Apptimate | Internet of Things
456
archive,category,category-internet-of-things,category-456,dwpb-push-page,dwpb-allow-close,ajax_fade,page_not_loaded,,select-child-theme-ver-1.0.0,select-theme-ver-3.8.1,wpb-js-composer js-comp-ver-5.1.1,vc_responsive

Internet of Things

Sensative launches Yggio – a technology-independent, open and secure platform and marketplace for property services

Lund/Las Vegas. 5th January 2017.

Sensative proudly announces the launch of its open, secure connectivity platform and marketplace for property services, called Yggio. Pronounced igg-io, Yggio enables multipoint-to-multipoint communications, offers device and service interoperability and secures personal data privacy via an encrypted permission layer for all data exchange activities.

Yggio lets property owners and tenants enjoy full control over devices and utilities used for property and tenant services in their building — eliminating excessive costs and lack of synergies. Technology and service partners use the open, secure Yggio platform and service marketplace to rapidly deliver their service applications within facility management, elderly and home care services, home security, smart apartments, homes and smart agriculture and more.

The name Yggio is based on the tree of life in Nordic mythology, called Yggdrasil, which plays a major role gathering and distributing all knowledge and wisdom through its roots and branches. The Norse gods gathered at Yggdrasil, where they settled matters in their community. The Yggio platform and marketplace firmly connect all Internet-of-Things (IoT) devices with high-value service delivery solutions. The platform uses a public API, which makes it possible for device manufacturers and service providers to use the Yggio platform.

Yggio is a major new investment area for Sensative, and it follows Sensitive’s global success with its ultra-thin sensor called “Strips”, which was launched at CES 2015. Sensative is in the process of establishing many IoT services onto Yggio, working closely together with a range of innovative technology, device and service partners. Several IoT services are piloting and testing Yggio with end-users and customers in Sweden within the areas of home security, facility management, heating, ventilation, and eHealth.

“Already before the launch of our Strips sensors we knew that our mission in life would lead us to build a secure and open connectivity platform for IoT services”, states founder and CEO Mats Pettersson. “Given our strong background in mobile technology developing from closed dialing devices to open platforms for millions of digital services, we all knew we just had to use this know-how to build a very scalable, open and multi-purpose platform. Now we are looking forward to building a strong and dedicated eco-system of partners for the property services market. We are grateful that our partner CTS supports our efforts and is displaying Yggio and some of our service partners in their stand at CES. Our service partners include Apptimate, Cenvigo, FM Technology, Alleato and Goda Grannen.”

About Sensative. Sensative is a rapidly-growing innovation company of practical Internet-of-Thing solutions. Its ultra-thin Strips sensor enables invisible mounting on windows and doors, up to 10-year carefree operations and instant integration with home security systems. It’s open, secure connectivity platform and marketplace for property services, called Yggio, enables multipoint-to-multipoint communications and true hardware and software interoperability. Sensative was founded in 2013 and is based in Lund (Sweden) and employs around 25 people, many with extensive backgrounds in mobile and cloud technology. Visit Sensative online at www.sensative.com or contact Mats Pettersson, Chief Executive Officer, through press@sensative.com.

About CTS. Founded in 1998, Connection Technology System Inc. (CTS) has continuously focused on the market segments of FTTX Triple Play and Industrial solutions. Today CTS is one of the top solution providers for network operators, service providers, and telecom companies worldwide. www.ctsystem.com.

About Apptimate. Apptimate offers secure object broker with end-to-end payload encryption services for IoT and Mobile Communications. www.apptimate.io.

About Cenvigo. Cenvigo design, develop and implement digital applications and smart sensor systems to promote the next generation of health- and elderly care. www.cenvigo.com.

About FM Technology. FM Technology is an IoT company offering facility management services. www.fmtechnology.se.

About Alleato. Alleato has developed an end-to-end concept for and health and safety services for the home. www.alleato.se.

About Goda Grannen. Goda Grannen (“The Good Neighbour”) has developed a service for neighborhood watch where residents in a neighborhood watch out for each other in matters related to security and safety. www.godagrannen.se.

