IoT news of the week for Dec. 16, 2022 – Stacey on IoT

The GAO wants better IoT and OT security audits: In a report released at the beginning of this month, the Government Accountability Office (GAO) issued an 80-page report recommending that federal agencies truly evaluate how well they are following the NIST and CISA cybersecurity recommendations around IOT- and OT deployments follow. The report notes that none of the agencies called upon by the federal government to protect the energy, health and transportation sectors have developed metrics to evaluate the effectiveness of their efforts. They have also not yet performed IoT and OT cybersecurity risk assessments. This feels like a really big problem, so this report should get more attention. (GAO)

Call Mr. Robot: A security researcher draws attention to a new form of attack designed to get information from air-gapped computers. The attacker first loads malware onto a computer (this is the hard part), which allows the malware to use the CPU on the compromised machine to share its contents using electromagnetic radiation created by the CPU. A nearby smartphone then decodes the electromagnetic waves into understandable data for the hacker’s perusal. The malware can track what a computer is doing, and is strongest on desktops and computers with strong power signals and minimal shielding. Laptops and Raspberry Pis are harder to hack, but still possible. It’s not something I’d personally worry about, but if I had computers running sensitive process manufacturing operations or storing national security secrets, I’d want to know about it. I include it here to demonstrate how anything can be hacked. (Bleeping computer)

Qualcomm now has its own Wi-Fi 7 chips for networking: After Mediatek launched Wi-Fi 7 chips earlier this year, it was only a matter of time before other companies started marketing Wi-Fi 7 silicon – all before the actual certification of the Wi-Fi 7 -spec expected in the second half of 2023. Why be so early to the party? Marketing! Wi-Fi 7 isn’t going to do much for the IoT, as the focus is more on delivering more capacity and dynamically managing connections in the home to avoid congestion. In other words, your sensors won’t benefit from the upgrade, but your video cameras might. And improved networks are always welcome, even if Wi-Fi 7 routers won’t be out until late next year. (Qualcomm)

Indiana Farm Bureau Insurance will use Notion Security for smart home-based insurance: Comcast’s Notionbusiness is partnering with Peril Protect on behalf of Indiana Farm Bureau Insurance to provide Indiana Farm policyholders with a Notion sensor kit and potential savings on their premiums. The Notion sensor monitors for water leaks, the opening of doors and windows, temperature changes and alarms sounding in the home on the same device. Customers will get a five sensor starter kit for free and can also sign up for a $10 per month Notion PRO monitoring service. Participating Indiana Farm Bureau Insurance policyholders can see potential savings of up to 15% on premiums. Notion has been working hard to bring its sensors to insurance companies and that effort has paid off with several wins from insurance customers. (Indiana Farm Bureau Insurance)

Somalytics’ sensors are embedded in a new sleep device: Back in September, I wrote about a sensor startup called Somalytics that could turn graphite-infused paper into cheap, accurate sensors that could measure proximity. The technology is still early days, but the company has since made two notable commercial deals. The first is a partnership with Hyundai that shows off the sensor technology in a gesture-controlled door handle. The second is a sleep mask designed to track eye movements for sleep tracking that will be launched at CES. The SomaSleep mask is thin, lightweight and can detect REM sleep. I don’t have the prices yet, but I like the concept of introducing a new sensor on a dedicated device that can show what it’s capable of. The sensors can detect human presence at up to 200 millimeters using electromagnetic radiation from our bodies, making it a cross between a PIR motion sensor and a haptic sensor. That’s pretty cool. (Somali)

The Eclipse Foundation releases Sparkplug 3.0 for MQTT: Sparkplug, which ensures that platforms using the MQTT messaging protocol can share their data without a lot of integration work, is getting a bit of an update with its latest version. This version is the first managed by the Eclipse Foundation and aims to “clarify ambiguities in the v2.2 version and add explicit normative statements while maintaining backward compatibility.” Basically, it sounds like it’s getting a professional gloss which means it should work a little better. The Foundation is also preparing Sparkplug for an eventual ISO certification effort that could enable greater adoption in industries where it matters. (IoT Business News)

How a French city is fighting back against surveillance technology: With sensors and computers getting cheaper all the time, more cities are deploying cameras in the name of safety. And cheap computers mean those camera images are stored and easily searchable for specific faces or incidents over longer periods of time. Citizens are slowly waking up to what it means to capture your face on camera (it’s no longer a matter of being caught in the wrong place at the wrong time, but also a mechanism to collect your image for later training or used with facial recognition software). Activists in Marseille are having none of it, and this article shows how they are fighting back through voluntary efforts to raise awareness and maps showing where cameras already exist. This article is worth reading to understand why citizens should be concerned about the spread of surveillance technology and how they can fight it. (MIT Technology Review)

Planning to add IoT? Get ready for constant maintenance: I was scrolling through this article on the five challenges for IoT deployments and didn’t expect to find anything exciting, but the third point is worth highlighting. It focuses on maintenance, and the idea that when an organization deploys essentially dozens or hundreds of computers and networks in its factories or enterprises, it will have to deal with maintenance. This can include everything from battery changes to software updates and random bugs. In my opinion, this is an underestimated issue related to the IoT, and probably the most painful and time-consuming one. I wish this article had more advice to offer other than noting that maintenance is an issue and whatever an organization plans to install it needs to have a sustainable maintenance plan, but it’s a start. (IoT for Everyone)

Related