become key differentiators when it comes to an ever more competitive and crowded market place.

Test, test, and test again

The lesson here is that companies investing in IoT have to put the time into doing it right, and in most instances, this means proper monitoring and testing in order to guarantee continuous performance that will actually add true business value. If the idea was to create a digital app to delight customers, then it’s vital to ensure the app delivers against this vision. In short, it needs to work and stand the test of time and popularity. 

We know that connected IoT devices have a high level of dependency on speed of communication. This can open them up to issues such as unreliable network hardware or slow internet connection. Testing IoT devices to make sure that they’re not losing data, failing to respond, and work in any scenario, is imperative.

Key to the customer experience is proactively monitoring your websites and applications, not to mention APIs – and to do it 24/7 rather than intermittently. So, before your valuable customers run into a wall and start making a lot of noise about any availability or performance issues, you can already be fixing the problem. Speed is crucial; performance indicators like page load times are directly linked to a loss of views and visitors – the longer you test people’s patience, the more risk you run of losing their trade.

There are more issues to consider, cyber-crime and data privacy not least amongst them. The downside of the IoT can be a dangerous one – and embarrassing. After all, who wants to get hacked by a kettle? Testing needs to push applications on all areas of performance, including how secure they are for end users.

Making sure that we get the most out of IoT projects shouldn’t rely on an ad hoc process which concerns only a few techie individuals in any given organisation. Not so long ago, Business Insider predicted that the Internet of Things will be the largest device market in the world by 2019. In a year or so, it will be more than double the size of the smartphone, PC, tablet, connected car, and the wearable market combined. By then, let’s hope all those devices are things we need (and love!), and work with 24/7 reliability. Proper testing can enable organisations to take the first step on this journey, and deliver leading customer experience.

iottechnews.com: Latest from the homepage

Live, die, repeat: The security shortcuts endangering IoT device adoption

IoT devices are repeatedly exhibiting the same flaws creating a massive vulnerable attack surface which will inevitably lead to more major attacks. We’ve already seen DDoS attacks increase 91 percent over the course of 2017 due to vulnerable deployed devices, yet estimates suggest only 9 percent of IoT vendor budgets are spent on security. This pitiful investment is leading to shortcuts and a ‘live, die, repeat’ attitude to development that spells disaster for the user and the long-term viability of the IoT seedbed.  

So what are these common issues that are cropping up time and again? Security research reveals specific issues across all aspects of IoT design, from access and connectivity, hardware and firmware, and update mechanisms. 

Access all areas

In terms of access, vendors often fail to implement ‘least privilege’ in the permissions on the device. Without this an attacker can quickly gain root access to the entire system. The root user log-in should require a password and this should not be set by default or hardcoded in as this could mean that one vulnerability, such as having telnet enabled, could provide root access.

Encryption is also another common failing, without which the attacker can recover keys, certificates, hashes, and passwords and again gain control. Using System on a Chip (SoC) to store encryption keys or sensitive information on the device using Trusted Platform Module (TPM) is the preferred option. A secure boot should also be implemented as without this the SoC cannot check the integrity of the bootloader, and the bootloader cannot check the integrity of the firmware. This can allow an attacker to modify firmware of the device, either by subverting controls on the firmware update process, or through physical access to devices.

Just because the device is encrypted doesn’t mean it is protected, however. Poor implementation of encryption such as encryption without MAC, hardcoded IV and weak key generation can all lead to compromise and steer clear of home-grown cryptography. Ensure encryption is extended to include firmware. Attacks can see malicious firmware deployed to devices so sign and validate the signature during updates and ensure that the HTTPS connection is secure, with SSL certificates validated.

Wireless weaknesses

Connectivity is also a major sticking point. There’s a tendency to assume that a local connection over a WiFi access point or Bluetooth Low Energy (BLE) confers some protection because of the limited range of the signal but this can still lead to drive-by attacks. Typically wireless communication is used to pass the user’s SSID and pre-shared key (PSK) to the device, often in plain text, which the attacker can then capture and use.

Redundant functions often provide a convenient entrance point for the attacker. Developers favour off-the-shelf toolkit such as BusyBox, described as the Swiss army knife of embedded Linux, but it’s important to minimise the use of these functions. Similarly, open ports or redundant web user interfaces should be disabled rather than left in place. Devices that ship with serial ports enabled are particularly vulnerable. This can allow the bootloader, a login prompt, or an unprotected shell to be accessed. Such debug headers may well be present for troubleshooting during the development and programming stages but should be disabled in the end consumer product, an issue often overlooked.

Exploiting buffer overflows is another prime way for the attacker to seize control of the device once it’s on the network but it’s possible to prevent this by using compile time hardening in the form of PIE, NX, ASLR, RELRO, Stack Canaries or Fortify. These are often included in embedded systems but can affect performance and battery life so some experimentation will be required. Consider also whether unsafe functions associated with buffer overflow are used ie strcpy, sprint, and gets, used in binaries on the system.

Keep it current

Is the software up to date? This sounds obvious but lots of devices have Certificate Authority (CA) bundles predating 2012, kernels dating back ten years, old versions of Busybox or even web server connections last accessed in 2005. Old CAs may have already been compromised but are still used by developers because it’s generally easier to leave them in place and simply switch off certificate validation. Unfortunately, this can then expose the device to man in the middle attacks. Check the certificate is correctly signed by a valid certificate authority, check that it matches the server name, and check that it hasn’t expired.

If IoT vendors take the necessary steps to address these common security failings these devices will no longer be so easy to hijack and to subvert. A failure to do so will inevitably lead to yet more behemoth botnets, as well as the emergence of malicious firmware updates and ransomware attacks, which could potentially threaten the viability of the IoT itself.

iottechnews.com: Latest from the homepage

Sigfox posts €50 million in revenue, reiterates plans for 60 country connectivity in 2018

Sigfox, the French-based Internet of Things (IoT) connectivity provider, has announced its 2017 results and 2018 roadmap, promising a network of 60 countries and more than a billion people worldwide.

Revenues went up to €50 million (£44.4m), a rise of more than 56% year over year, according to the company, while the total number of objects connected to the Sigfox network rose by 65% to a total of 2.5 million. Alongside this, the company’s network grew to 45 countries earlier this month, including Malaysia, South Korea, and Switzerland.

Looking at the company’s 2018 roadmap, alongside its network figures Sigfox is promising greater focus on its evangelisation strategy. To that end, the provider is launching Hacking House, a project that will ‘bring together students from around the world to learn about IoT and Sigfox’s pioneering technology’, as the company put it.

“There is tremendous value in IoT, which lies in the data that is generated by millions of connected objects across the globe,” said Ludovic Le Moan, co-founder and CEO of Sigfox in a statement. “It’s up to us to turn this golden opportunity into a multi-billion dollar industry, just like we did with petrol a century ago.

“Our challenge for the next few years will be to lower the cost of collecting that data to close to zero,” Le Moan added.

This makes for an interesting comparison when looking at Sigfox’s proclamations in November 2016. The company had just secured a €150m funding round and promised then what it promises today – coverage in 60 countries by 2018.

iottechnews.com: Latest from the homepage