"Truck-a-tecture." These "transformable structures for nomad living" are silly, but they’re kinda awesomely silly.
to explore the potentials of mobile living and adaptable architecture, kaneko has organized ‘truck-a-tecture’, which presents four structures at its gallery in omaha, nebraska. various american design studios participated in the event through the conception and realization of each project, including min | day, jones, partners: architecture,office of mobile design, and mark mack architects. the exhibition is intended to generate conversation on current-day trends toward nomadic lifestyles, and offers new perspectives on transformable spaces. the projects utilize various mechanical techniques to provide the itinerant individual, traveling by vehicle, the ability to spread out when temporarily stopped.
truck-a-tecture opened on june 27, 2014, and will be on display until august 23.
4:17 pm • 31 July 2014 • 1 note
The OWASP Top Ten potential IoT security screwups
*Collect the whole set!
The OWASP Internet of Things Top 10 - 2014 is as follows:
• I1 Insecure Web Interface
• I2 Insufficient Authentication/Authorization
• I3 Insecure Network Services
• I4 Lack of Transport Encryption
• I5 Privacy Concerns
• I6 Insecure Cloud Interface
• I7 Insecure Mobile Interface
• I8 Insufficient Security Configurability
• I9 Insecure Software/Firmware
• I10 Poor Physical Security
3:47 pm • 31 July 2014 • 1 note
Vulnerabilities in the IoT gadget scene
Ten of the most popular Internet of Things devices contain an average of 25 security vulnerabilities, many severe, HP researchers have found.
HP’s investigators found 250 vulnerabilities across the Internet of Things (IoT) devices each of which had some form of cloud and remote mobile application component and nine that collected personal user data.
Flaws included the Heartbleed vulnerability, cross site scripting, weak passwords and denial of service.
Some of the unnamed devices contained users’ credit card data, date of birth details and name and address records.
"And with many devices transmitting this information unencrypted on your home network, users are one network misconfiguration away from exposing this data to the world via wireless networks," the company wrote in a report (PDF).
"Cloud services, which we discovered most of these devices use, are also a privacy concern as many companies race to take advantage of the cloud and services it can provide from the internet.
"Do these devices really need to collect this personal information to function properly?"
Most devices accepted the world’s dumbest passwords including 12345 to secure remotely-accessible accounts and did not encrypt connections.
Six of the 10 had bugged web interfaces that contained persistent cross-site scripting, poor session management and weak default credentials and password-reset managers.
The report urges vendors to follow the OWASP Internet of Things Top Ten 2014used to conduct the IoT test.
It recommended all IoT devices undergo a security review covering all components, build according to security standards and apply infosec to all stages of the development lifecycle. ®
3:43 pm • 31 July 2014
*Wireframe furniture made out of, well, wire frames.
What does the chair in your living room look like before it becomes a chair? It looks like a wireframe: a digital skeleton of hidden geometry that only becomes a piece of furniture after it is turned into physical materials like wood, metal, and fabric.
The Wireframe Collection by Taiwan’s Noiz Architects imagines furniture as it would look if it leaped straight from a piece of CADsoftware directly to your living room….
3:30 pm • 31 July 2014 • 1 note
Spectral Fear, Uncertainty and Doubt
*Nothing wrong with our internet-of-things spectrum practices, says Zigbee indignantly. Everything approved, fully-tested and aboveboard.
*But somebody at least saw the money in making that allegation. Wrangle, wrangle, wrangle.
The license-free industrial scientific and medical (ISM) bands have been crucial to the burgeoning market for wireless embedded technology but, as with any resource that is held in common, it is equally crucial that all users of the band act as good citizens. In particular, the designers and implementers of platforms and products must assume that, in the normal case, they will be sharing the RF medium with a variety of other radiators, both intentional and unintentional.
This white paper describes the efforts that the ZigBee Alliance and the IEEE 802.15.4 working groups have undertaken to ensure that ZigBee devices act as good citizens, and describes some experimental results demonstrating that these efforts have been successful.
Users of the 2.4GHz ISM Band The 2.4GHz ISM band has become particularly popular in the last few years such that households, and virtually all commercial buildings, are likely to have equipment that operates in this band. A short list of possible users and possible interferers includes:
• 802.11b networks
• 802.11g networks
• 802.11n networks
• Bluetooth Pico-Nets
• 802.15.4-based Personal Area Network (PAN)
• Cordless Phones
• Home Monitoring Cameras
• Microwave ovens
• Wireless headsets
• Motorola Canopy systems
• WiMax networks
With so many users, one might reasonably be concerned that crowding in the 2.4GHz band would be a problem. Furthermore, certain promoters of competing technologies that use a different but nonetheless crowded pair of ISM bands have attempted to exploit this concern to commercial advantage with a recent white paper.
