Qualcomm and OSIsoft Announce Snapdragon-Powered Smart Ballpark

Subject: General Tech | August 24, 2016 - 04:15 PM |
Tagged: utilities, SoC, snapdragon, Smart Ballpark, San Diego, qualcomm, Padres, OSIsoft, iot, industrial, baseball

Ever wonder how efficiently a major venue operates when it's only full of fans on game days? It turns out they don't operate all that efficiently, and the overhead is very expensive. This is where Qualcomm and OSIsoft step in, collaborating on a new “Smart Ballpark” project for San Diego's Petco Park.

Ballpark_1.jpg

“The San Diego Padres are utilizing edge intelligence gateways, powered by Qualcomm Snapdragon processors, to collect data from critical infrastructure systems and stream it in real-time to OSIsoft’s PI System in order to monitor utilities, improve operating efficiencies and drive sustainability across the team’s entire Petco Park ballpark.”

With usage monitoring for utilities (electrical and gas energy, potable and non-potable water) the Padres - San Diego’s Major League Baseball team that calls Petco Park home - see the potential to save more than 25% in the next five years.

“The edge intelligence gateways, using Snapdragon processors, connect to sensors and legacy systems throughout the ballpark using a broad range of communication methods, including wired and wireless technologies, analog and digital inputs and multiple communication protocols. These edge intelligence gateways acquire, store and stream data in real-time to the OSIsoft PI System which then presents the data to the Padres’ facilities managers using OSIsoft’s Visualization Suite and analytics, providing the operations team with deep situational awareness of everything happening in the venue.”

Diagram_Updated (002).png

This is a mammoth implementation of IoT (Internet of Things), with OSIsoft’s PI system a major player on the industrial side. Qualcomm naturally needs no introduction, as the smartphone SoC maker found in so many devices across virtually all brands. Qualcomm has also worked on improving mobile data performance in large venues such as ballparks, with products like the X16 modem (expected in products starting in the second half of 2016) offering improved connections via carrier and link aggregation, and use of unlicensed spectrum.

Full press release after the break:

Source: Qualcomm

Intel's new SoC, the Joule

Subject: General Tech | August 18, 2016 - 02:20 PM |
Tagged: Intel, joule, iot, IDF 2016, SoC, 570x, 550x, Intel RealSense

Intel has announced the follow up to Edison and Curie, their current SoC device, called Joule.  They have moved away from the Quark processors they previously used to a current generation Atom.  The device is designed to compete against NVIDIA's Jetson as it is far more powerful than a Raspberry Pi and will be destined for different usage.  It will support Intel RealSense, perhaps appearing in the newly announced Project Alloy VR headset.  Drop by Hack a Day for more details on the two soon to be released models, the Joule 570x and 550x.

intel-joule-1-2x1-720x360.jpg

"The high-end board in the lineup features a quad-core Intel Atom running at 2.4 GHz, 4GB of LPDDR4 RAM, 16GB of eMMC, 802.11ac, Bluetooth 4.1, USB 3.1, CSI and DSI interfaces, and multiple GPIO, I2C, and UART interfaces."

Here is some more Tech News from around the web:

Tech Talk

Source: Hack a Day
Subject: General Tech
Manufacturer: Various

Introduction

Even before the formulation of the term "Internet of things", Steve Gibson proposed home networking topology changes designed to deal with this new looming security threat. Unfortunately, little or no thought is given to the security aspects of the devices in this rapidly growing market.

One of Steve's proposed network topology adjustments involved daisy-chaining two routers together. The WAN port of an IOT-purposed router would be attached to the LAN port of the Border/root router.

di1.png

In this arrangement, only IOT/Smart devices are connected to the internal (or IOT-purposed) router. The idea was to isolate insecure or poorly implemented devices from the more valuable personal local data devices such as a NAS with important files and or backups. Unfortunately this clever arrangement leaves any device directly connected to the “border” router open to attack by infected devices running on the internal/IOT router. Said devices could perform a simple trace-route and identify that an intermediate network exists between it and the public Internet. Any device running under the border router with known (or worse - unknown!) vulnerabilities can be immediately exploited.

di2.png

Gibson's alternative formula reversed the positioning of the IOT and border router. Unfortunately, this solution also came with a nasty side-effect. The border router (now used as the "secure" or internal router) became subject to all manner of man-in-the-middle attacks. Since the local Ethernet network basically trusts all traffic within its domain, an infected device on the IOT router (now between the internal router and the public Internet) can manipulate or eavesdrop on any traffic emerging from the internal router. The potential consequences of this flaw are obvious.

di3.png

The third time really is the charm for Steve! On February 2nd of this year (Episode #545 of Security Now!) Gibson presented us with his third (and hopefully final) foray into the magical land of theory-crafting as it related to securing our home networks against the Internet of Things.

