IoT Roundup: Carriers and connectivity fueling Microsoft’s IoT expansion, IoT networks getting smarter, and security corner

It’s easy to fall into the habit of thinking about IoT as something that a business has to manage largely on its own – embedding sensors, building a network and connecting a back end all at once. Some kinds of IoT implementation require a lot of in-house work, to be sure; but, increasingly, there are options for handing off some or all of the work to a third party.

The major mobile data carriers in the US are eager to be that third party. The news last month that AT&T is teaming up with Microsoft to provide a cellular modem specifically for Azure IoT use isn’t earthshaking on its own, but it’s one example of the type of partnership that carriers seem intent on creating with players at various levels of the IoT ecosystem.

The guardian device, as AT&T refers to it, is designed to take the headache out of architecting a network for a new IoT deployment. Instead of connecting to a business’s own network or back to a data center via the public internet, users can install these cellular modems on any piece of equipment that needs connectivity, and instantly get a secured connection to Azure via AT&T’s network.

It’s a small part of a larger AT&T/Microsoft partnership, and the major IoT platform providers are also eager to team up. Microsoft has integration deals with all the major carriers, but has especially close ties with AT&T, with whom the company announced a major partnership last summer.

Major companies teaming up to tackle big IoT challenges is the biggest single way that the industry has looked to tackle the issues of interoperability and fracturing that have plagued the IoT sector. With potentially dozens of different vendors involved in any given project–sensor makers, manufacturer of the edge gateway, networking vendors, and so on–creating broad ecosystems of interoperable gear is crucial.

AI/ML in the IoT

Automated network management, whether it’s going by intent-based networking or some other label, is both a vendor hot-button and an increasingly necessary element of modern IT, as networking environments get more and more complex.

One of the reasons for that increasing complexity is the IoT, and a recent study from ABI Research said that off-the-shelf machine learning and AI toolsets are being more heavily featured by IoT vendors, and that customers are buying them. The study projected that the market for AI/ML tools aimed at IoT users will top $1 billion in 2020, and grow by a factor of ten by 2026.

The market is currently being driven by the industrial and manufacturing sector, where systems that can make near-instant decisions on how to manage equipment are highly valuable, but the eventual appeal of AI/ML technology is likely to be far broader, according to research analyst Kateryna Dubrova.

“ML and AI frameworks are also enabling advanced analytics in the cloud, where algorithmic models (predictive, prescriptive, correlations, etc.) are deployed on pre-processed and organized datasets,” she said in a statement.

The usual suspects–Amazon, Google, and Microsoft–all have AI offerings as part of their IoT portfolios, but there are more specialized vendors that could make a splash in the future, including FogHorn, Seeq and Noodle.ai, according to the report.

Botnet corner

As ever, the security issue continues to be a bugbear of IoT, and recent weeks have seen an alarming number of new botnets discovered in the wild. The first, discovered early this month by researchers at Juniper Threat Labs, appears to be targeting MVPOwer digital video recorders, using code derived from the infamous Mirai botnet. The researchers said that the attackers are potentially amateurs, given an apparent “immaturity in the attack methodology,” but added that the threat is still potentially serious.

Another two, dubbed HEH and Ttint, were discovered this month by Netlab researchers. HEH uses brute-force techniques to attack vulnerable Telnet ports on any internet-connected devices. It’s a danger to any such device, but given the general insecurity of many IoT devices, the threat there is particularly serious. The researchers also noted that HEH has the capability–not yet used in the wild–to wipe any device storage that it is connected to, meaning that it could potentially shut down huge IoT networks at a stroke.

Ttint, according to Netlab, is an exploit that targets two zero-day flaws found in Tenda-branded routers, also using Mirai-derived code to perform a range of nefarious activities. The attack can compromise sensitive information and allow the owner of the botnet to use remote access functions on the router. In contrast to the MVPOwer threat, it’s described as highly sophisticated, using encrypted communications and a difficult-to-pin-down command server. 

The standard advice for IoT security – patch vulnerable devices or keep them isolated from the public internet, segment OT from IT as much as possible – remains in effect, particularly in light of these worrisome new threats.