|By RealWire News Distribution||
|July 4, 2014 05:57 AM EDT||
Research leads to identification and improvements in IoT security
4 July 2014: Researchers at Context Information Security have been able to expose a security weakness in a wifi enabled, energy efficient LED light bulb that can be controlled from a smartphone.
By gaining access to the master bulb, Context was able to control all connected light bulbs and expose user network configurations. The bulb manufacturer LIFX has since worked closely with Context to promptly patch the issue, which is now available as a firmware update. A spokesperson, Simon Walker from LIFX says that, "Prior to the patch, no one other than Context had exposed this vulnerability, most likely due to the complexity of the equipment and reverse engineering required."
Details of the vulnerability and the subsequent fix, have been published today at: contextis.co.uk/blog/hacking-internet-connected-light-bulbs
The work by Context is part of ongoing research into the security of the emerging Internet of Things (IoT) and raises some questions. "It is clear that in the dash to get onto the IoT bandwagon, security is not being prioritised as highly as it should be in many connected devices," said Michael Jordon, Research Director at Context. "We have also found vulnerabilities in other internet connected devices from home storage systems and printers to baby monitors and children's toys. IoT security needs to be taken seriously, particularly before businesses start to connect mission critical devices and systems."
The LIFX bulb was launched in September 2012 with crowd funding through the Kickstarter website. The architecture, based on the 802.15.4 6LoWPAN wireless mesh network, requires only one bulb to be connected to the wifi at a time. Context researchers found that they were able to monitor packets on the mesh network and identify the specific packets which shared the encrypted network configuration among the bulbs.
The fix, developed with the help of Context, is included in the new firmware available at updates.lifx.co and now encrypts all 6LoWPAN traffic, using an encryption key derived from the wifi credentials. It also includes functionality for secure 'on-boarding' of new bulbs on to the network.
The detailed steps of gaining access to the device involved accessing the firmware by physically interrogating the device's embedded microcontrollers to identify and understand the encryption mechanism in use. Armed with knowledge of the encryption algorithm, key, initialisation vector and an understanding of the mesh network protocol, Context was able to inject packets into the mesh network, capture and decrypt the network configurations, all without any prior authentication or alerting of its presence.
"Hacking into the light bulb was certainly not trivial but would be within the capabilities of experienced cyber criminals," said Michael Jordon. "In some cases, these vulnerabilities can be overcome relatively quickly and easily as demonstrated by working with the LIFX developers. In other cases the vulnerabilities are fundamental to the design of the products. What is important is that these measures are built into all IoT devices from the start and if vulnerabilities are discovered, which seems to be the case with many IoT companies, they are fixed promptly before users are affected."
For more details, visit: contextis.co.uk/blog/hacking-internet-connected-light-bulbs
Launched in 1998, Context has a client base that includes some of the world's most high profile blue chip companies, alongside government organisations. An exceptional level of technical expertise underpins all Context services, while a detailed and comprehensive approach helps clients to attain a deeper understanding of security vulnerabilities, threats or incidents. Many of the world's most successful organisations turn to Context for technical assurance, incident response and investigation services. Context is also at the forefront of research and development in security technology. As well as publishing white papers and blogs addressing current and emerging security threats and trends, Context consultants frequently present at open and closed industry events around the world. Context delivers a comprehensive portfolio of advanced technical services and with offices in the UK, Germany and Australia, is ideally placed to work with clients worldwide.
The Internet of Things is not new. Historically, smart businesses have used its basic concept of leveraging data to drive better decision making and have capitalized on those insights to realize additional revenue opportunities. So, what has changed to make the Internet of Things one of the hottest topics in tech? In his session at Internet of @ThingsExpo, Chris Gray, Director, Embedded and Internet of Things, will discuss the underlying factors that are driving the economics of intelligent systems. Discover how hardware commoditization, the ubiquitous nature of connectivity, and the emergence of Big Data and analysis are providing the pull to meet customer expectations of a widely connected, multi-dimensional universe of people, things, and information.
Jul. 31, 2014 11:00 AM EDT Reads: 1,083
It’s time to face reality: "Americans are from Mars, Europeans are from Venus," and in today’s increasingly connected world, understanding “inter-planetary” alignments and deviations is mission-critical for cloud. In her session at 15th Cloud Expo, Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems, will discuss cultural expectations of privacy based on new research across these elements.
Jul. 31, 2014 10:00 AM EDT Reads: 854
SYS-CON Events announced today that Esri has been named “Bronze Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Esri inspires and enables people to positively impact the future through a deeper, geographic understanding of the changing world around them. For more information, visit http://www.esri.com.
