|
Did you receive this newsletter as a forward? Subscribe here
|
|
| Let's see what the Davos set has to say about the IoT |
| |
| By Stacey Higginbotham |
The glitterati of global government and business were hobnobbing in Davos as part of the World Economic Forum's annual meeting this week. I wasn't there (I couldn't afford the $250,000 ticket others were reportedly charged), but I did get a copy of the WEF's report on The State of the Connected World 2023. Let's take a look, shall we?
Nothing in the 49-page report will surprise readers of this newsletter, but I want to highlight a big area where I wish we'd stop talking about the problem and actually do something about it. The report notes the two biggest governance gaps in the IoT: privacy practices and the ethical use of the technology, followed by cybersecurity. I'm optimistic we're well on our way to closing the governance gap when it comes to cybersecurity, but we're completely failing users when it comes to privacy, and that will hobble the IoT. |
|
| — The survey results indicate that most respondents (82%) lacked confidence in the protection of privacy and the responsible use of data generated from connected devices. Image courtesy of the WEF report. |
|
|
Eight-two percent of respondents indicated they lacked confidence in the protection of privacy and the responsible use of data generated from connected devices. That means more than four out of every five people aren't ready to trust connected devices or the ethics of those producing or deploying them.
This is an astonishing fact, and one that will stymie voluntary adoption of connected devices and reduce the potential benefits of widespread use of such devices. I write constantly about the importance of trust in the internet of things, whether it's between consumers and smart speaker vendors or suppliers and the manufacturers they work with.
By making it easy to "see" what's going on in the home or inside a piece of equipment, the internet of things can shed light on habits or actions one may want to keep hidden. It might expose someone's IBS or a company's trade secrets. Layering algorithms on top of the internet of things' sensing capabilities requires even more trust.
Consumers and businesses must be able to trust that the algorithm is measuring what it's supposed to and drawing conclusions that benefit all parties to some extent. This isn't simply eliminating bias, but involves making sure the decisions made by the algorithm take into account the needs of both buyers and sellers, or of varying business partners. Many people blithely assume an algorithm is neutral, but every decision will involve tradeoffs, which means businesses will likely want to understand the impacts of any AI and negotiate how they work when they are entering into agreements tied to IoT data and AI.
For consumers, this will be more of a challenge. The WEF report suggests that when it comes to sensing, transparency will be key, and governments will have to regulate this in ways they haven't yet. On the transparency side, the WEF calls out two elements: one is to tell users what data is gathered and who has access to it. But a second element is to share what inferences can be made with that data. From the report:
"While companies tend to provide an “informed consent” standard to verify and ensure that users are fully aware of the rules and limits of a software or platform, the current model does not effectively educate users of the implication of their choices."
I think helping consumers understand the implications of their choices is a laudable goal, but it's also impossible. For example, heart rate data from my wearable might be used to monitor my health, but it could also be used to track whether or not I'm paying attention while I drive. Every day I get emails from companies about new ways to parse sensor data to generate a new biomarker or efficiency metric. (I got one the other day that tried to explain how volume in an office setting correlated to productivity.)
In a more serious example, that same heart rate data might be used in court if I were charged with a crime. How does a company or government explain all these things to a consumer? How does a consumer even begin to understand the potential implications? I'd like to see the WEF focus on how to build legislation that protects consumers and businesses from harmful outcomes of using this data.
We need impartial studies where we measure the potential algorithms and sensor data to prove it actually does indicate what the AI is trying to measure, and then we need conversations about individual privacy weighed against the public good of using that AI or data. It should probably look something like this.
Otherwise, we risk people avoiding connected devices because the perceived harms for the individual far outweigh any benefits for us all. And that would be a shame, because having a better understanding of our world and how we interact with it could help us solve some real problems. |
|
|
|
|
| Advertise in this newsletter SPONSORED |
| |
|
Want to reach our audience in 2023? Sponsor my newsletter and podcast, and you'll never see this billboard again!
