1aim brings connected devices to workplace doors & beyond

connected security devices

In the era of connected technology Berlin company 1aim are carving a niche for themselves in connected security for commercial buildings. I met with Torben Friehe, CEO of 1aim to find out more.

1aim builds a complex array of hardware and software for a simple purpose: open any door by waving a smartphone in front of a retrofitted lock instead of needing a key, swipe card or access code. Administrators use a simple app interface to issue digital passes via email or SMS to anyone visiting including non-registered users like guests or contractors.

Friehe likens them to “a central nervous system for buildings” explaining that 1aim  has created an enterprise-grade access control system that serves two functions – first, to allow professional access and identity management and, second, to gather large amounts of valuable data to enable companies to identify space usage patterns in their commercial space.

lightacess_3Friehe explains that as the company ships more software, customers will be able to use the device to collect and analyze data and perform a suite of tasks to improve cost flows and efficiency, such as arm areas or turn off electricity to reduce utility expenses as employees leave their offices.Other features include allowing users to request conference rooms and automatically provide them with the ideal premises fitting their requirements.

“Since our platform knows who is where and when, it will also be able to allocate the right space to every employee on an individual basis and offer strategic work-layout suggestions to optimize operations.”

What are the cultural differences when it comes to smart locks in Germany compared to the US?

As an expat myself living in Germany I was interested to know the differences in how Deutsch and American people view security and technology. Friehe noted that:

“German homeowners would not trust doors that are seen as perfectly safe in America. In Germany, homeowners take enormous pride in the so-called “Resistance Class” that their door fulfills. But most U.S. doors would not even pass the lowest grade of such certification. The same goes for mechanical locks. Many German homeowners purchase high-quality lock cylinders that cost up to a few hundred euro per piece. Although there are security grades in America as well, German consumers have a much wider variety of choices and can select products offering more mechanical security. We have had meet extremely high-security standards in Germany as part of our partnership with the Hormann Group.”

Connected security in a crowded space requires complex solutions

Connected security is becoming a crowded space with the involvement of industry stalwarts like Honeywell and Yale. However, the majority are focused on the consumer market and fewer are equipped to respond to the challenges of older commercial buildings. Friehe explains that:

“In the building platform space, we see competitors attempting to build a “building operating system,” a software connecting all the hardware in a building. We don’t see this approach as working. Without a strong hardware foundation, there is just no way to connect legacy and modern systems. These companies might be able to supply middleware, but as long as they focus on software alone they will not be able to dominate this space. So our major differentiation point here is that we supply the hardware at the core of our system, providing quality ID-related data.”

Friehe also compares questions companies that monitor space utilization using sensor boxes as their hardware, noting that

“These companies cannot supply the same data quality that we can provide, as their data is not connected to the ID of users in any way and the number of potential data points is limited.”

The company sees the opportunity in the future to team up with companies in the HVAC and energy optimization sector where “We can make good use of their data, and they might require some of ours.”

How secure are connected locks?

One need only read the agenda of the latest DEFCON or Black Hat conference to know that there will be security researchers showing their prowess in hacking connected home security devices.  Then over the last week, we’ve seen spirited discussion after Amazon revealed they are sealing smart door locks that enable Amazon to deliver packages inside your home with a smart lock and connected camera. Walmart recently offered to deliver groceries straight to people’s fridges with a similar system. When polled about the idea of Amazon in-home delivery three different surveys suggested strong opposition to the idea, perhaps in the spirit of ‘just because you can, doesn’t mean you should.’

In regard to security, Friehe believes that:

“As an industry, we must guarantee that companies are not developing software to a negligent degree. They need to implement accepted industry practices, which should be enhanced to demand more regular audits when it comes to how data is collected and stored. Companies need to have security in mind and be held accountable if they fail to observe best-practices. This is especially so with connected devices, where extremely personal life data is concerned.

Ultimately, the free market will serve as the catalyst for ensuring that security in the IT sector catches pace, but there will be much more bloodshed and massive attacks.”

Presently, 1aim’s access control product LightAccess Pro can be purchased on Amazon Germany, UK and France, or by contacting their offices directly.

The post 1aim brings connected devices to workplace doors & beyond appeared first on ReadWrite.

ReadWrite

Rob Goldstone, the music publicist who connected Russians to the Trump campaign, is talking again

Remember him?

Rob Goldstone is back.

The British music publicist who brokered a meeting between the Trump campaign and four Russians in the summer of 2016, then became famous last summer for doing so, is talking again.

Goldstone went quiet once emails between him and Donald Trump Jr surfaced in July. Now he given his first interview since the story broke. It’s with the The Times of London, and in it Goldstone explains how and why he arranged the meeting, while downplaying its significance.

Goldstone now says his outreach to Donald Trump’s son, where he said there was “very high level and sensitive information” about Hillary Clinton available as “part of Russia and its government’s support for Mr Trump,” was full of “puffery”.

His intent, Goldstone says, was to arrange a meeting with the Trump family and his client Emin Agalarov, a Russian pop star whose father is oligarch Aras Agalarov. He says he didn’t think much about the language he used to approach the Trump campaign, or the content of the meeting, which he attended.

I’ll leave it to professional Trump followers — including Robert Mueller, whom Goldstone says he plans to talk to — to interpret Goldstone’s commentary. Though it seems to me the key part of the incident is the Trump campaign’s willingness to meet Russians who said they had dirt on Hillary Clinton.