Continue reading our editorial covering IOT security methodology!!

Ya, so our IoT enabled toasters need patching ... oh, only around 5 million, why is that a problem?

Subject: General Tech | July 20, 2016 - 12:45 PM |
Tagged: iot, security, amazon, Intel

The Register brings up the issue of IoT security once again today, this time looking at the logistics of patching and updating a fleet of IoT devices.  Amazon is focusing on dumb devices with a smart core, the physical device having the sensors required and a connection to the net to send all data to be processed in large database which would be much easier to maintain but does offer other security issues.  Intel on the other hand unsurprisingly prefers end devices with some smarts, such as their Curie and Edison modules, with a smarter gateway device sitting between those end devices and the same sort of large server based computing as Amazon. 

Intel's implementation may be more effective in certain enviroments than Amazons, El Reg uses the example of an oil rig, but would be more expensive to purchase and maintain.  Take a look at the article for a deeper look, or just imagine the horrors of pushing out a critical patch to 1000's of devices in an unknown state when you go live.

talkie-toaster.jpg

"Internet of Things (IoT) hype focuses on the riches that will rain from the sky once humanity connects the planet, but mostly ignores what it will take to build and operate fleets of things.

And the operational side of things could be hell."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Linux on a highway, I wanna ride it all night long

Subject: General Tech | July 14, 2016 - 01:28 PM |
Tagged: linux, iot, security, Automotive Grade Linux

Has the almost obscene lack of security in automobile software made you somewhat paranoid, even if you trust the Tesla autopilot?  Has the fact that a mere attempt to access your cars software could land you in jail turned you completely off of buying a car less than 10 years old?

How would you feel about a version of Linux controlling some of the features of your car?  That is exactly what the Linux Foundation is working on with the AGL project.  The hardware used will include DragonBoard, Wandboard, and Raspberry Pi and automobile manufacturers joining the project include  Ford, Subaru, Mazda, Mitsubishi, Toyota, Nissan, and Jaguar Land Rover.  So far the project only encompasses in-car entertainment but it does have the potential to grow beyond that.  Check out the story on Linux.com for more.

Automotive-Grade-Linux.jpg

"The Linux Foundation’s Automotive Grade Linux (AGL) project, which is developing a “Linux-based, open platform for the connected car,” announced the release of the second version of its Unified Code Base (UCB) distribution for in-vehicle infotainment (IVI)."

Here is some more Tech News from around the web:

Tech Talk

Source: Linux.com

Oh snap, old phones and new IoT devices just sprung another leak

Subject: General Tech | March 15, 2016 - 01:11 PM |
Tagged: snapdragon, qualcomm, security, iot

TrendMicro discovered vulnerabilities in the Qualcomm Snapdragon 800 series, including the 800, 805 and 810 on devices running a 3.10-version kernel.  They have privately discussed the issue with Google who have since pushed out updates to resolve these issues on their phones, preventing attackers from gaining root access with a specially crafted app.  Unfortunately that is the tip of the iceberg as according to Qualcomm more than a billion devices use Snapdragon processors or modems, many of them IoT devices which have not had this update.  With the already fragmented market getting worse as everyone and their dog are now creating IoT devices the chances are very good that your toaster, fridge and other random internet connected devices are vulnerable and will remain so. 

You should think twice when considering the balance of convenience and security when you are purchasing internet connected household appliances and other IoT devices.  You can see what Slashdot readers think about this here if you so desire.

sd_processor_03.png

"Security experts at Trend Micro have discovered a vulnerability in Qualcomm Snapdragon-produced SoC devices. In fact, it is the same vulnerability that cropped up earlier in the month, affecting Nexus 5, Nexus 6, Nexus 6P and Samsung Galaxy Edge Android handsets. This in itself is concerning as these are devices that are no longer in line for security updates, but more concerning is the fact that the same chips are used in IoT devices."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

If you have a Trane thermostat you should update the firmware immediately

Subject: General Tech | February 9, 2016 - 01:30 PM |
Tagged: trane, iot, security

It is not a good sign when a security team refers to your smart thermostat as "a little malware store", especially when the flaws have been known for some time.  Indeed the original issue of hardcoded SSH passwords has been known since 2014 and the update took a year to be created.  Unfortunately most owners of a Trane Thermostat will not have upgraded their firmware, even if they knew about the update as it is not something which was installed remotely.  Instead you need to download the new firmware onto an SD card and manually install it on the thermostat.  Last month another update was released to address a remote code execution vulnerability in the ComfortLink II, which was not generally known until The Register posted about it today.  If you are using this device you should get an SD card handy and download the firmware.

