Study Shows Low Preparedness for IoT Among U.S. Manufacturers
In a newly released study, research and analysis firm The MPI Group evaluates how prepared U.S. manufacturers are to incorporate Internet of Things technology into their products and operations. The short answer: not very. MPI Group queried 350 manufacturers during August and September of 2015 in order to produce the study, which was sponsored by Rockwell Automation, enterprise resource planning (ERP) software provider QAD and consultancy BDO. While 63 percent of the manufacturers surveyed said the IoT will allow them to increase their profitability during the next five years, three-fourths of the total respondents reported that they have invested 2 percent or less of revenues toward IoT technology—though many said they plan to increase IoT investments over the next two years. The full report is available here.
Miami Heat Players Wearing VERT Wireless Sensor
The Miami Heat and its affiliate basketball team, the Sioux Falls SkyForce (part of the NBA Development League), are sporting a new accessory on the court. In order to monitor the stresses they experience during practices, players are wearing the VERT wireless jump monitor, which measures their movements. The accelerometer inside the sensor, which clips to a player’s shorts near the waist, tracks G-forces (both accumulated over time and peak G-force measurements), jump height and jump count, and transmits each player’s data to a mobile device via a Bluetooth connection. Using the VERT Coach app, coaching staff can access the measurements in real time for up to 10 players at once. The app also tracks intensity, exertion and stress analytics.
VERT technology was used last year when players in the 2015 NCAA Division I Women’s Volleyball Championship games wore the device. The VERTcast sports telemetry system broadcasted each player’s measurements, such as jump height, to viewers through a television newscast on ESPN2.
IP Camera’s Security Vulnerabilities Alarm Researchers
Researchers at the U.K.-based security consultancy Context Information Security recently discovered multiple vulnerabilities in the Motorola Focus 73 outdoor security camera. British telecommunications company Binatone manufactures the camera, which connects through the Internet to a cloud-based service that allows users to remotely watch and control their cameras, via pan, tilt and zoom functions. Users can opt to receive alerts on a mobile app if the camera detects movements. The researchers not only were able to access a third party’s camera controls, but also managed to redirect the video feed and movement alerts to their own devices, effectively allowing them to “watch the watchers,” according to a press statement from Context Information Security.
Not only does the camera use very basic HTTP authentication, it also fails to encrypt the Wi-Fi network security code that a user keys in when setting up the camera. This failure makes the user’s entire home network vulnerable to hackers. The camera’s factory-issued username and password—”camera” and “000000”—also means the product has a very weak approach to security. Plus, the team found that the camera’s firmware was not encrypted or digitally signed, which enabled them to tamper with the firmware code.
The researchers contacted Motorola, as well as Binatone and the connectivity partners supporting the device. On Feb. 2, Hubble, the camera’s cloud connectivity service provider, issued a firmware update to users that is designed to address the security vulnerabilities.
Berkman Center Calls the IoT a Surveillance Boon to Government Watchers
The Berkman Center for Internet and Society at Harvard University has issued a report, available here that analyzes the “going dark debate”—that is, how and whether the movements that tech firms, such as Apple and Google, are making toward end-to-end encryption of data transmitted over certain software applications impedes the government’s surveillance programs.
The authors write: “The U.S. intelligence and law enforcement communities view this trend with varying degrees of alarm, alleging that their interception capabilities are ‘going dark.’ As they describe it, companies are increasingly adopting technological architectures that inhibit the government’s ability to obtain access to communications, even in circumstances that satisfy the Fourth Amendment’s warrant requirements. Encryption is the hallmark of these architectures. Government officials are concerned because, without access to communications, they fear they may not be able to prevent terrorist attacks and investigate and prosecute criminal activity.”
But tech firms have resisted the government’s efforts to get them to provide access to users’ data and communication records to law enforcement, saying that doing so would not only erode privacy, but also simply direct terrorists to use other communication mediums.
The report concludes that while some government surveillance efforts are hampered by data encryption, this does not close all doors to such surveillance. The authors write: “Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible? We think not.”
This, they says, is because not all companies are likely to establish end-to-end, default encryption practices, and also because the Internet of Things is only adding more surveillance tools to a government’s quiver. “The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access. Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel,” they conclude.
KotahiNet Launches LoRa Network
KotahiNet, a startup based in Wellington, New Zealand, has launched a low-power, wide area network (LP-WAN) based on the LoRa protocol, which employs spread-spectrum radio modulation and operates in that country at 868 MHz. The company says its bi-directional network supports data transmission distances of up to 3 kilometers (1.86 miles) in urban settings and 20 kilometers (12.43 miles) in rural areas, and uses end-to-end data encryption to safeguard data transmissions. In addition to providing access to the network it is building, KotahiNet will also provide customers with energy-efficient LoRa-compliant radios that should last from 5 to 10 years, depending on usage. As an introductory offer, it is not charging new customers any network access fees for the first six months.
KotahiNet says its first customer is EcoNode, which makes a pest control system called TrapMinder. Currently, TrapMinder uses a cellular network to alert staff members at the Glenfern Sanctuary, a bird conservancy on Great Barrier Island, to the presence of a rodent or other small animal in traps established around the park’s perimeter. But the company plans to leverage KotahiNet’s technology to create a much larger network that can extend across New Zealand, according to a press release from KotahiNet.
Upgrades to McObject Database-Management Software Focus on IoT Deployments
McObject, a database software provider based in Federal Way, Washington, has released an upgrade to its eXtremeDB embedded database management system (DBMS), which is designed for use as part of the software that controls field-deployed devices, as well as gateways or other controllers used in Internet of Things applications.
The new product, known as eXtremeDB 7.0, supports faster transaction logging, which is an important function for database recoverability on both field-based devices and server-based IoT data-aggregation points. While earlier versions of the DBMS enabled one application process at a time, the upgraded software allows multiple processes to read data from the transaction logging mechanism in parallel, which accelerates application speed. For improved data security, version 7 also employs Secure Sockets Layer (SSL), a standard security technology that creates an encrypted link between two end points. This supplements the Rivest Cipher 4 (RC4) encryption tool, designed to prevent tampering, and cyclic redundancy check (CRC), to detect unauthorized access, which have been used in earlier versions of the DBMS. McObject also added support for many new commands for the SQL programming language into version 7. Refer to McObject’s Website for more details on the upgrades.