Posts Tagged ‘iot’

Ransomware: The Main Enemy of the Connected Era

Written by Brooks Canavesi on . Posted in Blog, IoT

Three years from now, the number of Internet-connected things will reach 50 billion. According to an IDC forecast, the worldwide market for IoT solutions will grow from $1.9 trillion in 2013 to $7.1 trillion in 2020. More consumers than ever will purchase internet-connected clothing, smart home appliances, fitness trackers, healthcare monitors, and smart cars. These devices could become the target of the next generation of ransomware, a type of malware designed to block access to an electronic device until a sum of money is paid.

Ransomware Works

Recently, a server of a police department in Cockrell Hill, Texas, was encrypted by a group of hackers who used an email with a spoofed address to infect the system and demanded $4,000 to unlock the files, reports Dark Reading. The police ignored the demand of the hackers and lost eight years of documents, photos, and videos.

The police department in Texas wasn’t the only victim of cyber-attacks. According to the 2016/2017 Kroll Annual Global Fraud and Risk Report, 85% of executives say they were hit with a cyber incident in the past year. A survey by Risk Based Security revealed that, in 2016, over 4.2 billion records were exposed in 4,149 cyber incidents.

As illustrated by the rise in ransomware distribution, hackers have apparently finally found an effective way how to make a good living. “2016, also designated as ‘year of ransomware’ has seen enormous growth in Ransomware diffusion, transmission and ransom thieving. So much so, that criminals have made cyberware models and invite amateur crooks to host the Ransomware flag to newer heights. The wreak havoc is seeing no stoppage anytime soon. Until now, Ransomware flow has seen an increase of 500% from the previous year,” writes Minal Khatri.

IoT Under Attack

As the market for IoT devices grows, it will become an increasingly more viable target for a new generation of ransomware attacks. Right now, manufacturers and security researchers spend around $350 million on IoT security. This number is expected to reach $547 million in 2018. An infographic published by GSMA shows that 47% of IoT developers consider security as their top concern. What’s more, 60% of consumers worry about a world of connected things, naming privacy as their main concern and security as their number one worry.

There are two things we can take away from this. First, cyber-attacks, and ransomware, in particular, are real threats that could catastrophically disrupt entire states, let alone the lives of individuals. Second, both manufacturers and consumers are aware of these threats and do their best to fight them. There are now several authoritative IoT security and privacy guidelines, and more will surely appear in the future.

Only time will tell who will gain the upper end in the upcoming cyber-war, but it’s clear that more effective mitigation and prevention methods are needed.

Is IoT Apocalypse Upon Us?

Written by Brooks Canavesi on . Posted in Blog, Mobile App Development, Technology trends

Infecting 2,400 TalkTalk routers in the United Kingdom, disrupting internet service for more than 900,000 Deutsche Telekom customers in Germany, and successfully bringing down Dyn, a major US internet provider, to its knees with a Distributed Denial of Service (DDoS) attack. These are just a few recent notches on the proverbial belt of Mirai, a highly resilient malware that “spreads to vulnerable devices by continuously scanning the internet for IoT systems protected by factory default or hard-coded usernames and passwords,” explains Brian Krebs, an American journalist and investigative reporter and a victim of the historically largest distributed denial-of-service attack against KrebsOnSecurity, his security news and investigation website.

Mirai (未来) is a Japanese word that means future. The name was given to the malware by Anna-senpai, a member of the hacking community Hackforums. “When I first go in DDoS industry, I wasn’t planning on staying in it long,” begins Anna-senpai (Senpai is an honorific suffix in Japanese that is used to refer to superiors and seniors) the now notorious forum post in which the author of the malware publicly released its source code. In the post, Anna-senpai then proceeds to give detailed instructions how to use the botnet, adjust its various configuration options, set up cross-compilers, among other things.

Since the public release of the source code, there have been a number of new Mirai variants involved in several large-scale IoT attacks. Rick Holland, vice president of strategy at the cyber security defense firm Digital Shadows, says that “Digital Shadows researchers have observed a growing community of Mirai users asking for help and offering each other tips and advice.”

