IoT Time Preview: Counter-measures


IoT Evolution, the leading media brand for the Internet of Things (IoT), has published a book outlining more than 150 of the leading trends in the IoT industry, entitled “IoT Time: Evolving Trends in the Internet of Things.” The book, written by IoT Evolution Editorial Director, Ken Briodagh, seeks to explore the factors that have shaped the recent past of the developing industry and use those to predict the trends that will drive the next period of growth. Each of the trends is explicated and illustrated with a case study or product review that supports each position.

In this weekly series, we’ll be previewing chapters for you to read in the hopes that you’ll like enough to read the whole thing. To do just that, for free, click here. Alternatively, there’s a paperback version available on Amazon for $14.99.

Chapter 20: Counter-measures
Trend: Video
Telguard, NETGEAR to Offer New Video Security System

Telguard, a developer of wireless home security hardware, has partnered with global networking company NETGEAR to release its Arlo video security system. The set of products consists of both the Arlo Wire-free high-definition camera and Arlo Base Station – all of which Telguard supports with its own customers service agents. As a waterproof security system that is meant for deployment outdoors, this release can come as a stand-alone security package or integrate with existing TelGuard HomeControl Flex setups, which contain universal communicators and the IFTTT Web-based service that link all manner of in-home security and automated devices with users’ mobile phones and remote desktop computers.

NETGEAR’s role here is to spread the home security package to its existing network of consumers and enterprises. Pat Collins, the VP, smart home products, NETGEAR, commented on the excitement that surrounds this partnership and the benefits it can bring to both companies involved.

“We are excited to have partnered with Telguard who is on the forefront of combining consumer innovation and professionally installed security systems,” Collins said. “By leveraging Telguard’s long-standing relationships with security dealers and distributors we are able to bring the professionally installed security market a best in class video solution that eliminates many of the challenges of traditional outdoor video solutions.”

One Arlo camera may be sufficient for some home setups that require only one vantage point. A single HD camera can find its home on the side of a building just as easily as its can in a tree. The camera only needs to be within range of a base station in order to access power and relay information back to a centralized network.

Being completely wireless, even considering its need for power, this camera has an advantage over other systems that require wires for one reason or another. The real power of the Arlo system, however, lies in its ability to connect to HomeControl Flex. A network of as many as five cameras can attach to a single Flex system without having users incur a monthly service fee. This leads to more vantage points and potentially improved security.

Trend: Constant vigilance
Network Scanning App Aims to Make Connectivity Security Worries Obsolete

Fing, a free network scanning app with more than 15 million downloads, is looking to shakeup the IoT Smart Home connectivity establishment with its Fingbox, an all-in-one affordable network and security toolkit for homes. The company made the Fingbox available via a crowdfunding campaign on Indiegogo, a sure sign of its counter-establishment status that comes with real accountability as users line up and expect big returns. The campaign aimed to raise $25,000 to put the device into mass production and bring easy to use network security and troubleshooting features to homes around the world. The device itself is a box that unlocks a set of premium features on the free Fing mobile app that cost $50 through the campaign and increased to $80 at retail.

“Today’s homes are in the dark about what is happening on their network, especially when it comes to security. Homes need a simple tool to manage their connected technology and protect themselves against threats,” said Domenico Crapanzano CEO, Fing. “We have listened to thousands of Fing users which have asked us for more control and better oversight of their networks. Fingbox lets anybody secure their home network and troubleshoot their Wi-Fi problems.”

The features unlocked with the Fingbox include user friendly security and troubleshooting tools for Smart Home networks. They include:

·  24/7 Network Security: Fingbox automatically finds all devices on the network, regardless of brand, and continuously monitors status.

·  Intruder detection: It detects network intruders and enables the blocking of intruder devices.

·  Identify Bandwidth Hogs: Users can visualize bandwidth distribution and which devices are consuming the most broadband.

·  Wi-Fi Sweet Spot: Fingbox’s interactive Wi-Fi Sweet Spot finder enables users to find the best and worst places for home Wi-Fi connection.

·  Parental Controls: Users can block or allow the devices the kids are using, such as tablets, mobile phones and gaming consoles.