About Z-Wave. Z-Wave technology and is an open, internationally recognized ITU standard (G.9959). It is the leading wireless home control technology in the market today, with over 1200 certified interoperable products worldwide. Represented by the Z-Wave Alliance, and supported by more than 300 companies around the world, the Z-Wave standard is a key enabler of smart living solutions for home safety and security, energy, hospitality, office and light commercial applications. Z-Wave® is a registered trademark of Sigma Designs and its subsidiaries in the United States and other countries.

About Z-Wave Alliance. Formed in January 2005, the Z-Wave Alliance is a consortium of leading companies in the home technology space dedicated to solidifying Z-Wave as the standard for wireless home control products. The principal members include; ADT, Evolve Guest Controls, FAKRO, Ingersoll-Rand, Jasco Products, LG Uplus, Nortek Security & Control, SmartThings and Sigma Designs. Alliance members lead the home controls market, providing leading edge products and systems that deliver increased comfort, convenience, energy conservation, safety and security. For more information on the Z-Wave Alliance, please visit http://z-wavealliance.org

Z-Wave Alliance Press Contacts Caster Communications Inc. at +1.401.792.7080 Kimberly Lancaster, klancaster@castercomm.com

About CES. For 50 years, CES has been the launch pad for new innovation and technology that has changed the world. Held in Las Vegas every year, it is the world’s gathering place for all who thrive on the business of consumer technologies and where next-generation innovations are introduced to the marketplace. For more information on CES, please visit https://www.ces.tech/

sensative
Z-Wave_Alliance_Logoa

Security recommendations for IoT by BITAG

This is an extract of the excellent BITAG report “Internet of Things (IoT) Security and Privacy Recommendations”, published courtesy of BITAG, Broadband Internet Technical Advisory Group.

 

We highly recommend downloading and reading this report. And, even more importantly, to implement these recommendations, where the Apptimate platform can be a valuable part of your developer toolkit.

 

The full report can be found here.

BITAG believes the recommendations outlined in this report may help to dramatically improve the security and privacy of IoT devices and minimize the costs associated with collateral damage. In addition, unless the IoT device sector—the sector of the industry that manufactures and distributes these devices—improves device security and privacy, consumer backlash may impede the growth of the IoT marketplace and ultimately limit the promise that IoT holds.

BITAG recommended several security standards for IoT devices, including timely, automated software updates and password protection. The organization also said there should be more testing of customization options and an implementation of encryption best practices. BITAG also highly recommended allowing IoT devices to function if internet connectivity or the cloud fails, especially in the case of home alarm systems.

In the past few years, many devices now being connected to the Internet are not only personal computers but also a variety of devices embedded with Internet connectivity and functions. This class of devices has generally been described as the Internet of Things (IoT) and has brought with it new security and privacy risks.

Although consumers face general security and privacy threats as a result of any Internet-connected device, the nature of consumer IoT is unique because it can involve non-technical or uninterested consumers; challenging device discovery and inventory on consumer home networks as the number and variety of devices proliferate; negative effects on the Internet access service of both the consumer and others that run on shared network links; and effects on other Internet services when these devices are compromised by malware and become a platform for unwanted data traffic—such as spam and denial of service attacks—which can interfere with the provision of these other services. Importantly, the number and diversity of consumer IoT devices is growing rapidly, and these devices often function autonomously, without human intervention.

Several recent incidents have demonstrated that some devices do not abide by rudimentary privacy and security best practices. In some cases, devices have been compromised and allowed unauthorized users to perform Distributed Denial of Service (DDoS) attacks, perform surveillance and monitoring, gain unauthorized access or control, induce device or system failures, and disturb or harass authorized users or device owners.

Potential issues contributing to the lack of privacy and security best practices include: lack of IoT supply chain experience with security and privacy, lack of incentives to develop and deploy updates after the initial sale, lack of secure overthe-network software updates, devices with malware inserted during the manufacturing process, and more.

Recommendations

IoT Devices Should Use Best Current Software Practices

IoT Devices Should Ship with Reasonably Current Software

BITAG recommends that IoT devices should ship to customers or retail outlets with reasonably current software that does not contain severe, known vulnerabilities.

 

IoT Devices Should Have a Mechanism for Automated, Secure Software Updates

Software bugs should be minimized, but they are inevitable. Thus, it is critical for an IoT device to have a mechanism for automatic, secure software updates.  BITAG recommends that manufacturers of IoT devices or IoT service providers should therefore design their devices and systems based on the assumption that new bugs and vulnerabilities will be discovered over time. They should design systems and processes to ensure the automatic update of IoT device software, without requiring or expecting any type of user action or even user opt-in.

