IoT Time Preview: Counter-measures


IoT Evolution, the leading media brand for the Internet of Things (IoT), has published a book outlining more than 150 of the leading trends in the IoT industry, entitled “IoT Time: Evolving Trends in the Internet of Things.” The book, written by IoT Evolution Editorial Director, Ken Briodagh, seeks to explore the factors that have shaped the recent past of the developing industry and use those to predict the trends that will drive the next period of growth. Each of the trends is explicated and illustrated with a case study or product review that supports each position.

In this weekly series, we’ll be previewing chapters for you to read in the hopes that you’ll like enough to read the whole thing. To do just that, for free, click here. Alternatively, there’s a paperback version available on Amazon for $14.99.

Chapter 20: Counter-measures
Trend: Video
Telguard, NETGEAR to Offer New Video Security System

Telguard, a developer of wireless home security hardware, has partnered with global networking company NETGEAR to release its Arlo video security system. The set of products consists of both the Arlo Wire-free high-definition camera and Arlo Base Station – all of which Telguard supports with its own customers service agents. As a waterproof security system that is meant for deployment outdoors, this release can come as a stand-alone security package or integrate with existing TelGuard HomeControl Flex setups, which contain universal communicators and the IFTTT Web-based service that link all manner of in-home security and automated devices with users’ mobile phones and remote desktop computers.

NETGEAR’s role here is to spread the home security package to its existing network of consumers and enterprises. Pat Collins, the VP, smart home products, NETGEAR, commented on the excitement that surrounds this partnership and the benefits it can bring to both companies involved.

“We are excited to have partnered with Telguard who is on the forefront of combining consumer innovation and professionally installed security systems,” Collins said. “By leveraging Telguard’s long-standing relationships with security dealers and distributors we are able to bring the professionally installed security market a best in class video solution that eliminates many of the challenges of traditional outdoor video solutions.”

One Arlo camera may be sufficient for some home setups that require only one vantage point. A single HD camera can find its home on the side of a building just as easily as its can in a tree. The camera only needs to be within range of a base station in order to access power and relay information back to a centralized network.

Being completely wireless, even considering its need for power, this camera has an advantage over other systems that require wires for one reason or another. The real power of the Arlo system, however, lies in its ability to connect to HomeControl Flex. A network of as many as five cameras can attach to a single Flex system without having users incur a monthly service fee. This leads to more vantage points and potentially improved security.

Trend: Constant vigilance
Network Scanning App Aims to Make Connectivity Security Worries Obsolete

Fing, a free network scanning app with more than 15 million downloads, is looking to shakeup the IoT Smart Home connectivity establishment with its Fingbox, an all-in-one affordable network and security toolkit for homes. The company made the Fingbox available via a crowdfunding campaign on Indiegogo, a sure sign of its counter-establishment status that comes with real accountability as users line up and expect big returns. The campaign aimed to raise $25,000 to put the device into mass production and bring easy to use network security and troubleshooting features to homes around the world. The device itself is a box that unlocks a set of premium features on the free Fing mobile app that cost $50 through the campaign and increased to $80 at retail.

“Today’s homes are in the dark about what is happening on their network, especially when it comes to security. Homes need a simple tool to manage their connected technology and protect themselves against threats,” said Domenico Crapanzano CEO, Fing. “We have listened to thousands of Fing users which have asked us for more control and better oversight of their networks. Fingbox lets anybody secure their home network and troubleshoot their Wi-Fi problems.”

The features unlocked with the Fingbox include user friendly security and troubleshooting tools for Smart Home networks. They include:

·  24/7 Network Security: Fingbox automatically finds all devices on the network, regardless of brand, and continuously monitors status.

·  Intruder detection: It detects network intruders and enables the blocking of intruder devices.

·  Identify Bandwidth Hogs: Users can visualize bandwidth distribution and which devices are consuming the most broadband.

·  Wi-Fi Sweet Spot: Fingbox’s interactive Wi-Fi Sweet Spot finder enables users to find the best and worst places for home Wi-Fi connection.

·  Parental Controls: Users can block or allow the devices the kids are using, such as tablets, mobile phones and gaming consoles.

·  Alerts: Alerts can be configured for new devices, intruders, device status, network, family and guests.

