IoT roundup: Security holes abound, GE Digital makes noise and more

The idea of security by obscurity has been comprehensively demolished over the years, which makes it even more troubling that IoT devices continue to be manufactured with basic vulnerabilities that make them susceptible to commensurately basic attacks.

It’s not surprising that IoT is among the most popular topics of conversation among groups of hackers, according to a report released earlier this month by Trend Micro, who monitored Russian, English, Portuguese, Arabic and Spanish-language forums for discussion of IoT-related cybercrime.

There was, apparently, no shortage of those discussions. Russian hackers talked of targeting smart gas meters (in part, the report said, in order to get free gas), English-speaking cybercriminals sold access to compromised industrial-control systems, and other communities continue to share exploits freely. Tutorials on identifying vulnerable devices are common, and access to networks of compromised IoT devices is openly sold.

It’s a jungle out there, in short. Trend Micro’s researchers urge manufacturers of IoT devices to implement security from the ground up during the design phase and say that integrators and end-users must pay careful attention to whether devices they use are known to be secure and configure them for optimum security.

Exploding manhole covers

One of the reasons IoT security’s such an important issue is that the consequences are potentially life-threatening. Compromised data is one thing, but a compromised industrial robot or healthcare device could be fatal.

Yet IoT technology can also be an active measure to improve physical safety, as in the case of a system released this month by CNIguard called Sentir, which is already being used by the electric and gas utility Con Ed in New York to defend against manhole-cover explosions.

The idea is to use different types of sensors to monitor stray voltages in underground cabling, water salinity and temperature levels, and check for the presence of dangerous gases. Data from those sensors is analyzed in a cloud, allowing the system to predict explosive conditions and warn the utility before they occur.

CNIguard also said that the Sentir system’s sensors offer a degree of intrusion detection for underground Con Ed assets such as utility boxes and wire cabinets that might ordinarily be vulnerable to bad actors with access to the labyrinth of tunnels that undergird the city of New York.

IoT partnership news

Part of the reason for CNIguard’s success in New York is a partnership with British-based engineering and design company Plextek, which helped develop the Sentir system. That’s far from the only example of teaming up that’s happened in the IoT world this month.

Cybersecurity player Palo Alto Networks bought IoT security and device management vendor Zingbox for $75 million, with the idea of adding Zingbox’s AI/ML technology and cloud service to its existing firewall and Cortex offerings. As discussed, IoT security is a market with a lot of growth potential, so that makes sense.

Telematics and services company CalAmp is bringing its range of connected-vehicle tracking to Sprint’s Curiosity IoT platform, building toward a fleet asset-management product for several verticals, including the food industry and manufacturing.

A supply-chain tracking product – giving the end-user a high level of visibility into the environmental impact of transportation and fine-grained tracking of goods in transit – could help companies minimize their carbon footprints and reduce costs, the thinking goes.

GE Digital

GE Digital, the subsidiary of GE and spin-off-to-be that handles the Predix IIoT platform, announced three new updates to the Predix portfolio at its user conference in Austin this week.

Predix Essentials is a SaaS product that lets business begin the process of moving into cloud-based IIoT, centralizing GE Digital’s performance-management solutions under one roof and connecting it to on-premises data sources like Automation, Historian, and MES.

Asset Answers is a benchmarking tool that allows companies to see how their devices are performing in comparison to other businesses using the same devices and, presumably, who are also using Asset Answers. Seems like its effectiveness would be based heavily on how many other GE Digital users are operating the same hardware, but it’s there if it appeals to you.

Finally, GE Digital brought its iFIX and CIMPLICITY human–machine interface and SCADA software into the same framework, called Webspace 6.0. The company promises advanced encryption between the industrial devices and the user, who can now use an HTML5, no-install client to operate Webspace via almost any endpoint they choose, including smartwatches, phones and tablets.