 

IoT Devices Should Use Strong Authentication by Default

BITAG recommends that IoT devices be secured by default (e.g. password protected) and not use common or easily guessable user names and passwords (e.g., “admin”, “password”).

 

IoT Device Configurations Should Be Tested and Hardened

Some IoT devices allow a user to customize the behavior of the device. BITAG recommends that manufacturers test the security of each device with a range of possible configurations, as opposed to simply the default configuration.

IoT Devices Should Follow Security & Cryptography Best Practices

Manufacturers should take care to avoid encryption methods, protocols, and key sizes with known weaknesses. Additional encryption best practices include:

  • Encrypt Configuration (Command & Control) Communications By Default
  • Secure Communications To and From IoT Controllers
  • Encrypt Local Storage of Sensitive Data
  • Authenticate Communications, Software Changes, and Requests for Data
  • Use Unique Credentials for Each Device
  • Use Credentials That Can Be Updated
  • Close Unnecessary Ports and Disable Unnecessary Services
  • Use Libraries That Are Actively Maintained and Supported

IoT Devices Should Communicate Securely

IoT Devices Should Be Restrictive Rather Than Permissive in Communicating

When possible, devices should not be reachable via inbound connections by default. IoT devices should not rely on the network firewall alone to restrict communication, as some communication between devices within the home may not traverse the firewall.

 

IoT Devices Should Continue to Function if Internet Connectivity is Disrupted

BITAG recommends that an IoT device should be able to perform its primary function or functions (e.g., a light switch or a thermostat should continue to function with manual controls), even if it is not connected to the Internet because Internet connectivity may be disrupted due to causes ranging from accidental misconfiguration to intentional attack. IoT devices that have implications for user safety should continue to function under disconnected operation to protect the safety of consumers.

 

IoT Devices Should Continue to Function If the Cloud Back-End Fails

Many services that depend on or use a cloud back-end can continue to function, even if in a degraded or partially functional state, when connectivity to the cloud back-end is interrupted or the service itself fails.

IoT Devices Should Be Maintained Securely

Manufacturers should support an IoT device throughout the course of its lifespan, from design to the time when a device is retired, including transparency about the timespan over which they plan to provide continued support for a device, and what the consumer should expect from the device’s function at the end of the device’s lifespan.

More detailed recommendations can be found in the report here.

The value of Smart Home data

What’s the value of the data generated in a Smart Home?
And, more importantly, who owns it?

In the same way that a smartphone is not about having smarter phone calls, the Smart Home is not about the connected things. It’s all about the applications that will be derived upon all devices, data, businesses, people, etc.

To answer the question: If you own your house and turn it into a Smart Home then it is quite simple; You own your data. And it will be valuable.

You have all the rights to sell it or trade it to different service providers, like the power, cable or home security company. Maybe you don’t think about that every time you sign a contract for a service, but you should read the small print and see that you get value for your data. Or the service provider might try to generate value from your data without giving anything back to you.

But if you rent your place then things get more complicated.

Now the building itself becomes a hub, connecting the tech of the house with external and internal users, like the power company on the outside and the tenants on the inside.

These connected buildings have some new characteristics:

  • Buildings become self-aware and continuously anticipate and adapt to changes in weather, time of day, occupant needs, and socioeconomics.
  • Buildings will transact with utilities (including electricity, gas, and water), local power sources, and other buildings to provide services that will benefit building owners, utility operators, and the entire community.
  • Buildings will minimize their life-cycle cost while meeting their objective functions through optimizing energy and water use, enhancing health and the productivity of occupants, contributing to a cleaner environment, and actively supporting better living.

The important, but complicating, thing is that this is not a Big Data solution by default, as many early initiatives assume. Not one big central IoT platform that controls everything. This is because of many different data owners. The tenants own their data about their family and usage of their apartment and it’s connected appliances, home networks, TVs, etc., and this has data must be managed in a secure and privacy-protected way, or it will be impossible to lease those flats. Think of the landlord installing cameras in the shower… Privacy and security issues here is literally very close to home.

Next is the owner of the building. They have two assets generating valuable data, the sensors and tech of the building and the data about their tenants, probably anonymized and processed for statistics. This value will not be given away. It will be sold. These buildings will all be players in a new assets trading market for realtime data. Even if it is just to have a reduction on the power bill, it will be an asset that can be traded.

