If you want to import beef, eggs or chicken into the U.S., you need to get your cargo past inspectors from the U.S. Department of Agriculture. Not so hardware and software imported into the U.S. and sold to domestic corporations. But a spate of stories about products shipping with malicious software raises the question: is it time for random audits to expose compromised supply chains? Concerns about ‘certified, pre-pwned’ hardware and software are nothing new. In fact, they’ve permeated the board rooms of technology and defense firms, as well as the halls of power in Washington, D.C. for years. The U.S. Congress conducted a high profile investigation of Chinese networking equipment maker ZTE in 2012 with the sole purpose of exploring links between the company and The People’s Liberation Army, and (unfounded) allegations that products sold by the companies were pre-loaded with spyware. Of course, now we know that such […]
connected devices
Nest, Samsung and AMD Back Thread For Home Automation
A week that has already been full of standards news for the Internet of Things added more with the unveiling of Thread, a proposed communications standard backed by Google’s NEST group that promises a “new and better way to connect products in the home.” Google was joined by Samsung, Freescale Semiconductor, ARM, smart lock maker Yale Security and Big Ass Fans (favorite company name ever) in forming The Thread Group to promote Thread. In a press release on Tuesday, the group said that the Internet of Things presents unique challenges that are not well met by existing wireless communications technologies such as Wi-Fi, ZigBee and Z-Wave. In contrast to those technologies, Thread focuses exclusively on network connectivity, not application-layer exchanges and connection management. Thread Group says existing application protocols and IoT platforms can easily run on Thread networks. Specifically, it uses 6LoWPAN (IPV6 over Low power Wireless Personal Area Networks) to create 802.15.4-standard mesh networks of smart […]
Yet Another IoT Standards Group: This One For Privacy
Data privacy firm TRUSTe announced that it is forming a group to identify technical standards to ensure consumer privacy in the Internet of Things. Speaking at the Internet of Things Privacy Summit in San Francisco last week, Chris Babel, the CEO of TRUSTe said that the multi-party group will draw up “technical standards to help companies develop the privacy solutions that are needed to protect consumer privacy in the Internet of Things.” [Read Security Ledger’s coverage of privacy issues related to the Internet of Things here.] The group, dubbed the IoT Privacy Tech Working Group will include representatives from TRUSTe as well as online privacy groups The Center for Democracy & Technology, The Future of Privacy Forum and the Online Trust Alliance, according to a statement from TRUSTe. IoT privacy tech working group announced. “This working group will work to address the mounting security and privacy concerns, while promoting transparency and user […]
Intel Promotes ‘Trustlets’ To Secure Embedded Devices
The integrity of data stored on- and transmitted between Internet-connected embedded devices is one of the biggest technical hurdles standing in the way of widespread adoption of Internet of Things technology. For one thing: embedded devices like wearable technology and “smart” infrastructure are often deployed on simple, inexpensive and resource constrained hardware. Unlike laptops or even smart phones, these are purpose-built devices that, by design, run for long periods in remote deployments, with extremely constrained features and low power consumption that is the result of limited processing power and memory. [Read Security Ledger’s coverage of connected vehicles.] Now Intel is promoting a platform that it says can bridge the gap and provide robust security features even for resource-constrained Internet of Things devices like wearables and connected vehicles. Back in April, the Intel Labs unveiled the results of joint research with Technische Universität Darmstadt in Germany. The researchers have developed a platform, dubbed TrustLite […]
That LIFX Smart Lightbulb Hack Wasn’t Easy
If you’ve been following your Internet of Things security news, you probably read about the latest hack of a consumer-oriented ‘smart home’ device: Context Information Security’s analysis of security holes in LIFX-brand smart light bulbs. The top line on this is scary enough. As The Register reported: researchers at Context discovered that, by gaining access to a “master bulb” in LIFX deployments, they could control all connected lightbulbs and expose user network configurations. That’s scary – and recalls research on hacking Philips HUE light bulbs that was published last year. But read down in the Context research and you’ll realize that, while the LIFX technology wasn’t perfect, the job of hacking the technology wasn’t child’s play, either. LIFX connected its smart bulbs using a 6LoWPAN-based mesh network. The company made the mistake of transmitting most bulb-bulb communications in the clear, which made analyzing traffic sent between master- and slave bulbs easy. Context researchers found […]
