Paul Wallbank – Brilliant Communications

Category: Internet of Things

Posts relating to the internet of things, IoT and M2M technologies

  • Hacking the power grid through air conditioners

    Another example of the unintended consequences of poor security in the Internet of Things is Wired’s story about the possibility of hacking the power grid by accessing smart air conditioners.

    In the US, electricity companies offer deals where consumers get reduced bills in return for the utility being able to throttle the usage of air conditioners during peak power periods.

    Those devices turn out not to be well secured which opens the possibility of malicious actors causing brownouts or service interruptions in a targeted areas.

    Sadly this story isn’t isolated, too many connected devices have poor security that opens up the a range of risks to homeowners, businesses and the community at large.

     

    Similar posts:

    • No Related Posts
  • BlackBerry’s last smartphone

    BlackBerry’s last smartphone

    Having written about BlackBerry’s ambitions in the marketplace for The Australian last week, it wasn’t surprising to be invited to the company’s Down Under launch of their Priv handset earlier today.

    The event illustrated some brutal realities about mobile phone market and BlackBerry’s efforts to build on its strengths in the enterprise security space.

    With 2.7 billion dollars of cash reserves, the company has seven years of breathing space at its current loss rates although it’s notable the stock market values the company at $3.5bn, implying investors value the business’ operations at a measly $800 million.

    Given the collapse in BlackBerry’s handset business from twenty percent of the market at the beginning of the decade to an asterix today, that pessimism from investors isn’t surprising and underscores why the company is recasting itself as an enterprise security provider.

    Five major acquisitions in the last 18 months have demonstrated how BlackBerry is attempting to recast its business; security services like Good Technology and Secusmart through to warning software like At Hoc have seen the company bolster its range of offerings.

    Blackberry-software-chart

    Coupled with the recent acquisitions are its own longstanding messaging and secure communications services combined with the QNX software arm that promises a far more reliable Internet of Things than many of the current operating systems being embedded into smart devices.

    The Android smartphone system itself is bedevilled with dangerous apps running on outdated software and where BlackBerry hopes their PRIV handset can attract enterprise users conscious of the need to secure their employees’ devices.

    For BlackBerry though, the PRIV being shipped with the Android operating system is a capitulation to the smartphone market’s stark reality where there is only demand for two products and outside players like BlackBerry or Windows are destined to wither away.

    While the PRIV is a nice, albeit expensive, phone and the slide out physical keyboard is nice to use, the device seems to be a desperate attempt by the company to stay in the smartphone market.

    As an outside observer it’s hard to see the justification for BlackBerry continuing as a phone manufacturer, there may be some intellectual property value from the development of the devices – although it should be noted the company only valued its IP assets at $906 million in November 2015.

    While the PRIV is a perfectly good Android phone it will probably be the last smartphone BlackBerry makes, the challenge for the company’s management now is to tie together the software assets it has into a compelling suite of products for the enterprise sector.

    In an age where devices of all types are going to be connected, the market for ensuring their security should be huge. Catering to that market should be BlackBerry’s greatest hope of survival.

    Similar posts:

    • No Related Posts
  • Taking responsibility for algorithms

    Taking responsibility for algorithms

    Who is responsible for the effect of renegade computer programs is going to become a serious legal topic as an increasing number of things become ‘intelligent” and connected to the internet.

    Britain’s Financial Conduct Authority (FCA) is one of the first regulators to start looking at how companies’ algorithms. In their just released rules for wholesale traders, the FCA sets out the responsibilities for companies and their managers.

    “We are determined to embed a culture of personal responsibility within the banking sector,” says the FCA’s Acting Chief Executive Tracey McDermott. “Clear individual accountability should focus minds, drive up standards, and make firms easier to run and to supervise. And if things go wrong, it will allow senior managers to be held to account for misconduct that falls within their area of responsibility.”

    The definition of ‘misconduct’ when an algorithm goes awry will undoubtedly prove contentious, as will the idea of ‘personal responsibility’ in the banking sector.

    While it’s too tempting to be dismissive of such move in the financial services industry, the FCA’s regulations are a pointer of what most industries are going to face over the next ten years as the more devices make decisions for themselves or communicate with other equipment over the Internet of Things.

    In many areas the question of who is responsible for a rogue computer program will be left to the uncertainties of the legal system with no doubt many surprises, injustices, inconsistencies and unintended consequences so the earlier regulators develop a framework for dealing with mishaps the better.

    Should the IoT start delivering on its promise of a connected world a poorly designed algorithm in even what should be relatively trivial devices or services may have the potential to cause massive disruption and damage. It’s hard not to imagine many other regulators in other industries are looking at how to attribute responsibilities, if not minimise risk, in a smart connected world.

    Similar posts:

  • Knowing what we don’t know

    Knowing what we don’t know

    The 2016 Cisco Security report is in many ways an encouraging document, while it describes a litany of threats facing the modern business the fact managers are less confident about their defenses is a good thing.

    Of the 2432 security executives surveyed 59% claimed their security infrastructure was up to date against 64 percent said the same. Acknowledging this is motivating them to improve their defenses.

    For industry, the real concern is the small business sector where there’s a clear decline in the use of IT security tools. As the Target breach showed, trusted contractors and suppliers provide a weakness in an organisation’s systems that malicious actors are keen to exploit.

    In Cisco’s analysis, the main reasons for SMBs lack of concern is their belief they are too small to be valuable to hackers and most of their IT management is outsourced.

    A shift to the cloud shouldn’t be understated, particularly given many SMBs are shifting their IT functions onto cloud services. While this doesn’t fully protect businesses, the cloud providers certainly offer a far higher level of protection that the local plumbing contractor relying on a mom and pop computer support service.

    The bad guys however are responding to that shift with Cisco reporting increased browser based and DNS attacks, both of these are useful in compromising cloud computing services which means both service providers and end users have to be vigilant about security.

    At all levels of business though the lack of confidence in security has major ramifications as the Internet of Things is rolled out and common devices start being connected to fragile and often compromised networks.

    The good news for vendors like Cisco is this lack of confidence could spur a new wave of business investment as companies improve their network security.

    Another important aspect of CIOs and business owners not being confident about their network security is they are far less likely to assume their systems are safe or to passively accept vendor assurances about their safety.

    For all of us a customers and users of these technologies, a greater focus on security by the organisations we deal with should be welcomed as well.

    Similar posts:

    • No Related Posts
  • Keeping the IoT simple and safe

    Keeping the IoT simple and safe

    Ten years ago a joke going around was “what if Microsoft built cars?” The answer summed up the frustrations users had with personal computers and the differences in engineering standards between traditional industries and that of the IT sector.

    As we enter the Internet of Things era, that tension between consumer devices and good engineering continues as shown by a software bug that rendered Nest thermostats useless.

    That poor software would drain the battery without warning the user, illustrates how poorly designed many of these devices are.

    Ironically Nest’s owners, Google, held a conference earlier this week where the company’s leaders flagged the importance of standards, security and privacy.

    In a call to action for the IoT industry, Google’s lead advocate Vint Cerf, also known as one of the “fathers of the Internet,” warned that compatibility, security, and privacy could be obstacles to the IoT’s success.

    Reliability is also important, particularly when talking about safety and security – Nest also make carbon monoxide detectors – where a device crashing or failing can have terrible consequences.

    At present most of the Internet of Things is about the gimmick of connecting devices to the cloud and controlling them from your mobile phone. Consumers are not going to embrace IoT products if they add cost, complexity and risk to their lives.

    Keeping it simple and safe are probably the most important things designers of IoT devices can do.

    Similar posts:

    • No Related Posts