And so on…

All the participants in the Internet of Buildings, as a subset of smart city, smart home, smart predictive maintenance, smart grid, etc will be smart enough to realize the value in owning, controlling and capitalize upon their data.

Or some smart IoT entrepreneurs will take that position in the market like an AirBnB or Uber service for data.

6 Iot Security Fundamentals That Need To Be Solved

This is “6 Iot Security Fundamentals That Need To Be Solved” presentation from the IoT conference in Lund:

6 Iot Security Fundamentals That Need To Be Solved from Øredev Conference on Vimeo.

Internet of Things is still very immature. There is not even a consensus in what it means. It covers many different technologies like the new entrants wearables and connected household supplies, but also the very mature technologies in m2m. Vendors large and small hurry to launch products and take their stakes in this emerging markets. ITU-T standards and industry consortiums popping up everywhere that try to make some order in this chaos, but there are no common agreed uniform standards just yet.

So, if you start your IoT development projects today, there might not be one simple way of doing secure IoT. Different products and implementations require different solutions and strategies. A wearable will be something completely different from a connected medical device, or a Smart Home, or Smart City. However, there are some common characteristics that need to be handled as product design criterias from the start:

1. IoT products must die
2. Rosetta stone
3. Thanks for letting me in!
4. The fall of the wall
5. Rubber bands
6. The disappearing act

 

The presentation contains a clip from a BlackBerry Security presentation. A great live hack of a tea kettle!

6 IoT security fundamentals that need to be solved

The nice thing about standards is that you have so many to choose from;
furthermore, if you do not like any of them, you can just wait for next year's model.
- Andrew S. Tanenbaum

Internet of Things is still very immature. There is not even a consensus in what it means. It covers many different technologies like the new entrants wearables and connected household supplies, but also the very mature technologies in m2m. Vendors large and small hurry to launch products and take their stakes in this emerging markets. ITU-T standards and industry consortiums popping up everywhere that try to make some order in this chaos, but as the quote says, there are no common agreed uniform standards just yet.

So, if you start your IoT development projects today, there might not be one simple way of doing secure IoT. Different products and implementations require different solutions and strategies. A wearable will be something completely different from a connected medical device, or a Smart Home, or Smart City. However, there are some common characteristics that need to be handled as product design criterias from the start:

Product Life Cycles

How do you cope with security patches? Remote update? When the Tesla was hacked they pushed a security patch to all cars. After the Jeep Cherokee hack, Fiat quickly issued a safety recall for 1.4 million U.S. cars and trucks to install the security patch. Two very different approaches, two very different costs and inconveniences for the users.

Photo by: ANDY GREENBERG/WIRED

And then there is Product End of Life. What happens when your products aren’t maintained anymore? Companies change, suppliers go out of business or get bought, product lines are closed, old standards are abandoned. But the product that should have been retired is still online doing what it was installed to do. When the connected things no longer are updated, they become more vulnerable to attacks. An immortal IoT product will eventually be taken over by hackers.

Just think about the struggles Microsoft have had trying to end support for Windows XP.

Interoperability

Most solutions of today are a complete product; device – cloud – app from the same supplier. Very little system integration thinking, especially when you want to mix and match solutions from different vendors. Many big players in the IoT create their own ecosystem by designing solutions for their own smart things to be able to interact.

Say you buy a home alarm system from a supplier that connect to the Internet and can be controlled with an app. Down in the basement you have a heat pump from another supplier who is also online and can be controlled via another app. Eventually, the user would end up with an app for every smart gadget, and too many apps would mean that none would be used. Take the hilarious situations with the remotes on your living room table, one for the TV, one for the sound system, one for the cable modem, one for the lighting and multiply that with all potential gadgets at home, in your garden, your car, at your office…

By agreeing on how interoperability can be solved, existing suppliers and inventive entrepreneurs can develop new solutions and apps that automate and control the myriad of sensors and gadgets, providing radically new solutions and abilities cross-vendor technologies. But this openness also opens for malicious attacks, hacking, and other criminal and destructive behavior. With all data easily exposed it would be a simple thing to know when the house is empty for burglars to enter, to stalk people and to steal their identity.