As I read it, that includes Trump’s son-in-law, Jared Kushner, who in Goldstone’s telling was “furious” during the meeting — because Russian lawyer Natalia Veselnitskaya didn’t provide information about Clinton. Goldstone: “I believe that she practised a classic bait-and-switch. She got in there on one pretext and really wanted to discuss something else.”

Back to Goldstone: He tells the Times he’s been hanging out in Asia, as part of a previously planned year-long trip around the world. He says he’s as surprised as anyone that he has a featured role in the ongoing Trump/Russia story: “Look, I’m quite loud, I’m quite brash and openly gay on social media,” he says. “I don’t exactly fit the mould.”

About that social media part: Until today, Goldstone seems to have clammed up on Facebook, where he used to post lots of selfies of himself in ridiculous hats. But his account is still up and running, and occasionally his friends tag him in posts: There is a series of posts from this fall featuring restaurants in Thailand. (I’m Facebook friends with Goldstone, and when I saw them I assumed the tags were jokes, because why would Goldstone want people to know where he was if he wasn’t talking in public? But now it looks like they were real, after all.)

Now Goldstone is using the account again — to promote himself. Today’s post is a video of someone flipping through a print edition of Goldstone’s profile, with this caption: “Today — after many months — I got my voice back and told my story exclusively to the U.K. Sunday Times Magazine.”

Presumably Goldstone will have more Facebook posts to come, when he publishes a book he says he’s writing. Working title: “Useful Idiot: How an Email Trumped My Life.”


Recode – All

Which? calls on retailers to withdraw risky connected toys

Which? calls on retailers to withdraw risky connected toys

A recently published study by consumer watchdog Which? has found that connected toys pose a string of complex security risks.

Just in time for the start of the Christmas shopping season, Which? is calling on retailers to stop selling a number of connected toys.

The consumer watchdog organised testing of a range of WiFi and Bluetooth-connected toys on sale at many major retailers, including Argos, Hamleys, Toys R Us and Amazon. These included: Furby, I-Que Intelligent Robot, Toy-fi Teddy, CloudPets, Wowee Chip, Fisher-Price Smart Toy Bear and Mattel Hello Barbie. 

Read more: IoT teddy bears leak more than 2 million recordings between parents and kids

Riddled with flaws

In all cases, toys’ Bluetooth connections had not been secured, says Which?, “meaning during the tests, our hacker didn’t need a password, PIN code or any other authentication to get access.” 

More worrying, in four out of seven of the devices put through their paces, the researchers found that vulnerabilities would allow a stranger to communicate with a child, via that toy. These problems were found in:

  • Furby Connect: “Anyone within a 10-30 metre Bluetooth range can connect to the toy when it’s switched on, with no physical interaction required,” says Which? “This is because it does not use any security features when pairing. Plus, you can make the connection via a laptop, opening up more opportunities to control the toy. Our security experts were able to upload and play a custom audio file on the Furby.”
  • I-Que Intelligent Robot: This uses Bluetooth to pair with a phone or tablet through an app but the connection is unsecured. The Which? investigation found that, “anyone can download the app, find an I-Que within Bluetooth range and start chatting using the robot’s voice by typing into a text field.” The toy is made by Genesis Toys, Which? notes, which also manufactures a doll, Cayla, that was recently banned in Germany due to security and hacking concerns.
  • CloudPets: This cuddly toy purports to enable friends to send messages to a child, but Which? found that it was possible for a hacker to exploit its unsecured Bluetooth connection and make it play their own messages.
  • Toy-fi Teddy: This toy allows a child to send and receive personal recorded messages over Bluetooth via a smartphone or tablet app. Again, Which? found the Bluetooth lacks any authentication protections, meaning hackers could send their voice messages to a child and receive answers back.

Read more: IoT device makers: Tackle security or face legal action

Warning to parents and retailers

Alex Neill, managing director of home products and services at Which?, explained that his organisation has written to retailers to warn them of the risks.

“Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution,” he said.

“Safety and security should be the absolute priority with any toy. If that can’t be guaranteed, then the products should not be sold.”

All of the manufacturers involved were given a right of reply. A the time of writing, only Furby maker Hasbro and i-Que Robot distributor had answered and their responses can been seen here. Spiral Toys, the maker of CloudPets and Toy-fi Teddy declined to comment, according to Which?

Spiral Toys has been accused of lax security before – as recently as February 2017, in fact, when Internet-connected teddies made by the firm were found to have leaked the email addresses and password details of more than 800,000 customers online.

And in July this year, the US Federal Bureau of Investigation (FBI) issued a public guidance notice, urging parents to report weak security in children’s toys connected to the internet.

Read more: More than two-thirds of consumers are concerned about IoT device security

The post Which? calls on retailers to withdraw risky connected toys appeared first on Internet of Business.

Internet of Business

‘Connected’ cars are hitting UK roads for the first time

Slowly, the UK government is realising its dream of making the nation a self-driving research hub. UK Autodrive, a publicly funded consortium that includes Jaguar Land Rover, Ford and TATA Motors, has announced a new set of trials in Coventry today….
Engadget RSS Feed

Honda’s connected cars will communicate over 5G

When it's not busy making billion-dollar acquisitions to expand its robotics line-up, Japanese mobile carrier SoftBank is pursuing its other hobby: smart cars. Central to this endeavour is its partner, and fellow Japan native, Honda. Last year, the t…
Engadget RSS Feed