·  Alerts: Alerts can be configured for new devices, intruders, device status, network, family and guests.

·  Internet Speed: Real-time and historic Internet speed is displayed in the apps through automated speed and latency testing.

Trend: Bounty hunting
Fiat Chrysler Offers Bounty for White Hat Hackers

Ever since the high profile Jeep Cherokee hack, Fiat Chrysler America’s (FCA) been diligently working to prevent any such embarrassment or breach from happening again, or at least making it much more difficult. The latest step in that effort takes the form of a bounty of $150 to $1,500 per bug found in its vehicles. The company said in its call for help that it “values engaging third party researchers to improve our products making them safer and more reliable.”

To that end, it has committed to formally recognize and pay for good guy hackers to find reproducible and legitimate vulnerabilities, with the caveat that the vulnerabilities be disclosed. (good guys, remember?) The company said that its goal with the Bug Bounty project is to “foster a collaborative relationship with researchers to participate in responsible disclosure of vulnerabilities in FCA’s vehicles and connected services.”

Once a report is made, FCA will investigate and patch up all vulnerabilities as quickly as possible. The company promises not to take any legal action against folks who make reports, nor will it give names to law enforcement, as long as everyone plays by the rules of the so-called Responsible Disclosure Guidelines. They are:

·  Provide full details of the vulnerability, including information needed to reproduce and validate the issue by producing Proof of Concept (code, technical demos of vulnerability, or necessary steps needed to demonstrate your finding);

·  Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services;

·  Do not modify, access, or retain data that does not belong to you

Allowed targets are only as follows: Vehicle Head Units, TPMS sensors, remote keyless entry, and any other system that is present in a hardware product that you own or are authorized to test against; the and web portals; the UConnect Access Mobile Application for iOS and Android.

And that’s it. Any other domains and applications hacked are not included in the program and are considered out of scope, including any and all subdomains not explicitly listed. There are also specific tactics that are excluded from the bounty. They are: Denial of Service attacks against any piece of FCA Infrastructure; Cross Site Request Forgery on non-authenticated pages; Certificate strength issues; Error messages (Descriptive or otherwise); HTTP Error pages; Public service disclosure, such as banner pages; Service Disruptions; Public files or directories, (e.g. robots.txt); Clickjacking and issues only exploitable through clickjacking; Web browser functionality controlled by the client, such as saved passwords and auto completion; Login or Forgot Password page brute force and account lockout not enforced; Vulnerabilities identified with automated tools (including web scanners) that do not include POC code or a demonstrated exploit; Physical, social engineering, and phishing attempts.

Kudos to FCA for taking this on directly and getting in the mix. I look forward to never hearing about another Jeepocalypse. 

In this weekly series, we’ll be previewing chapters for you to read in the hopes that you’ll like enough to read the whole thing. To do just that, for free, click here. Alternatively, there’s a paperback version available on Amazon for $14.99.

Edited by Ken Briodagh

Editorial Director

Related Articles

IoT Partner Programs Switching to Renewable Energy Markets

By: Greg Tavarez    5/26/2022

IoT edge-cloud and big data suppliers partnering with the partner program parents in the renewable energy and utility sector are expected to increase …

Read More

Microsoft Named Global IoT Platform of the Year

By: Greg Tavarez    5/26/2022

Frost and Sullivan recently recognized Microsoft with the Global IoT Platform of the Year Award for 2021 for its overall performance in the IoT indust…

Read More

The Promise of IoT: Unlimited Actionable Data

By: Erik Linask    5/25/2022

The promise of IoT is to be able to use anything and everything as a source of data, bring it together and turn it into actionable results .

Read More

How Are Executives Reacting to Supply Chain Challenges?

By: Greg Tavarez    5/25/2022

Blue Yonder's "2022 Supply Chain and Logistics Executive Survey" found 88% of businesses faced supply chain disruption over the last year.

Read More

KORE Opens New Facility to Support Growth of Managed IoT Business

By: Greg Tavarez    5/25/2022

KORE's new Pittsford location will be vital to the growth of KORE's IoT managed services, especially in the connected health industry, a growing IoT i…

Read More