Cybersecurity Is the Key to Unlocking Demand in the Internet of Things


Research by Bain & Company finds that enterprise customers would be willing to buy more IoT devices if their concerns about cybersecurity risks were addressed—on average, at least 70% more than what they might buy if their concerns remain unresolved (see Figure 2). In addition, 93% of the executives we surveyed said they would pay an average of 22% more for devices with better security. Taken together, Bain estimates that improving security solutions for these devices could grow the IoT cybersecurity market by $9 billion to $11 billion.

See Bain Brief:

Cybersecurity Is the Key to Unlocking Demand in the Internet of Things


‘Farm to fork’ IoT project

Woolworths reveals large-scale ‘farm to fork’ IoT project

Woolworths is quietly pursuing one of Australia’s largest-scale internet of things (IoT) projects, installing sensors throughout its supply chain to track fresh produce “from farm to fork”.

The project, understood to be codenamed ‘Fresh Insights’, offers the supermarket giant data collected across its supply chain, from growing food to transporting it to shops and then selling it.

“We’re looking at putting internet of things devices – and we have already – everywhere from the farms, vineyards that we run, to dairy farms, to see from beginning to end what has happened,” Woolworths’ GM of IT service operations and infrastructure Patrick Misciagna told a recent industry forum.

Misciagna said Woolworths is able to keep track of how much sunlight and water its crops receive, when produce is picked up by a truck, how long it is refrigerated in transit, how fast it is travelling and even “how bumpy the roads are”.

“You don’t want your produce damaged on the way,” Misciagna said.

“Not only because we’re the ‘fresh food people’ and we want to give you that fine product, but also because anything that’s damaged is waste.

“Even if we do send it back to a farm to feed animals with, I have to pay for the fuel to [take it back]. So we took all that into consideration.”

Aside from optimising its supply chain, it appears Woolworths plans to make some of the data available to shoppers so they can check the provenance of goods.

Both Woolworths and its supermarket rival Coles have previously tried a version of this, where shoppers could scan a QR code on the back of a bag of carrots – in the case of Woolworths – and receive some information on where they were grown.

However, the latest implementation of this idea appears to be far more sophisticated, potentially relying on some of the insights taken from the farm to fork project.

“We’re doing some very cool things with IoT in the stores … where you can scan over the food product with your phone and actually see the entire journey that piece of fruit or meat took throughout its life,” Misciagna said.


Smart lock can be hacked ‘in seconds’

Smart lock can be hacked ‘in seconds’

A hi-tech padlock secured with a fingerprint can be opened by anyone with a smartphone, security researchers have found.

On its website, Tapplock is described as the “world’s first smart fingerprint padlock”.

But researchers said it took just 45 minutes to find a way to unlock any Tapplock.

In response, the firm acknowledged the flaw and said it was issuing “an important security patch”.

In a blogpost, security expert Andrew Tierney from Pen Test Partners (PTP), outlined how he had hacked the lock.

“You can just walk up to any Tapplock and unlock it in under two seconds. It requires no skill or knowledge to do this.”

He said he was “so astounded” by how easy it was that he ordered another lock in case his first attempt had been a fluke.

The lock’s software does not take even simple steps to secure the data it broadcasts, he said, leaving it open to several “trivial” attacks.

The “major flaw” in its design is that the unlock key for the device is easily discovered because it is generated from the Bluetooth Low Energy ID that is broadcast by the lock.

Anyone with a smartphone would be able to pick up this key if they scanned for Bluetooth devices when close to a Tapplock.

Using this key in conjunction with commands broadcast by the Tapplock would let attackers successfully open any one they found, said Mr Tierney.

Arm buys Stream Technologies

Arm buys Stream Technologies to provide an integrated device and connectivity management offering to the IoT market

  • Arm has acquired Stream Technologies and will add the company to Arm’s IoT Service Group to extend the Mbed Device Management Platform with connectivity services/service management capabilities.
  • Arm acquired Stream Technologies primarily to further Arm’s overall goal of having its processor designs used in the expected hundreds of billions of future IoT devices.
  • The acquisition’s impact to Arm’s strategic positioning is likely only marginal and incremental, unless Arm adopts “Internet-scale” pricing for the combined service.

Arm makes its sixth acquisition since being acquired itself by Softbank

Arm, the British chip designer acquired by Softbank in September 2016 for $32 billion, today announced its acquisition of Stream Technologies.

Stream Technologies, based in Glasgow, UK, is primarily a mobile virtual network operator (MVNO) providing Internet of Things (IoT) connectivity services over cellular, satellite, and LoRaWAN networks, leveraging its connectivity service provider (CSP) partners’ infrastructure. Arm states that Stream Technologies supports roughly 770,000 IoT devices at present.

Stream Technologies also licenses its IoT-X connectivity management platform (CMP) to a handful of mobile operators, but is a relatively small player in this market, compared to companies like Cisco Jasper, Ericsson, Huawei, and Vodafone.

Arm will add Stream Technologies to its IoT Services Group (ISG), where Stream Technologies’ CMP and other technologies will extend the current Mbed Device Management Platform’s capabilities with connectivity management functionality. Since the acquisition of Arm by Softbank, Arm has itself acquired five other smaller firms and increased its headcount by 25%.

The goal is for the integrated platform to further reduce risk, time-to-market, and development costs for IoT developers and customers, by reducing overall development and management complexity. Indeed, IoT developers and other stakeholders regularly report that complexity, along with cybersecurity, poses a very significant challenge to overall IoT market development.

Telling Lies about Smart Meters

Article by Nick Hunn:

Telling Lies about Smart Meters

“What do you do when your smart metering plan isn’t working?  Looking at the efforts of Smart Energy GB, who are tasked with persuading the nation to install 50 million smart meters which aren’t really fit for purpose you do two things:”

  • “You ask the Government to double your funding with an additional £95 million of public money. Then…
  • You spend it on inaccurate adverts.”

VPNFilter router malware is a lot worse than everyone thought

See The Register Article:

VPNFilter router malware is a lot worse than everyone thought

Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE: these are the vendors newly named by Cisco’s Talos Intelligence whose products are being exploited by the VPNFilter malware.

As well as the expanded list of impacted devices, Talos warned that VPNFilter now attacks endpoints behind the firewall, and sports a “poison pill” to brick an infected network device if necessary.

Amazon and eBay pull CloudPets smart toys from sale

From BBC Article: “Amazon and eBay are among retailers pulling a brand of cuddly smart toys from sale after warnings they pose a cyber-security threat.

Concerns were raised about CloudPets products in February 2017 after it was discovered that millions of owners’ voice recordings were being stored online unprotected.

Manufacturer Spiral Toys claimed to have taken “swift action”.

But subsequent research commissioned by Mozilla found other vulnerabilities.

The devices’ California-based maker has not responded to requests for comment.

One independent expert told the BBC it was “great to see retailers acting responsibly”, but added she wished they had done so sooner.

“It seems that refusing to sell products that threaten customers’ security and privacy is the only way to make designers and manufacturers of these products care about these risks,” said Angela Sasse, professor of human-centred technology at University College London.