Your solution must take into consideration the whole communication chain, from the device to possible aggregation hubs and cloud storage, to the actual user that might have a mobile app. The whole chain must be protected and secure, even if the app and the devices are from several different manufacturers.

Remote Control

IoT is not only about gathering “harmless” data from sensors, like temperature or an opening door. IoT will also give applications access to control real physical devices that can cause some real world damage.

What if it’s your oven that gets hacked? If you remove the safety features and turn the heat up way over max, then your kitchen, or even the whole house, burns. It might be by mistake by a hacker searching for information to steal but can just as easily be used for extortion schemes. Or even worse. As in the example of the Jeep Cherokee hack, turning off your breaks remotely is the perfect remote assassination method.

A non-secure Internet of Things will open a completely new door for terrorism and destruction.

Decentralized Communication over Public Networks

Most IoT devices will be placed outside the traditional fixed networks protected by firewalls. They will use wireless connections provided by carriers or public WiFi connections. This will put a lot of requirements on the device and the accessing applications to communicate securely over non-secure networks.

Most security technology of today is derived from the fixed network world with centralized servers talking to clients over a wire, using sessions and encrypted synchronous tunnel communication. This architecture maps poorly to the Internet of Things world.

Things will often communicate directly with other things. Take for instance a thermostat that adapts its behavior based on heat sensors in different rooms. Things will also sleep to save batteries. A device might wake up and gather some data and go back to sleep again after having evaluated that data. Radio signaling requires a lot of energy so the device will only connect and sent data when it is necessary, to save battery. This means that the communication will be bursty in its nature.

If the “listener” is also running on batteries, it should also be asleep when not in use. Neither the sending or receiving device should be required to stay awake and wait for the other one to wake up before signaling since that would reduce battery life. Ideally the communication should be asynchronous, like e-mail or messaging, instead of synchronous, like a phone call where both are online at the same time.

A secure connection will require strong encryption since the communication is outside the protection of traditional firewalls, and that is heavy on processors. Unnecessary signaling of raw data draws battery both for the encryption process and the radio connection, so if you want the device to have long battery life you need to design the device with some intelligence that makes simple decisions, like “tell the heater that this window has been opened if the temperature is below 15 degrees”.

Communication over Varying Connections

Another complicating factor of the wireless connection is that, depending on the device and application, the radio connection might be unstable. If your application is a sensor in a home you could probably rely on bringing your own IoT radio standard like Zigbee or Bluetooth into the application. But if you require longer distances or moving objects like a connected car your connection will be unstable and unreliable, jumping between networks. 4G, 3G, GPRS, public WiFi, etc. You will lose connection in radio shadow, and how do you manage roaming between these different network technologies, without losing data or increased security risks?

This problem is also addressed with asynchronous security and communication like discussed above, but in this case, it’s not about saving battery. It’s about having a reliable communication where information is sent and received without both end-points having to be online at the same time. The information must get through as soon as technically possible without any lost data packages.

Simpicity

How many routers and firewalls out there are still using the default password “password”? The vast number of common users will need to have automatic configuration and security. Remember the blinking 00:00 on the VCR? Have you set the time on your microwave? The suppliers of apps, systems and devices have to figure out how to protect the user without putting any requirement or blame on them.

You also have to provide simple but secure authentication mechanisms for all the people/systems/products accessing the device.  Without complicated setups etc.

The only security worth anything is the one that gets used. So your solution must be easy to use for the users, for the administrators and for the developers and integrators.

Many commentators described 2015 as “the year of IoT,” but so far, it has been a year of bad press. As an example, security firm Kaspersky recently ran a damning critique of IoT security challenges, “Internet of Crappy Things”.

Apptimate solves many of these issues. Contact us here to know more.

Internet of Things Security Challenges Means New Opportunities

IoT needs standards and interoperability

app-worldWe are rapidly heading for a world where everyone and everything is connected in a global mesh network. Today’s over-hyped early stage market will have to mature for the real solutions to come.

Most solutions of today are vertical; device — cloud — app. Very little horizontal and system integration, especially when you want to mix and match solutions from different vendors. Many big players in the IoT create their own ecosystem by designing solutions for their own smart things to be able to interact.