The thing that makes Mirai so effective is not that the malware is particularly well-designed or that it leverages some unknown vulnerability through clever programming. Mirai is so effective because it is highly adaptable, allowing it to quickly take over newly released IoT devices.

Market Explosion

According to IDC, by 2020, the global IoT market is forecast to grow to nearly $1.7 trillion as a result of over 200 billion devices, a steep rise from 15 billion devices that are connected today. It seems that everyone is developing new IoT solutions for established industries to niche markets alike. Things are moving so fast that before one company starts selling their recently-announced internet-enabled security camera, half a dozen of other companies launch similar cameras to compete with them.

In a market like this, one cannot afford to delay the launch even by a single day. Security and optimization often have to give way to core features and Kickstarter promises. Consequently, people are adopting vulnerable products that directly access the internet, making them easy targets for malware such as Mirai.

Most people don’t even realize that they have been affected by IoT malware in the first place. The particular device may act up, the internet speed may occasionally drop to a crawl, but nothing worse usually happens. “The ultimate goal for many of these IoT threats is to build strong botnets in order to launch distributed denial of service attacks,” Symantec researchers say. In other words, end-users are not the primary target; they are merely a means to an end.

As such, customers themselves have very little incentive to do anything about the situation. Why pay $30 more for an older version of a LED light bulb and a few vague promises about security when the potential negative consequences of buying a less secure alternative seem so farfetched?

“The perfect storm is brewing that will pummel our Nation’s public and private critical infrastructures with wave upon wave of devastating cyber attacks. The Mirai malware offers malicious cyber actors an asymmetric quantum leap in capability; not because of sophistication or any innovative DDoS code, rather it offers a powerful development platform that can be optimized and customized according to the desired outcome of a layered attack by an unsophisticated adversary,” write James Scott and Drew Spaniel in the introductory paragraph to their Rise of the Machines research paper written in December 2016 for the Institute for Critical Infrastructure Technology.

Security as a Priority

Sadly, there is nothing that can be done to slow down the huge influx of flawed IoT devices that are fueling humongous botnets such as Mirai. They will find their way to the market one way or another. According to Craig Spiezle, the executive director and president of the non-profit online security and privacy watchdog group the Online Trust Alliance (OTA), one answer is to develop a comprehensive IoT device certification program such as OTA’s Trust Framework.

“OTA released the IoT Trust Framework, a strategic set of foundational principles providing guidance for developers, device manufacturers, and service providers to help enhance the privacy, security, and lifecycle of their products,” explains the group on their official website. Their goals are similar to what the OWASP Internet of Things Project is trying to achieve. “The project looks to define a structure for various IoT sub-projects such as Attack Surface Areas, Testing Guides and Top Vulnerabilities.”

With effective IoT certification programs in place, the only thing left to do is raise consumer awareness about the importance of purchasing certified devices, instead of cheaply-made alternatives. This is where things start to look rather bleak. When we look back at email security, mobile malware, or even the recent spike in ransomware attacks, we can see a clear lag in consumer awareness. Usually, things have to spiral out of control so much that even mass media start reporting on the issue before consumers become aware of basic security precautions.

This could mean years of IoT Wild West, similar to the lack of web security during the early 2000s. “Mirai is certainly not going away anytime soon,” Holland says.

In the meantime, you can educate yourself on the issue, raise awareness about IoT security problems, use IoT security best practices, and, above all, think twice before exposing any part of your home, business, or physical infrastructure to the internet.

Snapchat Spectacles: Smartglasses Resurrected

Written by Brooks Canavesi on . Posted in Blog, Mobile App Development, Technology trends

With headlines such as “Why I waited in line for Snapchat Spectacles” or “Hundreds brave long, cold lines to snap up Snapchat Spectacles” or even “How to Survive the Snapchat Spectacles Line,” it seems that the company behind the popular image messaging and multimedia mobile application has managed to do something unexpected: resurrect smartglasses.

“[Smartglasses] are not going to happen,” wrote Hayley Williams in her article posted in April 2016 on Gizmodo. The article contains a roundup of various Kickstarter projects, most of which live in obscurity to this day. Several commentators under the article shared her views and expressed their disinterest in the arguably dorky technology that first became available to public on May 15, 2014, with the release of Google Glass, an optical head-mounted display designed in the shape of a pair of eyeglasses.