1401223883460.png

"In April 2015, one year after the first alert, Trane fixed the hardcoded password issue with a new release of the ComfortLink's firmware. Cisco then tipped off US CERT about the remaining issues. Trane eventually addressed the flaws in its code in January 2016, but didn't tell its customers that new firmware is available."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Ever been so sick of a song you considered veering off the road to make it stop?

Subject: General Tech | January 27, 2016 - 01:24 PM |
Tagged: Usenix Enigma, security, iot

The good news is that this particular bug has been addressed but it does not make the vulnerability any less terrifying.  A mere 18 seconds of playtime on a compromised audio CD in your car is enough to insert the attack code and gain complete control over your cars computer controlled systems.  This particular vulnerability was discovered in 2010, long before the more recent vulnerabilities you would have seen all over various media.  You could shut off the engines, forcibly unlock the doors, interfere with steering and many other functions that could well cause serious damage at highway speeds or in other scenarios. 

When placing the blame, The Inquirer makes sure to point out that you should not look to the car companies as it is the software providers who are the source of the problem.  Thanks to various corporate policies no car company has access to all of the source code running in their products so a security audit will not help.  Even better is the inclusion of a government-mandated OBD-II port which allows complete control over your cars system; which you should not touch as simply plugging into it would be a crime in the USA.  There is some good news, this vulnerability resulted in Fiat Chrysler recalling 1.4 million cars at a cost of about a quarter of a billion dollars ... an expensive mistake that may convince them to change their software implementation processes.

enigma_logo_700x253.png

"The modern car's operating system is such a mess that researchers were once able to get complete control of a vehicle by playing a song laced with malicious code. Malware encoded in the track was executed after the file was loaded from a CD and processed by a buggy parser."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Make yourself a WiFi camera remote

Subject: General Tech | January 25, 2016 - 12:40 PM |
Tagged: wifi, camera, DIY, iot

Hack a Day has posted a perfect example of how inexpensive and easy it is to build yourself useful things instead of shopping for expensive electronics.  If you have looked at the prices of cameras or adapters which allow you to wirelessly take a picture you have probably been disappointed, but you don't have to stay that way.  Instead, take an existing manual remote trigger, add in a WiFi enabled SoC module like the ESP8266 suggested in the video, download and compile the code and the next thing you know you will have a camera with wireless focus and shutter trigger.  Not too shabby for a ~$5 investment.

index.jpg

"It’s just ridiculous how cheap and easy it is to do some things today that were both costly and difficult just two or three years ago. Case in point: Hackaday.io user [gamaral] built a WiFi remote control for his Canon E3 camera out of just three parts"

Here is some more Tech News from around the web:

Tech Talk

 

Source: Hack a Day

It's fixed now but for a while there your Ring let people into more than just the door

Subject: General Tech | January 13, 2016 - 12:27 PM |
Tagged: ring, iot, security, gainspan

The Ring WiFi enabled video doorbell, with optional smartlock compatibility to let visitors in remotely, would also share your WiFi password to anyone who knew how to ask.  Just use a Torx screwdriver to pop the doorbell off, press the setup button on the back and connect to the Ring and you can get the networks SSID and PSK in plain text.  Thankfully Ring has pushed out an update to resolve this issue but it is a perfect demonstration of the abysmal security on IoT devices and the lack of any thought about security implications by users or makers of these new devices.  The Register also mentions the Fitbit Aria bathroom scale as being vulnerable in the exact same way as it also uses Gainspan wireless, though at least the scale is inside your house, not accessible to anyone wandering by.

ring.jpg

"Security researchers have discovered a glaring security hole that exposes the home network password of users of a Wi-Fi-enabled video doorbell. The issue – now resolved – underlines how default configurations of IoT components can introduce easy to exploit security holes."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register