·  Internet Speed: Real-time and historic Internet speed is displayed in the apps through automated speed and latency testing.

Trend: Bounty hunting
Fiat Chrysler Offers Bounty for White Hat Hackers

Ever since the high profile Jeep Cherokee hack, Fiat Chrysler America’s (FCA) been diligently working to prevent any such embarrassment or breach from happening again, or at least making it much more difficult. The latest step in that effort takes the form of a bounty of $150 to $1,500 per bug found in its vehicles. The company said in its call for help that it “values engaging third party researchers to improve our products making them safer and more reliable.”

To that end, it has committed to formally recognize and pay for good guy hackers to find reproducible and legitimate vulnerabilities, with the caveat that the vulnerabilities be disclosed. (good guys, remember?) The company said that its goal with the Bug Bounty project is to “foster a collaborative relationship with researchers to participate in responsible disclosure of vulnerabilities in FCA’s vehicles and connected services.”

Once a report is made, FCA will investigate and patch up all vulnerabilities as quickly as possible. The company promises not to take any legal action against folks who make reports, nor will it give names to law enforcement, as long as everyone plays by the rules of the so-called Responsible Disclosure Guidelines. They are:

·  Provide full details of the vulnerability, including information needed to reproduce and validate the issue by producing Proof of Concept (code, technical demos of vulnerability, or necessary steps needed to demonstrate your finding);

·  Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services;

·  Do not modify, access, or retain data that does not belong to you

Allowed targets are only as follows: Vehicle Head Units, TPMS sensors, remote keyless entry, and any other system that is present in a hardware product that you own or are authorized to test against; the and web portals; the UConnect Access Mobile Application for iOS and Android.

And that’s it. Any other domains and applications hacked are not included in the program and are considered out of scope, including any and all subdomains not explicitly listed. There are also specific tactics that are excluded from the bounty. They are: Denial of Service attacks against any piece of FCA Infrastructure; Cross Site Request Forgery on non-authenticated pages; Certificate strength issues; Error messages (Descriptive or otherwise); HTTP Error pages; Public service disclosure, such as banner pages; Service Disruptions; Public files or directories, (e.g. robots.txt); Clickjacking and issues only exploitable through clickjacking; Web browser functionality controlled by the client, such as saved passwords and auto completion; Login or Forgot Password page brute force and account lockout not enforced; Vulnerabilities identified with automated tools (including web scanners) that do not include POC code or a demonstrated exploit; Physical, social engineering, and phishing attempts.

Kudos to FCA for taking this on directly and getting in the mix. I look forward to never hearing about another Jeepocalypse. 

In this weekly series, we’ll be previewing chapters for you to read in the hopes that you’ll like enough to read the whole thing. To do just that, for free, click here. Alternatively, there’s a paperback version available on Amazon for $14.99.

Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Editorial Director

Related Articles

Secure IoT Platform-as-a-Service Strategies, Courtesy of the ioXt Alliance

By: Alex Passett    7/11/2024

The ioXt Alliance has put forth a new series of strategies that both honor its existing ioXt Security Pledge and focus on comprehensively reinforcing …

Read More

NB-IoT is a Big Deal: SkyQuest Explores a Rise in Use Cases and the Potential Therein

By: Alex Passett    7/11/2024

According to research from SkyQuest, the NB-IoT market size - valued at $646.71 million in 2022 and $905.39 million in 2023 - is expected to reach a s…

Read More

Ultra-Reliable IoT Connectivity Achieved via Partnership Between Ceva and STMicroelectronics

By: Alex Passett    7/10/2024

Ceva and STMicroelectronics have partnered on ultra-reliable, low-power connectivity for IoT and IIoT-related applications.

Read More

Monarch Tractor and Verizon Business Partnership Signals Greater Support for Modern Farmers

By: Alex Passett    7/10/2024

In late June, Monarch Tractor announced its strategic partnership with Verizon Business - namely, to support sustainable farming practices via Monarch…

Read More

Tiny Data Superstars: IoT Sensors Market Expected to Surpass $107.74B by 2031

By: Alex Passett    7/9/2024

According to recent projections from the research team at SkyQuest, the IoT sensors market (valued at approximately $11.2 billion in 2022 and $14.4 bi…

Read More