Say you buy a fridge from a supplier that connect to the Internet and can be controlled with an app. Down in the basement you have a heat pump from another supplier who is also online and can be controlled via another app. Eventually, the user would end up with an app for every smart gadget, and too many apps would mean that none would be used. Take the hilarious situations with the remotes on your living room table, one for the TV, one for the sound system, one for the cable modem, and so on, and multiply that with all potentially gadgets at home, in your garden, your car, at your office…

By agreeing on how interoperability can be solved, existing suppliers and inventive entrepreneurs can develop new solutions and apps that automate and control the myriad of sensors and gadgets, providing radically new solutions and abilities cross-vendor technologies.

But … Interoperability is a security threat

This openness also opens for malicious attacks, hacking, and other criminal and destructive behavior. With all data easily exposed it would be a simple thing to know when the house is empty for burglars to enter, to stalk people, to steal their identity, and so on.

The amount of damage that can be done is way greater than today. Take the recent hacks, like the Sony Entertainment hack; they were, of course, devastating for the companies, but it was still just information on their network, mostly historical data. Hacking the IoT world means access to real-time control of physical devices. How about turning off the breaks on a moving car, turning off the cooling system on a power plant or pulling the plug on an Air Control Tower? Or change the dose on an insulin pump? The amount of damage that can be done remotely will also open a new “market” for extortion and cyber warfare.

IoT will require a new level of security and privacy protection, simple enough for anyone to use, but hardened enough to make it impossible to break. Especially since most of these things will move around and communicate on public networks outside firewalls.
Based on this threat scenario we created apptimate.io, to provide a platform for developers making it easy to implement hardened communication security and privacy protection in any connected device, app or “thing”.

And… Age is a security threat

best-before-dateAll technology gets outdated, including these “things” and they need maintenance releases and patches. What happens when those products aren’t maintained anymore? Companies change, users don’t flash products with the latest firmware, suppliers go out of business or get bought, product lines are closed, and so on. But the product is still online doing what it was installed to do. When the connected things no longer are updated, they become more vulnerable to attacks. An ageing IoT will eventually be taken over by hackers.

IoT “things” should have a manufacturer defined shelf life and stamped with a “best before date”.

A business opportunity

The life span of a “thing” is is something that could be “self-controlled”. Many sensors are running on battery. Depending on what the sensor does and how it is constructed its battery has a life span. Interesting developments in battery technology increase lifespan to several months or years. So, if the supplier has a replacement program for dead sensors, they can update software as the same time as they charge or replace the battery.

This would also make way for a new business model; “Things-as-a-Service”.

An Internet of Things Guide to Smart Home Technology

This is a guest post from Alyson Gines of the Application Developers Alliance.

 

In the words of co-founder Fredrik Beckman, the Internet of Things (IoT) is an evolution, not a revolution. As cars, homes, and streets become more connected, it is vital for important issues—like privacy and security—to be considered at every step of development.

Developers need to understand the importance of data: how to use it, as well as how to protect it. In a survey conducted amongst 1,000 consumers in the United States, more than half believe home automation will be commonplace in less than 10 years from now. Nearly one-fourth is optimistic that technology will be an everyday feature in less than five years. Additionally, safety and security was voted in the survey as one of the top two necessary considerations for the adoption of smart home automation systems.

What does this mean for developers? Customers not only intend to have connected homes in the near future, but they also expect developers to design apps and systems that protect the user’s data. Privacy and security will be the deciding factor in which system, app, or device a consumer purchases, ultimately determining the success (or lack thereof) of a business or developer.

As an experienced leader in data privacy, Beckman commented, “Developers should be selective in what data and what control is provided to different users. Consider making data as anonymous as possible to protect customer privacy.” Even governments are insisting developers make the rules for security in IoT. A report from the Federal Trade Commission in the U.S. declared the industry itself should implement strong privacy and security practices from the outset, rather than being regulated down the line.

As global awareness of IoT grows, it is important for developers to understand how to best assist and protect the consumer. Security and privacy should be at the forefront of decision making while building a more connected future. For further insights into the issues and incredible potential of IoT, download Home Automation: An Internet of Things Guide to Smart Home Technology.

Why Internet of Things products must die!

Developing new products and services are getting more and more complex while product development times and life cycles are getting shorter and shorter. Products are tested over and over before release, but they still contain bugs and security vulnerabilities and that’s why it’s so important to install patches and security updates.