Jul. 31, 2014 09:45 AM EDT Reads: 1,303
There will be 50 billion Internet connected devices by 2020. Today, every manufacturer has a propriety protocol and an app. How do we securely integrate these "things" into our lives and businesses in a way that we can easily control and manage? Even better, how do we integrate these "things" so that they control and manage each other so our lives become more convenient or our businesses become more profitable and/or safe? We have heard that the best interface is no interface. In his session at Internet of @ThingsExpo, Chris Matthieu, Co-Founder & CTO at Octoblu, Inc., will discuss how these devices generate enough data to learn our behaviors and simplify/improve our lives. What if we could connect everything to everything? I'm not only talking about connecting things to things but also systems, cloud services, and people. Add in a little machine learning and artificial intelligence and now we have something interesting...
Jul. 30, 2014 09:45 PM EDT Reads: 1,078
SYS-CON Events announced today that Cloudian, Inc., the leading provider of hybrid cloud storage solutions, has been named “Bronze Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Cloudian is a Foster City, Calif.-based software company specializing in cloud storage. Cloudian HyperStore® is an S3-compatible cloud object storage platform that enables service providers and enterprises to build reliable, affordable and scalable hybrid cloud storage solutions. Cloudian actively partners with leading cloud computing environments including Amazon Web Services, Citrix Cloud Platform, Apache CloudStack, OpenStack and the vast ecosystem of S3 compatible tools and applications. Cloudian's customers include Vodafone, Nextel, NTT, Nifty, and LunaCloud. The company has additional offices in China and Japan.
Jul. 30, 2014 08:15 PM EDT Reads: 1,193
After a couple of false starts, cloud-based desktop solutions are picking up steam, driven by trends such as BYOD and pervasive high-speed connectivity. In his session at 15th Cloud Expo, Seth Bostock, CEO of IndependenceIT, cuts through the hype and the acronyms, and discusses the emergence of full-featured cloud workspaces that do for the desktop what cloud infrastructure did for the server. He’ll discuss VDI vs DaaS, implementation strategies and evaluation criteria.
Jul. 29, 2014 11:45 AM EDT Reads: 1,615
Cloud computing started a technology revolution; now DevOps is driving that revolution forward. By enabling new approaches to service delivery, cloud and DevOps together are delivering even greater speed, agility, and efficiency. No wonder leading innovators are adopting DevOps and cloud together! In his session at DevOps Summit, Andi Mann, Vice President of Strategic Solutions at CA Technologies, will explore the synergies in these two approaches, with practical tips, techniques, research data, war stories, case studies, and recommendations.
Jul. 29, 2014 10:00 AM EDT Reads: 1,717
Cloud Computing is evolving into a Big Three of Amazon Web Services, Google Cloud, and Microsoft Azure. Cloud 360: Multi-Cloud Bootcamp, being held Nov 4–5, 2014, in conjunction with 15th Cloud Expo in Santa Clara, CA, delivers a real-world demonstration of how to deploy and configure a scalable and available web application on all three platforms. The Cloud 360 Bootcamp, led by Janakiram MSV, an analyst with Gigaom Research, is the first bootcamp that introduces the core concepts of Infrastructure as a Service (IaaS) based on the workings of the Big Three platforms – Amazon EC2, Google Compute Engine, and Azure VMs. Bootcamp attendees will get to see the big picture and also receive the knowledge needed to make the best cloud decisions for their business applications and entire enterprise IT organization.
Jul. 28, 2014 01:30 AM EDT Reads: 2,152
“Distrix fits into the overall cloud and IoT model around software-defined networking. There’s a broad category around software-defined networking that’s focused on data center, and we focus on the WAN,” explained Jay Friedman, President of Distrix, in this SYS-CON.tv interview at the Internet of @ThingsExpo, held June 10-12, 2014, at the Javits Center in New York City. Internet of @ThingsExpo 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading IoT industry players in the world.
Jul. 27, 2014 11:45 PM EDT Reads: 2,725
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at 15th Internet of @ThingsExpo, Chad Jones, Vice President, Product Strategy of LogMeIn's Xively IoT Platform, will show you how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
Jul. 27, 2014 11:45 PM EDT Reads: 2,681
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
Jul. 27, 2014 11:00 PM EDT Reads: 2,276
“The Internet of Things is a wave that has arrived and it’s growing really fast. The concern at Aria Systems is making sure that people understand the ramifications of their attempts to monetize whatever it is they build on the Internet of Things," explained C Brendan O’Brien, Co-founder and Chief Architect at Aria Systems, in this SYS-CON.tv interview at the Internet of @ThingsExpo, held June 10-12, 2014, at the Javits Center in New York City. Internet of @ThingsExpo 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading IoT industry players in the world.