Request a media kit. |
|
|
|
|
| Ransomware may be waning, but wiper malware is growing |
| |
Ransomware payments are dropping even as there's been a shift in hackers' tactics toward using wiper malware to delete data rather than ransom it, according to data released in two reports issued this week. First up, Chainalysis, which tracks cryptocurrency payments to and from known hackers' accounts, says ransomware groups extorted $311 million less in 2022 compared to the $768 million they scored from victims in 2021.
That's quite a drop! And while Chainalysis is undoubtedly missing some payments, the BBC article cited above quotes negotiators and insurers who note that victims are refusing to pay hackers or are negotiating payments down. This may be one reason Nozomi Networks, a security company, writes in its latest security report that hackers are "shifting tactics from data theft and Distributed Denial of Service (DDoS) attacks to leveraging wiper malware to cause disruptive attacks on critical infrastructure." |
|
| — Fewer vulnerabilities affect more products and more companies. Image taken from the Nozomi Networks OT/IoT Security report. |
|
|
The Nozomi report blames the growth in wiper attacks on hacktivists who aren't focused on money so much as disrupting operations of a company or government utility. For me, the real value of this report is in the details on how hackers are getting in and the tools they use to do so. For example, it's clear that weak passwords or default passwords are still a huge problem in many industrial settings, and hackers are taking advantage of them.
Based on data from select Nozomi customers, more than 4 million intrusion alerts in the second half of the year were attributed to weak or cleartext passwords. The report also notes a two- to three-fold increase in the number of attempts to use default passwords to gain access to a system, leading Nozomi researchers to think hackers were botnets repeatedly trying popular default credentials to get on a network.
The good news is that many new devices don't use default passwords, and most IT (and even OT) personnel are aware that default passwords are a problem. Still, the problem will remain in existing networks for decades, as much of the existing equipment is long-lived and expensive to replace. In that case, security professionals recommend making note of the problematic equipment, separating it out onto its own network if possible, and ensuring it has monitoring no matter what.
Unfortunately for those of us in the internet of things, the most vulnerable systems remain manufacturing and healthcare, where devices on both the OT and IT networks are vulnerable. On the IT side, Nozomi found Trojan malware is still the most common by far on enterprise networks, whereas remote access tools are most commonly used to access OT networks.
As I said in the previous story, I believe we've come a long way in the years since Mirai first hit when it comes to cybersecurity. We now have laws that forbid default passwords, mechanisms to track vulnerabilities as they arise, and government guidelines to help companies take steps to make their networks more secure. However, because many of the older devices are still out there and vulnerable, cleaning up the cybersecurity mess will take time.
And as the reports out this week show, hackers will continue to shift tactics as vulnerabilities are closed. One trend Nozomi foresees is using ChatGPT and other AI language services to generate compelling social engineering attacks to get employees to download malware onto the network. This means I'll have to keep my eye on these reports for the foreseeable future. |
|
|
|
|
| Wi-Fi Solutions for the IoT SPONSORED |
| |
|
In today’s feature-packed IoT devices, wireless coexistence is necessary. It’s also exceedingly complex.
Silicon Labs' Wi-Fi portfolio is designed specifically for the IoT, where multiprotocol, RF performance, ultra-low power consumption, and fast time-to-market are critical. With industry-leading modules and SoCs as well as software solutions, including Matter, our products provide a system-level approach to application development.