At the time, the $1,600 gadget seemed to be spearheading an entirely new category of wearable devices, one that could fundamentally alter the way we interact with one another and the world around us. But in January 2016, Google has decided to suspend sales of Google Glass, ending the product’s brief and quite unsuccessful life. “The problems Glass created outweighed the solutions Google thought it could solve. It’s strange and unsettling to consider how disconnected Google was from the real world with Glass,” commented Nate Swanner.

Arguably, Google Glass failed as a product because of the company’s over reliance on early adopters willing to spend big bucks, developers of apps and solutions for which there was never any real audience to begin with, and support from large business partners, such as Twitter, who were all quick to drop the technology as soon as they’ve realized where it’s heading.

What the world needed wasn’t a large ecosystem and an entirely new way of living; it was merely a useful, simple-to-use product that wouldn’t be out of reach for most folks. That product is now here, and its name is Snapchat Spectacles.

Spectacles came as a surprise announcement by Snapchat CEO Evan Spiegel, along with the launch of Snap, Inc., a camera company with a goal to empower people to express themselves. Priced at $130, the simple, plastic glasses with a camera inside neatly fit into the upper echelon of the impulse buy price category of novelty gadgets and toys, which is also occupied by products such as Amazon Echo and devices from Fitbit.

The idea behind the glasses is simple: you shoot a short 10- to 30-second long video clips that instantly upload to Snapchat via your smartphone. Because the camera shoots 115-degree wide-angle footage, you can view it either in landscape or portrait—the app will automatically level the view as you spin your phone around. Why would Snapchat implement a feature like this? Because it’s fun. And that’s what the glasses are all about.

There’s something captivating about capturing the world around from the eye-level perspective; something that even a GoPro mounted on the head can’t replicate. The familiar field of view brings with it an unrivaled degree of intimacy and emotional connection. Even relatively mundane, daily events are interesting to watch when replayed on your smartphone or computer, not to mention sharing them with your friends and family.

It also helps a great deal that the Snapchat Spectacles look completely non-threating, which is something Google Glass utterly failed to achieve. They are made from plastic yet well-built, have very prominent circular LED lights to let people around you know you are recording, and they even come in a colorful case that doubles as a charger. The fun design brings the best out of people, making everyone want to participate in your short snippets of recorded memories.

Snapchat has also decided to go with a very unorthodox distribution method: the Spectacles are sold through vending machines known as Snapbots. Snapbots are yellow, rectangular, vaguely resembling the Minions. These vending machines travel across the United States, never staying too long in one place. You can visit the official website of Spectacles to keep track of the Snapbot’s current location (it seems there’s just one Snapbot at the moment).

Despite everything that’s great about the product, there’s still plenty of room for improvement. The video quality could be better, it would be nice if Spectacles could shoot photos, and many people would certainly like to see a few extra styles of the glasses. But as a revival of a dying breed of wearable gadgets, Snapchat Spectacles deserve our praise.

 

BEACON TECHNOLOGY AND MOBILE MARKETING

Written by Brooks Canavesi on . Posted in Blog, Mobile App Development, Software & App Sales, Uncategorized

If you live in a first-world country, chances are that most of your daily activity takes place indoors. Consequently, it might not be possible to use GPS to get accurate locational information. Beacons are a low-cost piece of hardware powered by Bluetooth Low Energy (BLE). Their main purpose is to provide an inexpensive way how to accurately target individual smartphone or tablet users and send messages or prompts directly to their devices.

Even though they are still in their infancy, ABI Research estimates suggest 3.9 million BLE beacons shipped globally in 2015. That’s because retailers, manufacturers, hotels, educational institutions, and governments see how transformative they could be for logistics, customer engagement, and information transmission.

Companies like Zebra are leading the way with innovative products like MPACT.  Zebra’s marketing site states “MPact is the only indoor locationing platform to unify Wi-Fi and Bluetooth® Smart technology, improving locationing accuracy, while allowing you to connect to the most possible customers and capture more analytics and insight. Service is re-defined through impactful interactions with customers via the one device they almost always have in hand – their mobile phone. The result? Instant visibility into where customers are in your facility – and the ability to automatically take the best action to best serve each customer at any time during their visit.”