Jul. 27, 2014 09:00 PM EDT Reads: 2,388
The Internet of Things is a natural complement to the cloud and related technologies such as Big Data, analytics, and mobility. In his session at Internet of @ThingsExpo, Joe Weinman will lay out four generic strategies – digital disciplines – to exploit emerging digital technologies for strategic advantage. Joe Weinman has held executive leadership positions at Bell Labs, AT&T, Hewlett-Packard, and Telx, in areas such as corporate strategy, business development, product management, operations, and R&D.
Jul. 21, 2014 11:17 AM EDT Reads: 2,014
SYS-CON Events announced today that DevOps.com has been named “Media Sponsor” of SYS-CON's “DevOps Summit at Cloud Expo,” which will take place on June 10–12, 2014, at the Javits Center in New York City, New York. DevOps.com is where the world meets DevOps. It is the largest collection of original content relating to DevOps on the web today Featuring up-to-the-minute news, feature stories, blogs, bylined articles and more, DevOps.com is where the thought leaders of the DevOps movement make their ideas known.
Jul. 20, 2014 03:00 PM EDT Reads: 1,802
There are 182 billion emails sent every day, generating a lot of data about how recipients and ISPs respond. Many marketers take a more-is-better approach to stats, preferring to have the ability to slice and dice their email lists based numerous arbitrary stats. However, fundamentally what really matters is whether or not sending an email to a particular recipient will generate value. Data Scientists can design high-level insights such as engagement prediction models and content clusters that allow marketers to cut through the noise and design their campaigns around strong, predictive signals, rather than arbitrary statistics. SendGrid sends up to half a billion emails a day for customers such as Pinterest and GitHub. All this email adds up to more text than produced in the entire twitterverse. We track events like clicks, opens and deliveries to help improve deliverability for our customers – adding up to over 50 billion useful events every month. While SendGrid data covers only abo...
Jul. 20, 2014 02:00 PM EDT Reads: 2,479
- CiRBA Executives Speaking at Key Upcoming Industry Events
- WSTA Named “Association Sponsor” of Cloud Expo Silicon Valley
- Cloud Expo Power Panel | Hybrid Clouds: Best Path to IT Transformation?
- Cloud as a Growth Engine for Business
- Docker + Stackato: The Perfect Workload Portability Solution
- Choosing Cloud Providers – Has the Provider Utilized a Proven Methodology?
- An API Strategy Is a Business Strategy
- CodeFutures’ Cory Isaacson to Preview His Newest Book at Cloud Expo
- MangoApps to Exhibit at Cloud Expo New York
- A Globally Distributed Storage Cloud with Disaster Recovery
- DevOps Drives Growth, Profits and Business Performance
- E-Signature Integration Workshop
- CiRBA Executives Speaking at Key Upcoming Industry Events
- Eight Ways Cloud-Empowered HCM Solutions Are Driving Business Success
- MapR Technologies Announces Upcoming June Conferences
- AMAG, HP, ImageWare Systems, March Networks and StrikeForce Discuss Security Solutions in SecuritySolutionsWatch.com Interviews
- More Mainstream Businesses Depend on Open Source
- Enterprise Cloud Analytics and Business Intelligence
- Top Five Best Practices for Your Application PaaS Audience
- WSTA Named “Association Sponsor” of Cloud Expo Silicon Valley
- Intelligent Systems in Transportation
- PEER 1 Hosting to Exhibit at Cloud Expo New York
- WSO2 Guest Speakers at WSO2Con Europe 2014 Will Examine Technology Developments and Best Practices Enabling the Connected Business
- Powering the Mobile Enterprise
- Cloud Expo New York: Best CIO Practices Shared from SHI’s Customers
- How Platfora Is Transforming Hadoop
- Meal Management System ISOBAG™ Offers 10% Off Coupon To Spur Holiday Season Shopping in 2013
- Cloud Computing and Big Data in 2013: What's Coming Next?
- Think You Heard It All About The Best of the Best from CES? Well, Think Again ... My eHome® -- the Gotta-Have-It Multi-Play Solution -- Targeted for Launch in First Quarter 2014
- Cloud Expo New York: How to Use Google Apps Script
- Examining the True Cost of Big Data
- Don’t forget to register for FOSE 2013
- Small Cancers, Big Data, and a Life Examined
- Cloud Expo New York: Cloud Is Changing the Economics of Business
- Best Practices: The Role of API Management
- ARM Server to Transform Cloud and Big Data to the Internet of Things