By 2015, some 75 percent of global population will be online, and the world will have more than six billion online devices. So the manufacturer Bosch pointed out in its preliminary results for 2013, released on January 22. In the company’s view, however, this only scratches the surface of the potential. Bosch says that it will make all its electronic appliances web-enabled. As Dr Volkmar Denner, chairman of the board of management of Robert Bosch GmbH put it: “The way the internet has risen over the past 20 years, as well as some of its repercussions, could not have been predicted. This will be true of future developments as well. As a result, we have to be fast and agile when dealing with a connected world.” Among the company’s figures, it said that the Security Systems division was able to generate strong growth with communications services.
Pictured is the making of Bosch sensors – originally developed for use in cars. At the CES 2014 consumer electronics show in Las Vegas sensors were shown to be a key enabler of the Internet of Things. A network of wireless sensors gathered and reported information about the company stand, whether doors were open or closed, noise, temperature, air pressure, and humidity around the booth.
We know all about the internet by now – what of this next big thing, the internet of things? For instance, for the home; physical objects will be networked, allowing automated control for electronic appliances, including security. Smart homes can check security through things such as condition monitoring – has the temperature fallen because a door or window is open? What then are the security opportunities – and risks?
Information security is the upcoming thing most likely to keep IT guys awake at night. BCS, the former British Computer Society now the UK Chartered Institute for IT, found in its annual ‘digital leaders’ survey that 57 per cent rate mobile computing, then information security (53pc) and cloud computing (49pc) as their top IT topics or trends for 2014.
Adam Thilthorpe, Director of Professionalism for the institute said: “It’s probably not surprising that security is the issue most likely to keep digital leaders awake at night. Cyber security is high on everyone’s agenda from issues around BYOD, cloud computing through to data management, loss and intellectual property – it’s an important issue for organisations to get to grips with.”
The survey also asked leaders to look further ahead and consider the priorities for their organisations for the next three to five years: they were information security (55pc), cloud computing (48pc) and big data (47pc). For the report in full visit the BCS website – http://www.bcs.org/upload/pdf/digital-leaders-report-2014.pdf
Proofpoint, Inc, a US-based security-as-a-service (SaaS) provider, says that it has uncovered what may be the first proven Internet of Things (IoT)-based cyberattack involving conventional household ‘smart’ appliances. The SaaS firm spoke of more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refridgerator that had been compromised and used as a platform to launch attacks.
As the number of such connected devices is expected to grow to more than four times the number of connected computers in the next few years, proof of an IoT-based attack has security implications for device owners, the IT security firm suggests.
Just as personal computers can be unknowningly compromised to form robot-like ‘botnets’ that can be used to launch large-scale cyberattacks, Proofpoint says that its findings show that cyber criminals have begun to commandeer home routers, smart appliances and other components of the Internet of Things and transform them into ‘thingbots’ to carry out the same type of malicious activity. Cyber-criminals intent on stealing identities and infiltrating businesses’ IT systems have found what the IT security firm terms a target-rich environment in poorly protected internet connected devices that may be more attractive and easier to infect and control than PC, laptops, or tablets.
The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting enterprises and individuals worldwide. More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refridgerator. No more than ten emails were initiated from any single IP address, making the attack difficult to block based on location – and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices exposed on public networks, and available to hackers for takeover and use.
David Knight, General Manager of Proofpoint’s Information Security division, said: “Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse. Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them.”
As IT people have long predicted security risks associated with the rapidly proliferating Internet of Things (IoT), this most likely will not be the last example of an IoT attack. IoT can include every device that is connected to the internet – from home automation products including smart thermostats, CCTV cameras, refridgerators, microwaves, home entertainment devices such as TVs, gaming consoles to smart retail shelves that know when they need replenishing and industrial machinery – and the number of IoT devices is growing. Billion of things will be connected via the internet. But IoT devices are typically not protected by the anti-spam and anti-virus as available to businesses and consumers, nor are they routinely monitored by IT departments or alerting software to receive patches to address new security issues as they arise. Proofpoint warns that businesses can’t expect IoT-based attacks to be resolved at the source; instead, preparations must be made for the inevitable increase in highly distributed attacks, phish in employee inboxes, and clicks on malicious links.
Michael Osterman, principal analyst at Osterman Research, said: “The ‘Internet of Things’ holds great promise for enabling control of all of the gadgets that we use on a daily basis. It also holds great promise for cybercriminals who can use our homes’ routers, televisions, refridgerators and other Internet-connected devices to launch large and distributed attacks.
“Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won’t work to solve the problem.”
What might manufacturers do about the likely trend of IoT?
Bosch has set up a new company, Bosch Connected Devices and Solutions GmbH, for the internet of things and services: the company says that it will compact electronic products and software designed to make devices and objects intelligent and web-enabled across a range of applications. Its first focus is on sensor-based applications for intelligently networked homes, or “smart homes,” and the fields of traffic, transportation, and logistics.