According to ZDNet, the largest retail deployment of beacons to date was carried out by drug store chain Rite Aid. The company recently announced a distribution of proximity beacons in each of its 4,500 U.S. stores.

Statistics from Swirl, Mobile Presence Management and Marketing Platform, explain why: Relevant mobile offers delivered to smartphones while shopping in a store would significantly influence likelihood to make a purchase for 72% of consumers. What’s more, 80% of consumers would welcome the option to use a mobile app while shopping in a store if that app delivered relevant sales and promotional notifications. That’s a staggering improvement when compared to traditional push notifications, which are opened only about 14 percent of the time, according to mobile advertising firm Beintoo.

As more retailers implement beacons to offer flash sales, provide customers with more product information, and speed up the checkout process, we can expect a dramatic rise in the rate of their adoption. A report from BI Intelligence says that “US in-store retail sales influenced by beacon-triggered messages will see a nearly tenfold increase between 2015 and 2016, from $4.1 billion to $44.4 billion.”

Mobile marketers and developers will have to learn new tricks to fully capitalize on the wealth of opportunities that the beacon technology presents.

TOP 10 OPEN SOURCE TOOLS FOR IOT APPLICATION DEVELOPMENT

Written by Brooks Canavesi on . Posted in Blog, Mobile App Development, Technology Tips & Tricks, Technology trends

Predictions from Gartner paint a clear picture of a future that relies on countless interconnected smart devices just as much as we do on computers and smartphones. According to their predictions, there will be 26 billion Internet of Things devices installed in 2020, generating $300 billion in revenue for manufacturers and service providers and making a $1.9 trillion impact on the global economy.

This article gives an overview of top 10 open source tools for IoT application development. These tools represent a great entry point into this exciting field, which hides a tremendous amount of opportunities for those who are not afraid to learn new things and challenge the current way of life.

1. Arduino Ethernet Shield

The popular open-source electronic prototyping platform used in conjunction with Arduino Ethernet Shield is the perfect hardware combination for simple IoT projects and even more sophisticated applications. All that users have to do in order to control their creations from anywhere in the world is to connect the Arduino board to the Internet with an RJ45 cable and complete a basic setup procedure.

Compared to some heavyweight representatives of the IoT-ready single-board computers, such as the Raspberry Pi or BeagleBone, Arduino is very inexpensive, available virtually anywhere in the world, and used by thousands of enthusiastic users, who love to share their creations with others. Documentation is plentiful and so is the inspiration to turn this wonderful device into something of a great use.

2. Eclipse IoT Project

Eclipse IoT strives to simplify IoT development by implementing IoT standards like MQTT, CoAP, LWM2M, and oneM2M. MQTT is a machine-to-machine (M2M)/”Internet of Things” connectivity protocol and the base for the Eclipse Paho project, which provides open-source client implementations of MQTT and MQTT-SN messaging protocols aimed at new, existing, and emerging applications for M2M and IoT.

CoAP stands for The Constrained Application Protocol, and it is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Internet of Things. Lightweight M2M (LWM2M) and oneM2M were created to ensure the most efficient deployment of M2M communications systems.

Together, these standards and tools represent a comprehensive toolkit for any Java programmer who would like to branch out from his or her daily routine.

3. OpenHAB

This vendor- and hardware-neutral open source automation software is designed to let smart devices talk to one another and allow users to add new features to them. openHAB is developed in Java, which makes it possible to run it on any device that is capable of running a JVM. It comes with different web-based UIs as well as native UIs for iOS and Android, and provides APIs for being integrated into other systems.

Creators of OpenHAB recognized that proprietary smart devices quickly become obsolete, incompatible, and unable to meet security requirements of modern-day users. Their solution leverages data from all available subsystems and integrates them into one cohesive package. The tool received a People’s Choice Winner at the Postscapes IoT Awards 2014/15 and the Duke’s Choice Award 2013.