Learn more about Silicon Labs' low-power Wi-Fi hardware, software, tools, and development kits. |
|
|
|
|
| Episode 406: Return of the HomePod |
| |
| This week's show kicks off with a discussion of Apple's new HomePod, which has some cool machine learning capabilities and new sensors built into it, along with a higher price tag than most smart speakers. Then we talk about a survey out of the U.K. that asked 119 appliance makers about their plans to continue updating software over the life of the appliance, finding out some won't commit to updates. A former Nest employee has a new connected composting startup we have some questions about. Then we talk about some deals in the enterprise and industrial sector with the $1.2 billion acquisition of Sierra Wireless by Semtech completed, and a $7 billion hostile takeover of National Instruments by Emerson. In smaller news, we talk about what it means that Google's new Chromecast 4K remote does away with batteries, Wyze's new connected cameras that bring back the $20 price tag, and Kevin's review of the Govee Smart Kettle purchased by his wife. |
|
| — The new Apple HomePod will ship on Feb. 3. Image courtesy of Apple. |
|
|
| Our guest this week is Ivo Rook, COO of 1NCE, a company that provides device connectivity for 10 years at a cost of $10. Obviously this isn't for smart phones or cameras, but for many IoT devices, this type of flat-rate pricing over a long period of time makes it easy for developers to create a device and predict exactly how much it will cost to support. Rook discusses how the 1NCE mindset differs from the traditional carrier approach and explains the rationale behind a new operating system 1NCE announced at CES. It's not exactly an OS, but more of an abstraction layer for data traveling from the device to the cloud. It's a good idea, and the open, developer-friendly ethos 1NCE has is pretty exciting. Enjoy the show. |
|
|
This week on the IoT Podcast Hotline, we answer a listener question about motion sensors that don't always work, which inspired us to create a survey asking where y'all build your smart home automations.
The IoT Podcast Hotline is brought to you by Silicon Labs. Silicon Labs is a leader in secure, intelligent wireless technology for a more connected world. Learn more about their integrated hardware, software and development tools at silabs.com. |
|
|
|
|
|
| I might need to buy a smart kettle after my current one breaks |
| |
|
| — Kevin's wife purchased the Govee Smart Kettle on sale for about $65, and while small, its connectivity does give it a big boost. I like the idea of being able to connect my kettle to Google or Alexa so I can add it to a morning routine or control it with my voice while in another room of the house. Kevin shares his findings on the smarts, the heating accuracy, and other features of this kettle here. Image courtesy of Kevin Tofel. |
|
|
|
|
|
|
|
| News of the Week |
| |
Is Apple making my “HomePad”? For at least two years, I’ve been suggesting (or at least hoping) that Apple should make a smart display to compete with Amazon and Google. I’ve referred to the product idea as a HomePad. We don’t know the name of this mythical product, but we do have reports that it’s in the works. According to Marc Gurman, Apple is progressing toward offering a low-end iPad specifically suited for smart home interactions. The device will reportedly have a magnetic attachment that would allow it to be mounted. I suspect it will also mount to some type of HomePod dock, but I’d buy one even if it didn’t. (Bloomberg) — Kevin C. Tofel
This smart vest doesn’t seem very smart: Upon first glance, the $220 Carhartt X-1 Smart Heated Vest sounds smart. The word “smart” is right in the name, after all. Digging into the details though, I’m disappointed. The vest uses Bluetooth to communicate with a companion mobile app and regulates your temperature with AI. So far, so good. That AI feature monitors the current temperature, the surrounding environment, and the amount of layers you’re wearing under the vest. But you have to manually select your activity type and mark off all the layers you’re wearing in the app before doing anything. Seems like a pretty dumb smart vest to me for the price. Maybe version 2 will eliminate the manual steps required to boost the vest’s intelligence. (The Verge) — Kevin C. Tofel
Gonna make you sweat (Everybody drink now): At $129, the Nix Hydration Biosensor is a wearable sensor to monitor your sweat output. I can do that by looking at the shirt stains under my arms, of course, but Nix adds an impressive feature. It analyzes sweat production and calculates how much electrolyte loss your activity is causing. Using that data, the Nix can tell you how much water and how many electrolyte supplements you need to top up your tank. I’m impressed for $129. I’m less impressed that a four-pack of single-use sweat sensors sets you back $25. And my apologies to C+C Music Factory for the slight tweak to its 1990s dance hit in the headline, but in my defense: How often do I get to use a throwback like this? (CNN) — Kevin C. Tofel
