Power efficient memristors could be showing up in your smart toaster

Subject: General Tech | October 18, 2016 - 02:23 PM |
Tagged: memristor, iot

Over at Nanotechweb you can read about research being conducted on memristor technology to reduce the power required to write to a cell to make this memory type more useful in low voltage applications, such as IoT devices.  Apart from the challenges of creating materials capable of remembering how much current has flowed through them in the past there is what the researchers refer to as the sneak path problem.  When writing to a memristor, current flows to the cell that is being updated, unfortunately it also flows into a number of other cells thus increasing the current required for each write cycle.  This team hopes to overcome this issue, so far having successfully reduced the current required to 8% of that in conventional crossbar circuits.  Check out more on the research in the full article.


"Researchers at Hewlett Packard Labs in California, the University of Massachusetts Amherst and Seoul National University are reporting on a new low-current, self-rectifying memristor made from titanium ion electron traps in a niobium oxide matrix. The device might be used as an embedded memory on low-power chips and for storing data in Internet of Things (IoT) appliances."

Here is some more Tech News from around the web:

Tech Talk

Source: Nanotechweb

The Internet of Things can make you a cup of tea ... in 11 hours or so

Subject: General Tech | October 12, 2016 - 02:47 PM |
Tagged: iot, iKettle

If there is one thing that the IoT excels at, it is making simple things more complex.  It opens up new toaster based DoS attacks and can turn the act of boiling water into a day long activity.  An English software developer had a very interesting time attempting to make his morning cup of tea and being a technically inclined individual he was not about to simply give up; instead he started troubleshooting the issue.  The issue started with the iKettle dropping its connection necessitating the rest of the of the base station for the kettle but escalated to the point it was interfering with the Hadoop cluster he happened to be running in his garage.  The Register captured his debugging trials in the search for a substance that was  almost, but not quite, entirely unlike tea.  To ensure that there was salt added to his wounds, his Hue decided to perform a firmware update later that evening.


"Our story starts simply enough: a kettle. The iKettle to be precise, an IoT device that is coveted by most INQ writers for reasons they cannot entirely explain."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Know someone who uses the Johnson & Johnson Animas OneTouch Ping insulin pump?

Subject: General Tech | October 5, 2016 - 12:43 PM |
Tagged: security, hack, iot

The good news about this hack is that you would need good timing and physical proximity to the wireless remote which instructs the pump to administer insulin; the bad news is that this is all that is needed and it could result in the death or hospitalization of the target.  The vulnerability stems from the usual problem, the transmission between the remote and pump is done in the clear letting anyone who is looking retrieve serial numbers and codes.  With that information you can then trigger a dose to be delivered or quite feasibly change the default amount of dosage the pump delivers, as was done previous with a different model.

IoT security as it applies to fridges and toasters is one thing; medical devices quite another.  News of unauthorized access to pacemakers and other drug delivery systems which could result in death is not uncommon, yet companies continue to produce insecure systems.  Adding even simply encryption to transmissions as well as firmware based dosage sizes should be trivial after the release of a product and even easier before it is released.  Keep this in mind when you are seeking medical care, choosing devices which are less likely to kill you because of shoddy security makes sense.  You can pop by Slashdot for links to some stories or wade into the comments if you so desire.

"Johnson and Johnson has revealed that its JJ Animas OneTouch Ping insulin pump is vulnerable to hackers, who could potentially force the device to overdose diabetic patients -- however, it declares that the risk of this happening is very low."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

The toasters are revolting!

Subject: General Tech | September 26, 2016 - 01:01 PM |
Tagged: iot, security, upnp

Over the weekend you might have noticed some issues on your favourite interwebs as there was a rather impressively sized DDOS attack going on.  The attack was a mix of old and new techniques; they leveraged the uPNP protocol which has always been a favourite vector but the equipment hijacked were IoT appliances.  The processing power available in toasters, DVRs and even webcams is now sufficient to be utilized and is generally a damned sight easier to control than even an old unpatched XP machine.  This does not spell the end of the world which will likely be predicted on the cable news networks but does further illustrate the danger in companies producing inherently insecure IoT devices.  If you are not sure what uPNP is, or are aware but do not currently need it, consider disabling it on your router or think about setting up something along the lines of ye olde three router solution

Hack a Day has links to a bit more information on what happened here.


