IoT News Roundup

By Mary Catherine O'Connor

London to host free LoRa network; survey reveals progress and blind spots with the IoT; a new report from Akamai says Secure Shell protocol not secure at all, while MITRE offers money and access to stoke a new IoT security solution; Gooee to integrate PointGrab tech for building automation apps.

  • TAGS

London’s LoRa Network to Offer SMBs Free Access
London-based digital business consultancy Digital Catapult has launched a network of low-power wide-area network (LPWAN) radios, to which it is offering small and medium-sized businesses free access, as a means of promoting the development of IoT-based products and services. Once completed, the network will comprise 50 gateways, each containing a radio provided by Semtech and compliant with the LoRaWAN protocol, which the firm, in partnership with IBM and 10 other companies, released in 2015 via the LoRa Alliance.

In a press release about the network that Digital Catapult issued last month, the company noted, however, that “additional low-power wide-area network (LPWAN) technologies will be included as the network develops.” It did not specify which technologies these might be. LoRa radios can transmit small packets of data across some 15 miles in rural areas, but the gateways deployed in London will have a shorter range due to interface from buildings and other infrastructure. A battery-powered node consisting of a LoRa radio has a potential lifecycle of 20 years, depending on how often it transmits data.

Also participating in building out the network, which is being called Digital Catapult Things Connected, are telecom BT and IoT application platform provider AllThingsTalk. Other organizations playing a role include a U.K. government research program called Future Cities Catapult project, as well as BRE (a research center for building energy and management studies), Imperial College London, King’s College London and Queen Mary University of London.

Survey Probes Company’s Interest, Progress in Releasing IoT-Enabled Products
Media company Innovation Leader, with help from consulting firm Altitude, recently surveyed 92 executives from large companies (most with more than $1 billion in annual sales) to ask them about their progress integrating Internet of Things technologies into the products or services that they sell. This week, it released a report, titled “Getting Connected Products Right,” based on the study’s results. The report shows that 36 percent of respondents have already launched an IoT-enabled product or service, and of that group, 67 percent described their products as either meeting or exceeding expectations.

The leading metric that surveyed companies with IoT-enabled products or services are using to measure success is “deeper customer relationships”—with “revenue” and “attracting new customers” coming in second and third as leading metrics. Yet, nearly half of respondents were either only “somewhat confident” or “not confident” in their firm’s plans to use the consumer data their IoT-enabled products or services would collect.

When asked what their organization needs help with, 32 percent ranked “identifying IoT opportunities” highest, while 17 percent cited the need to manage and learn from the data they are collecting.

The full report is available only to Innovation Leader subscribers. Click here for a link to the report brochure and information about subscribing.

In IoT Security: Another Pitfall, but Also Some Promise
Akamai Technologies, a company that provides cloud security and content services—and which was recently impacted by an unprecedented distributed denial-of-service (DDoS) attack involving IoT devices—this week released a report describing a vulnerability that hackers have recently exploited in a number of cyberattacks involving such devices. The attacks use a common protocol called Secure Shell (SSH), which enables remote system access. The Akamai security team says it has observed an uptick in hacks, dubbed SSHowDowN Proxy, that exploit a vulnerability in the SSH protocol.

The hackers used networked video cameras, routers, modems, and satellite antenna equipment, as well as data storage devices to perform the attacks. Notably, this is not a new vulnerability, according to Akamai—security professionals have known about it for 12 years. (A news report on attributes Akamai with saying it has observed two million such attacks, but Akamai did not include that figure in the report it posted this week.)

Akamai recommends that users who can access the SSH passwords or keys on such devices immediately change them so that are no longer set to the vendor defaults—but it notes that those settings are typically not accessible to users. Eventually, Akamai says, manufacturers will address this vulnerability in new products they release, but in the meantime, the firm is working with a handful of other companies to develop mitigation strategies.

“We’re entering a very interesting time when it comes to DDoS and other web attacks; ‘The Internet of Unpatchable Things’ so to speak,” explained Ory Segal, Akamai’s senior director of threat research, in a blog posting. “New devices are being shipped from the factory not only with this vulnerability exposed, but also without any effective way to fix it. We’ve been hearing for years that it was theoretically possible for IoT devices to attack. That, unfortunately, has now become the reality.”

Also this week, MITRE, a not-for-profit organization that operates research and development centers sponsored by the federal government, announced a competition to incentivize researchers to create a much-needed tool for network administrators to protect IoT networks. Dubbed the Unique Identification of IoT Devices Challenge, it is open to individuals or teams and offers up to $50,000 in prize money, as well as the opportunity to present the winning idea to MITRE experts and government agencies (the winner will retain all intellectual property rights).

At present, a nefarious party can switch one networked device for another without a network administrator realizing a change has occurred, and this is a common path into hacking an IoT network. The challenge is to develop a means by which to use unique identifiers or fingerprints to enable administrators to automate the detection of such a change, and to narrow in on unauthorized devices in order to root them out of the network before they can do harm.

Registration is open now, and the competition will begin early next month. Winners will be announced before the end of the year.

Gooee Partners With PointGrab to Enhance Smart Lighting Platform
Gooee, a manufacturer of sensor-enabled lighting components, and PointGrab, whose CogniPoint technology combines sensing with analytics software used for building-automation applications, are partnering. Through the collaboration, PointGrab’s sensor unit and analytics software will be integrated into Gooee’s product offering, so that customers will be able to stream the data it generates to Gooee’s cloud-based platform, where it will be used in energy-conservation and building-management applications. The partnership aims to enhance the building-automation industry through real-time intelligence and energy efficiency.