4. RIOT OS

RIOT is an open-source operating system developed by a grassroots community to power various Internet of Things solution. When compared to regular Linux or other IoT operating systems, such as Tiny OS and Contiki, RIOT supports both C and C++, comes with multi-threading with ultra-low threading overhead (<25 bytes per thread), real-time capability due to ultra-low interrupt latency (~50 clock cycles) and priority-based scheduling, and excellent modularity.

There’s even a native port of RIOT that allows developers who are not familiar with embedded programming to run RIOT inside a process on Linux or Mac OS. All code is hosted on GitHub and the provided wiki contains plenty of useful information to get started with RIOT.

5. Thinger.io

Thinger.io provides a ready to go scalable cloud infrastructure that can be controlled with their easy to use admin console, or integrated into a business logic with REST API. The entire project is open-source and completely hardware agnostic. The ready-to-use scalable cloud infrastructure allows for easy deployment of your own infrastructure, both in local machines or in the cloud.

As such, Thinger.io essentially eliminates the need to select a compatible vendor hardware and use bloated software to accomplish very simple things.

6. OpenIoT

OpenIoT is a joint effort of prominent open source contributors who want to provide support for cloud-based and utility-based sensing services. This middleware will support flexible configuration and deployment of algorithms for collection, and filtering information streams stemming from the internet-connected objects, while at the same time generating and processing important business/applications events, according to OpenIoT’s GitHub page.

The entire architecture consists of three main planes: the Utility/Application Plane, the Virtualized Plane and the Physical Plane. Each plane includes several elements, such as the Request Definition, Request Presentation and Configuration and Monitoring components. OpenIoT comes with a built-in Scheduler, Cloud Data Storage, and even Service Delivery & Utility Manager.

7. IoTSyS

OpenIoT is not the only integration middleware for the Internet of Things in existence; there is also IoTSyS, which provides a communication stack for embedded devices based on IPv6, Web services and oBIX to provide interoperable interfaces for smart objects. The main objective of IoTSyS is to leverage the power of existing automation systems and sensors and use it easily create and deploy a new solution, while addressing security, discovery, and scalability issues.

8. Freeboard

Not to be mistaken with the unique skateboard, Freeboard is an elegant dashboard for the IoT. It allows anyone to quickly build real-time, interactive dashboards and visualizations using the intuitive drag & drop interface. The dashboard stands on top of a secure, high-performance, enterprise-class cloud system and the entire project is open-source and publically hosted on GitHub.

It features seamless integration with dweet.io, or access any web-based API, the ability to select from a growing list of included widgets, and instant sharing via email, SMS, and social networks. Some notable examples include The Heising-330, which is a modern, internet-connected, and fully automated continuous still, built by and for the craft distillery and a prototype of air quality monitoring dashboard.

9. Interstacks

“Interstacks are snap-together electronic blocks and Stackbuilder visual authoring tool. In minutes, invent any smart devices you can imagine. Then connect them to each other and the internet. Interstacks empowers you to become master of your internet of things universe, according to the official website.

Getting started with Interstacks is made simple thanks to the modular approach and desktop applications for Windows and Mac built around the Phyton programming language. The holistic approach to prototyping allows users to configure their system of devices and internet services, build macros, and write rules to automate systems.  Maya Design created Interstacks & Stackbuilder products with decades of user interface / user experience (UI/UX – HCD) expertise guiding their innovative and intuitive approach.   The Stackbuilder interface is a visual authoring tool (drag-and-drop) that enables the user to build, test and tweak their stacks in a very intuitive fashion.  The concept of rapid prototyping lives at the core of this product line.

10. Zetta

Built on Node.js, Zetta is an open source platform for creating Internet of Things servers that run across geo-distributed computers and the cloud. Zetta achieves this by combining REST APIs, WebSockets and reactive programming.

Once installed, Zetta servers can run everywhere and have no problems communicating with Arduino, Spark Core, and other microcontrollers. Coding is simplified by a series of helpful abstractions that allow developers to focus on the big picture and not get too bogged down with insignificant details.

Conclusion

Even though these 10 tools cover everything from application development to middleware and home automation suite, we have barely scratched the surface of what’s currently available. The Internet of Things is going to be one of the several key technologies of the future and the knowledge of its common building blocks (no pun intended “interstacks”) is likely to prove extremely useful.