"Brace yourselves. The rest of the media is going to be calling this an “IoT DDOS” and the hype will spin out of control. Hype aside, the facts on the ground make it look like an extremely large distributed denial-of-service attack (DDOS) was just carried out using mostly household appliances (145,607 of them!) rather than grandma’s old Win XP system running on Pentiums."

Here is some more Tech News from around the web:

Tech Talk

Source: Hack a Day

ARM's new security focused Cortex R-52 for IoT

Subject: General Tech | September 20, 2016 - 01:20 PM |
Tagged: arm, iot, cortex r52, r-52, cortex, security

ARM's new Cortex R-52 replaces the aging R-5 and they report that it will run 14 times faster than the model it replaces.  It is also the first ARMv8-R based product they have released, it supports hypervisor instructions as well as additional unspecified safety features.  They are aiming for medical applications as well as vehicles, markets which are currently plagued by insecure software and hardware.  In many cases the insecurity stems from companies using the default software settings in their products, often due to ignorance as opposed to malice and ARM intends their default settings to be far more secure than current SOCs.  Unfortunately this will not help with those who use default passwords and ports but it is a step in the right direction.  Pop over to The Inquirer for more information.

CortexR Launch Deck-17_575px.png

"The Cortex R-52 has been five years in development and is engineered to meet new safety standards as ARM takes aim at the growing market of large-scale smart devices, such as surgical robots and self-driving cars."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

If you thought IoT security was already bad ...

Subject: General Tech | September 7, 2016 - 12:25 PM |
Tagged: iot, security, ssh, idiots

The research that SEC Consult has conducted shows that almost half of all IoT devices, from your router straight through to devices in hospitals and factories use public SSH host keys and X.509 certificates.  Since these keys are known far and wide it is depressingly easy to break the encryption on any communications from these devices and harvest passwords and other data or even to change the contents of that package on the fly.  Imagine a heart monitor which reports a strong heartbeat long after the patient has died or a large machine in a power plant being given different readings to allow it to exceed safety margins and destroy itself.  This is only getting worse, as many companies creating these IoT devices are either trying to save money by using packaged software or in some cases are totally ignorant of the effect of reusing keys.

If you can, change your keys to be device specific and isolate them on your network.  As The Register unhappily points out, this is not something your average consumer or purchasing department is aware of, let alone proficient enough to change keys on their devices.


"Millions of internet-facing devices – from home broadband routers to industrial equipment – are still sharing well-known private keys for encrypting their communications."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Qualcomm and OSIsoft Announce Snapdragon-Powered Smart Ballpark

Subject: General Tech | August 24, 2016 - 04:15 PM |
Tagged: utilities, SoC, snapdragon, Smart Ballpark, San Diego, qualcomm, Padres, OSIsoft, iot, industrial, baseball

Ever wonder how efficiently a major venue operates when it's only full of fans on game days? It turns out they don't operate all that efficiently, and the overhead is very expensive. This is where Qualcomm and OSIsoft step in, collaborating on a new “Smart Ballpark” project for San Diego's Petco Park.


“The San Diego Padres are utilizing edge intelligence gateways, powered by Qualcomm Snapdragon processors, to collect data from critical infrastructure systems and stream it in real-time to OSIsoft’s PI System in order to monitor utilities, improve operating efficiencies and drive sustainability across the team’s entire Petco Park ballpark.”

With usage monitoring for utilities (electrical and gas energy, potable and non-potable water) the Padres - San Diego’s Major League Baseball team that calls Petco Park home - see the potential to save more than 25% in the next five years.

“The edge intelligence gateways, using Snapdragon processors, connect to sensors and legacy systems throughout the ballpark using a broad range of communication methods, including wired and wireless technologies, analog and digital inputs and multiple communication protocols. These edge intelligence gateways acquire, store and stream data in real-time to the OSIsoft PI System which then presents the data to the Padres’ facilities managers using OSIsoft’s Visualization Suite and analytics, providing the operations team with deep situational awareness of everything happening in the venue.”

