Tag Archives: internet ofthings

Is the IoT a Tech Bubble for Cities

Posted on by

But, with more cities joining the Smart City revolution and investing in sensors and other IoT devices, the risk of a new tech bubble is rising. The same technology giants that helped Barcelona become a smart city are now pushing more pilots of newer technologies with little regard for solutions that already work and can be shared without incurring additional expenses.

Let’s consider a few of the most worrisome issues related to IoT today:

Source: Is the IoT a Tech Bubble for Cities

In the long run, we are being faced with a bunch of independent devices that can’t be managed by a single platform or protocol. Manufacturers are now being required to develop different versions for different standards, effectively increasing manufacturing and engineering costs, and reducing their market potential.

IoT Hubs Expose Connected Homes to Hackers

Posted on by

Many of the most serious flaws revealed a kind of sloppiness in the design and production of the devices, Brandon Creighton, Veracode’s research architect, told The Security Ledger. For example: both the Ubi and Wink Relay devices left debugging interfaces exposed and unsecured in their shipped product.  That could provide an avenue for attackers who had access to the same network as the device to steal information or bypass other security controls.

Exposed debugging interfaces are useful during product testing, but have little or no utility to consumers. That suggests that the companies merely forgot to restrict access to them before shipping, Creighton said.

via Research: IoT Hubs Expose Connected Homes to Hackers | The Security Ledger.

About Anousheh Ansari

Posted on by

Anousheh is a serial entrepreneur and co-founder and chairman of Prodea Systems, a company that will unleash the power of the Internet to all consumers and dramatically alter and simplify consumer’s digital living experience. Prior to founding Prodea Systems, Anousheh served as co-founder, CEO and chairman of Telecom Technologies, Inc.  The company successfully merged with Sonus Networks, Inc., in 2000.

via Anousheh Ansari – About Anousheh Ansari.

This is an amazing story of accomplishment.  It appears from her Prodea Systems website the company sells home automation and now Internet of Things which is a popular buzzword nowadays.  This company made her enough money so she could  buy a trip to ISS in 2006.

Heatmiser WiFi thermostat vulnerabilities

Posted on by

Scanning for Heatmiser thermostats on port 8068 really just requires a quick check for port 8068 being open – we can be fairly confident that anything with this port open is one of their devices.  We can then make detailed check on port 80.
nmap -p 8068 -Pn -T 5 --open 78.12.1-254.1-254
nmap can easily do this scan. If you want to scan large blocks of addresses though, masscan is much faster.

via » Heatmiser WiFi thermostat vulnerabilities.

You need to forward ports at your local router so if you try and access this thermostat from the Internet and you come in on (per above example) port 8068 that the router knows to forward all that traffic to whatever IP it has associated with that port.  This allows users to access things inside their local network from anywhere on the Internet.  It also allows anyone on the Internet to access that internal device.

Here is my opinion on this matter.  As the world moves towards self driving cars and self driving planes, extremely complicated devices that you would think need human intervention, the world is also moving to take very simple devices, like household appliances and making them so they need human intervention.  A thermostat should be set and forget.  It should have simple intelligence to figure out what temperature to set a room.  If a human must get involved in messing with a thermostat then perhaps something went wrong but it’s not an emergency like this:

Should Airplanes Be Flying Themselves? | Vanity Fair.

A thermostat can certainly wait until you get home to physically figure out the problem and put it back on auto.  The Internet of Things can certainly be useful for read only, like buzzing your phone when the dishes or laundry finishes.  You can’t load laundry or dishes into these devices via the Internet so how do benefits from controlling them remotely, especially from remote Internet locations, outweigh the risks from allowing bad guys get into your local network.

Finally, here’s a link to a site that does port scanning on the Internet for you.  Seems like a useful resource to know.

Plugging this into Shodan we get over 7000 results. That’s quite a lot. (note, you might need to register to use filters like this).

Microsoft backs open source for the Internet of Things

Posted on by

The AllSeen Alliance is an effort to standardize device communications. The code that it champions, called AllJoyn, was initially developed by Qualcomm but was subsequently made open source. Big vendors have been recruited to support it, and the AllSeen Alliance now includes LG, Panasonic, Sharp and Haier, among others.

via Microsoft backs open source for the Internet of Things – Computerworld.

How Welcoming Will the Smart Home of the Future Be?

Posted on by

This approach of binding our smart devices to our personal accounts may be an easy engineering decision today, but it will make less sense as more devices show up in households with multiple family members. Families shouldn’t be forced to decide if the dishwasher is bound to Mom’s Gmail account or Dad’s. Instead, the household should have its own identity, with different family members having different levels of access depending on their needs.

via How Welcoming Will the Smart Home of the Future Be? | MIT Technology Review.

Not sure why a dishwasher or any household appliance would need user authentication or even user management.  Does it matter if the person doing dishes is authorized as long as the dishes get washed?