We’re smartly securing our homes in the U.S.: Research firm Parks Associates published a data report this week looking at the high level state of the U.S. smart home. According to the company, 40 percent of households now use a smart lock or some other smart security system. Since security is a logical first step foothold for a homeowner to take with IoT, that suggests there’s still a large addressable market for these products. I’m curious if these smarter systems are actually reducing theft and break-ins, but I haven’t seen any data on that. Additionally, more than half of households (54 percent) have some type of connected health product, while only 38 percent have purchased at least one smart home device, according to Parks. The full report contains more interesting data points and is freely available by providing contact information. (Parks Associates) — Kevin C. Tofel
Energy harvesting in the IIoT: Element 4 announced a multi-solution to recharge batteries in Industrial IoT environments this week. The startup company uses vibrations, radio frequencies, solar, and other sources to recharge batteries using its Gallium 1.0 solution. The product itself has no batteries, but can essentially replace a battery. It attaches directly to sensors built by other companies, capturing power which is then used to grab and send sensor data over a LoRaWAN network. Given that smaller sensors don’t require much power, I can see this as a viable, renewable power source. Indeed, Element 4 says the Gallium 1.0 can create power from light as low as 50 lux. No, this won’t work for every IIoT sensor, but it does help eliminate the need to install and/or replace small batteries in many of them. (Taproot Edmonton) — Kevin C. Tofel
The U.K. is moving ahead on a smarter grid: Back in the early 2000s, the smart grid referred to adding connected meters to homes and business to remotely track electricity use, as well as adding sensors on power lines and transformers to track outages as they happened. Today, a smart grid should refer to a two-way grid that allows users to send power back to the grid as needed and allows utilities to also control demand through connected appliances. The U.K. is heading toward that goal and its largest tool appears to be electric cars and their chargers. The U.K. government and its electricity regulatory agency published an Electric Vehicle Smart Charging Action Plan that offers funding and education around a network of chargers that can pull energy from the grid or push it back into the grid as needed. The goal is to have a network of such chargers by 2025. It's a good indication of where we're heading in the next few years. (IoT for All) — Stacey Higginbotham
What do you call it when Industry 4.0 meets the blockchain? This article calls it the machine economy, and the two authors spend a lot of time painting a picture of a world where smart contracts, NFTs, decentralized autonomous organizations (DAOs), and decentralized finance all become tools for companies that have connected their operations using the IoT. The authors suggest that new business models that arise could involve creating a DAO that purchases an expensive machine and shares in the profits or using NFTs to protect IP while sharing data between partners. I am a big believer in the opportunity of blockchain technologies and autonomous contracts for the internet of things, but I worry the profiteering around cryptocurrencies will keep the benefits and serious efforts to a minimum for a while. (Journal of Innovation) — Stacey Higginbotham
Amberflo raises $15 million to enable usage-based pricing: In the prior blurb, I talked about using decentralized ledgers as a means to enable more granular pricing and new business models for industrial applications. Amberflo, a startup that launched in 2020, wants to help make usage-based pricing easier for businesses to implement. I've spent the last decade or so waiting for usage-based pricing to hit the big time, and it always seems to be just around the corner. Amberflo's idea is to decouple the metering of usage from the pricing or billing, and Amberflo provides the accurate metering for customers. This makes it easier for Amberflo's end customers to create pilot programs and adjust the pricing based on whatever factors matter to the customer. (Amberflo) — Stacey Higginbotham
Check out this $4 IoT module with all the radios: Sipeed has launched the Sipeed M0S IoT module that will cost $4 and have Bluetooth, Wi-Fi 6, and Zigbee all combined with a 320 MHz RISC-V microcontroller. This module will compete with the small ESP32-C4 and newly announced ESP32-C6 modules, but the pricing, performance and radios have me wondering how long it will take before we see this module become a baseline in IoT devices. That will, of course, mean another victory for RISC-V! (CNX Software) — Stacey Higginbotham
Want to sponsor this newsletter and the IoT Podcast? Our 2023 media kit is now available. Request a media kit.
|
|
|
|
|
|
|
|
|
|