Diagram_Updated (002).png

This is a mammoth implementation of IoT (Internet of Things), with OSIsoft’s PI system a major player on the industrial side. Qualcomm naturally needs no introduction, as the smartphone SoC maker found in so many devices across virtually all brands. Qualcomm has also worked on improving mobile data performance in large venues such as ballparks, with products like the X16 modem (expected in products starting in the second half of 2016) offering improved connections via carrier and link aggregation, and use of unlicensed spectrum.

Full press release after the break:

Source: Qualcomm

Intel's new SoC, the Joule

Subject: General Tech | August 18, 2016 - 02:20 PM |
Tagged: Intel, joule, iot, IDF 2016, SoC, 570x, 550x, Intel RealSense

Intel has announced the follow up to Edison and Curie, their current SoC device, called Joule.  They have moved away from the Quark processors they previously used to a current generation Atom.  The device is designed to compete against NVIDIA's Jetson as it is far more powerful than a Raspberry Pi and will be destined for different usage.  It will support Intel RealSense, perhaps appearing in the newly announced Project Alloy VR headset.  Drop by Hack a Day for more details on the two soon to be released models, the Joule 570x and 550x.


"The high-end board in the lineup features a quad-core Intel Atom running at 2.4 GHz, 4GB of LPDDR4 RAM, 16GB of eMMC, 802.11ac, Bluetooth 4.1, USB 3.1, CSI and DSI interfaces, and multiple GPIO, I2C, and UART interfaces."

Here is some more Tech News from around the web:

Tech Talk

Source: Hack a Day
Subject: General Tech
Manufacturer: Various


Even before the formulation of the term "Internet of things", Steve Gibson proposed home networking topology changes designed to deal with this new looming security threat. Unfortunately, little or no thought is given to the security aspects of the devices in this rapidly growing market.

One of Steve's proposed network topology adjustments involved daisy-chaining two routers together. The WAN port of an IOT-purposed router would be attached to the LAN port of the Border/root router.


In this arrangement, only IOT/Smart devices are connected to the internal (or IOT-purposed) router. The idea was to isolate insecure or poorly implemented devices from the more valuable personal local data devices such as a NAS with important files and or backups. Unfortunately this clever arrangement leaves any device directly connected to the “border” router open to attack by infected devices running on the internal/IOT router. Said devices could perform a simple trace-route and identify that an intermediate network exists between it and the public Internet. Any device running under the border router with known (or worse - unknown!) vulnerabilities can be immediately exploited.


Gibson's alternative formula reversed the positioning of the IOT and border router. Unfortunately, this solution also came with a nasty side-effect. The border router (now used as the "secure" or internal router) became subject to all manner of man-in-the-middle attacks. Since the local Ethernet network basically trusts all traffic within its domain, an infected device on the IOT router (now between the internal router and the public Internet) can manipulate or eavesdrop on any traffic emerging from the internal router. The potential consequences of this flaw are obvious.


The third time really is the charm for Steve! On February 2nd of this year (Episode #545 of Security Now!) Gibson presented us with his third (and hopefully final) foray into the magical land of theory-crafting as it related to securing our home networks against the Internet of Things.

Continue reading our editorial covering IOT security methodology!!

Ya, so our IoT enabled toasters need patching ... oh, only around 5 million, why is that a problem?

Subject: General Tech | July 20, 2016 - 12:45 PM |
Tagged: iot, security, amazon, Intel

The Register brings up the issue of IoT security once again today, this time looking at the logistics of patching and updating a fleet of IoT devices.  Amazon is focusing on dumb devices with a smart core, the physical device having the sensors required and a connection to the net to send all data to be processed in large database which would be much easier to maintain but does offer other security issues.  Intel on the other hand unsurprisingly prefers end devices with some smarts, such as their Curie and Edison modules, with a smarter gateway device sitting between those end devices and the same sort of large server based computing as Amazon. 

Intel's implementation may be more effective in certain enviroments than Amazons, El Reg uses the example of an oil rig, but would be more expensive to purchase and maintain.  Take a look at the article for a deeper look, or just imagine the horrors of pushing out a critical patch to 1000's of devices in an unknown state when you go live.


"Internet of Things (IoT) hype focuses on the riches that will rain from the sky once humanity connects the planet, but mostly ignores what it will take to build and operate fleets of things.

And the operational side of things could be hell."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register