Dr Volkmar Denner, chairman of the board of management of Robert Bosch GmbH, sayd: “From vehicles and smart phones to containers and machines – by 2015 more than six billion things will be connected to the internet. Entirely new services will emerge that will transform people’s everyday lives and open up huge new business opportunities. These services will rely on the smart networking of devices within wider systems. Setting up Bosch Connected Devices and Solutions is a key strategic step in our plans to expand our portfolio for the internet of things and services.”
Bosch Connected Devices and Solutions GmbH is based in Reutlingen and will also have sites in Coimbatore, India, and Suzhou, China. It will developf networked sensors and actuators. Actuators convert electrical signals from sensors or control units into a physical action, such as automatically switching a light on and off or opening and closing a valve.
Tiny MEMS sensors with their microscopically fine structures can be used to measure acceleration, air pressure, the earth’s magnetic field, yaw rate, noise, or temperature. The sensors can be intelligently programmed using software algorithms and equipped with microcontrollers, miniature batteries, and radio chips, enabling them to process measurement data and send it over the internet to other devices, such as a user’s smart phone. In principle, this makes it possible to bring all the things that people use in their everyday lives online, gradually merging together the real and virtual worlds.
Bosch points out that it is the world’s largest supplier of MEMS sensors in terms of sales revenue and produces more than one billion micromechanical sensors a year for the automotive and consumer electronics markets.
Denner says: “The introduction of MEMS sensors in automotive electronics in the 1980s and 1990s marked the first wave of growth. The second major wave has been their widespread incorporation in smart phones, tablets, and games consoles since the beginning of the 21st century – and the internet of things and services now heralds the third wave. We’re convinced that it will far surpass the first two waves.
“Sensors, signal processing, batteries, and transmitters have become so small, energy efficient, and inexpensive – even as all-in-one units – that they can be used in their billions. And at the same time radio networks are now available almost everywhere.”
Applications
Using a combination of sensors and software, a smart home can, for instance, detect that the windows upstairs are open and link this piece of information to a weather forecast from the internet. To protect the house from an approaching storm, the system would be able to automatically close the windows and lower the shutters. During vacations, controls can switch on lights at random to deter intruders. If a motion sensor is triggered, the smart home can alert a security service and feed a video stream to the owner’s smart phone.
Meanwhile, “smart plugs” can be used to switch a garden nursery’s irrigation system on and off depending on the soil’s moisture content. Sensors integrated in packages and consignments of goods can be used to monitor their transport. The data shows whether the goods have been handled roughly, dropped, left out in the rain, or exposed to unusual temperatures, so responsibilities can be correctly assigned at all times. If a consignment disappears, the recorded geodata allow the route it took to be tracked.
At CES 2014
At the Consumer Electronics Show (CES) 2014 in Las Vegas, Bosch presented the possibilities for the home offered by the internet of things and services. Combined in a radio-enabled network, multiple sensors could continuously read and transmit information on their surrounds. This let authorised users to find out which doors are open or closed, how noisy it is, and how the temperature, pressure, and humidity have varied over the day at different points in the exhibition booth.
And meanwhile ABB, Bosch, Cisco, and LG aim to set up a consortium to provide a software platform for smart homes. The companies have now signed a memorandum of understanding to this effect. The plan is subject to approval by the antitrust authorities.
Under the memorandum, the parties intend to develop an open architecture for data exchange. The software would allow devices and services to interoperate, and to exchange information with each other.
The firms say that this will allow appliances and devices made by rival manufacturers to be part of home automation, security, healthcare, and entertainment services. A common platform such as this has not been available up to now, making it a challenge for appliances and devices – from light switches, motorised roller blinds, washing machines, multimedia, to smart phones, and tablets – to communicate with each other or to simply exchange information over the internet in a standard way.
The software platform is intended to make the standard available to all manufacturers, software developers, and service providers. It is intended to unite diverse services in areas such as energy management, security technology, and convenience and consumer electronics.
Applications are already possible such as opening shutters remotely. However, each of them requires a technical solution of its own, and the various solutions are not always compatible with each other., say ABB, Bosch, Cisco, and LG. Those firms say that they intend to develop a common language that allows the appliances to communicate with each other. Under the standards that the consortium intends to establish, and that would be available to all manufacturers, appliances would be connected to a home gateway, which itself would be connected to the internet and a software platform. In this way, the services of different providers can interoperate. The firms say that anyone who buys a new refrigerator, washing machine, heating system, or other type of electrical appliance featuring the consortium’s certificate of compatibility would be able to expect that the appliance will interact and be compatible with the other appliances already in their smart home.
About the smart home
“Smart home” is used to describe buildings whose appliances are connected with each other, and thus offer their occupants new functions and services. In most cases, these can be controlled remotely over the internet. The terms “smart house,” “smart living,” and “e-home” are sometimes also used to describe the same approach. Whatever the term used, the meaning is the same. A benefit is efficient energy use. For example, if energy prices are available on the internet, homes can react automatically to them to cover their needs as cost-effectively as possible – and this without their occupants themselves having to act. The washing machine would then start when electricity is cheap.