The Cisco 2015 Annual Security Report has some worrying data, that despite the fact that everyone knows the importance of updated systems, many companies are slow in applying security patches. For instance, despite the high-profile nature of Heartbleed, 56 percent of installed OpenSSL versions are more than 50 months old, and, therefore, remain vulnerable to Heartbleed, according to Cisco.

The problem gets worse with the introduction of Internet of Things. Everything connected to the Internet can be hacked, so the Internet of Things products must be programmed to die when they get old.

All technology gets outdated, including these “things” and they need maintenance releases and patches. What happens when those products aren’t maintained anymore? Companies change, users don’t flash products with the latest firmware, suppliers go out of business or get bought, product lines are closed, and so on. But the product is still online doing what it was installed to do. When the connected things no longer are updated, they become more vulnerable to attacks. An immortal IoT will eventually be taken over by hackers.

A possibility to extend the lifespan of a product is to release its software as open source at the end of the product lifecycle. But there is still no guarantee that anyone will pick it up and fix newly discovered problems. Otherwise, IoT “things” should have a manufacturer defined shelf life and stamped with a “best before date”.

IoT means evolution, not revolution

The discussions around IoT and the connected world seems to take new heights every time someone releases a new connected gadget. Money is flooding the startups since no one wants to miss this train. But is this a new IT bubble?

Sorry, there is really nothing that new under the sun. There will be no giant leap into the connected world. The IoT will come as an evolution, app by app, as always when new technology matures into a market changer. In the early days of cars, there was a large competition of fuels, steam, gasoline and electricity. In the early days of home video recording, there were many standards including VHS, Betamax and Video2000.

You never know what will tip the market in one direction, and it’s usually not the “best technology”. It’s something not directly related to the tech itself. There were many factors, of course, that made the gasoline engine rule as a standard for almost a hundred years. One theory is that it was because it made the highest noise and foulest smell, so people could hear miles away that you could afford a car. In video standards, it was the movie rental business and film industry that made the choice.

IoT has already been in development for decades. It’s been called smart homes, machine-2-machine (m2m), and so on, and now we are taking the next evolutionary step in this market with consumerization and general adoption, enabled by parallel market developments in mobile devices, communication technology, distributed computing, etc. What we really see is the behavioral and cultural change of our society that matures and prepares itself for the next step. No Big Bang revolution, just evolution.

The IoT market must be in fierce competition for some more years, until something that we don’t know yet will choose the global standard. Until then we need many smart solutions and applications that solve real problems. One of them will be the winner.

IoT and the exploding need for security

Source: IDC Government Insights.2013

We are rapidly heading for a world where everyone and everything is connected in a global mesh network. Today’s over-hyped early stage market will have to mature for the real solutions to come.

Most solutions of today are vertical; device – cloud – app. Very little horizontal and system integration, especially when you want to mix and match solutions from different vendors. Many big players in the IoT create their own ecosystem by designing solutions for their own smart things to be able to interact.

Say you buy a fridge from a supplier that connect to the Internet and can be controlled with an app. Down in the basement you have a heat pump from another supplier who is also online and can be controlled via another app. Eventually, the user would end up with an app for every smart gadget, and too many apps would mean that none would be used. Take the hilarious situations with the remotes on your living room table, one for the TV, one for the sound system, one for the cable modem, and so on, and multiply that with all potentially gadgets at home, in your garden, your car, at your office…

By agreeing on how interoperability can be solved, existing suppliers and inventive entrepreneurs can develop new solutions and apps that automate and control the myriad of sensors and gadgets, providing radically new solutions and abilities cross-vendor technologies.

But this openness also opens for malicious attacks, hacking, and other criminal and destructive behavior. With all data easily exposed it would be a simple thing to know when the house is empty for burglars to enter, to stalk people, to steal their identity, and so on.

The amount of damage that can be done is way greater than today. Take a recent hack like the Sony Entertainment hack; it was, of course, devastating for the company, but it was still just information on their network, mostly historical data. Hacking the IoT world means access to real-time control of physical devices. How about turning off the breaks on a moving car, turning off the cooling system on a power plant or pulling the plug on an Air Control Tower? Or change the dose on an insulin pump? The amount of damage that can be done remotely will also open a new “market” for extortion and cyber warfare.

IoT will require a new level of security and privacy protection, simple enough for anyone to use, but hardened enough to make it impossible to break. Especially since most of these things will move around and communicate on public networks outside firewalls.