Fear, uncertainty and doubt (FUD) aside, however, the sensible approach to the possibility of interference is to expect it and to design the system from the ground up with coexistence in mind. This is what the ZigBee Alliance has done.
FUD: Proprietar y Technolog y Attac ks Zig Bee
A small company with proprietary radio and networking technology, recently published a white paper, “WLAN Interference with IEEE 802.15.4”, which attempts to paint a much bleaker picture of WLAN and 802.15.4 coexistence than the one shown in the current document. Briefly summarized, the paper claims that, except under the most benign and favorable of conditions, Wireless LAN, where the paper mostly refers to 802.11b/g, will effectively prevent 802.15.4 networks from operating.
The ZigBee Alliance offers the following points:
• This other white paper only reports on the RF performance of 802.15.4 and does not include tests involving ZigBee technology, namely the ZigBee stack. This is done intentionally and makes the performance data look worse. It leaves out the network functionality, such as retries and packet acknowledgement, added by a ZigBee stack which enhances the robustness and performance of an 802.15.4 network.
• The white paper is based on an earlier paper showing results generated by a ZigBee Alliance member company, which is also a promoter of another proprietary 900 MHz technology. One significant difference between the two result-sets; however, is that the channel-occupancy percentage of the interferer has been restated in the whitepaper at a much lower value without justification.
Thus, what was stated, in the earlier paper, as “800 packets per second – approx. full usages of the WLAN channel,” is simply restated as “80%,” giving a much less favorable picture of 802.15.4’s ability to cope.
• The method for selection of chipsets is not discussed in any detail in the whitepaper, although the author does claim to have discarded chipsets from certain vendors. It is not at all clear whether the chipsets in use were the best or the worst available.
• The tests were performed using a programmed traffic generator, which does not behave in the same way as an actual WLAN base station.
• When the test results which form the basis of this other white paper were presented to other ZigBee Alliance members, the results were immediately called into question by chip companies, platform suppliers and other test tool vendors. The test results have never been verified by another company or lab and in fact bear no resemblance to testing performed by dozens of other companies in their development of ZigBee products.
In spite of the author’s claims, the tests hardly reflect “normal” conditions in the home or small office since WLAN traffic in homes or small offices is variable and intermittent in nature.
• The author draws the conclusion, again without justification, that 802.11g will constitute a greater interference problem for 802.15.4 than 802.11b. Based on results shown here, this seems incorrect.
Given these inadequacies in methodology and the preponderance of evidence to the contrary, the conclusions drawn in a whitepaper supported by a proprietary competitive wireless technology should be considered questionable at best.
There are companies who promote a proprietary, low-data-rate, single-channel, narrowband solution meant to operate in an unlicensed ISM band already crowded with, cordless phones, wireless speaker systems, TETRA systems and other interferers in the home and small office environment. It is interesting to note, the inability of their own radios to change channels in the face of interference and which are based on older radio technology that does not offer the robustness and interference tolerance offered by 802.15.4 solutions. Also, they promote a proprietary networking scheme developed by one small start-up company that does not even begin to offer the benefits of a well developed wireless networking standard such as ZigBee, which is designed, built and supported by hundreds of the world’s leading technology companies.
Based on work to-date, it is safe to draw the following conclusions:
• ZigBee contains a great many features that are designed to promote coexistence and robust operation in the face of interference.
• Even in the presence of a surprising amount of interference, ZigBee devices continue to communicate effectively.
• Both tests and everyday use in realistic environments with real data traffic bear prove ZigBee’s robustness.
7:57 pm • 30 July 2014
Wink Hell in the home
*I’m entirely unsurprised by these problems. It’s kind of great to read about them, actually. Full of verisimilitude, makes it feel like something real is happening.
Wink’s hub, which retails for $79.99 (although it will be priced through Labor Day at $49.99 at Home Depot and Amazon) contains several radios including Zigbee, Z-wave, Lutron’s Clear Connect and the proprietary Kidde standard. It plugs into a wall, but it uses Wi-Fi so you don’t need to plug it into a router. As a feature this is nice, because when connecting Zigbee, Z-wave and Lutron gear in a larger home, it’s better if you can bring your hub close to the device you want to connect because the radio signals don’t travel as far and the mesh network isn’t established yet.
The hub is attractive and the setup process is simple. Before opening the box, you install the Wink app on your Android or iOS device (I set mine up using Android, but used both iOS and Android in the test), sign up for an account and then click through the licensing agreements. The agreement did give me pause since Wink claims all of your data as its own property, but in the spirit of testing out service I clicked through.
The first challenge lies in getting devices on the hub
I was able to add my Hue lights with no trouble, but then the trouble began and was pretty much never ending. Adding the Lutron dimmer on the wall tripped me up, because the dimmer was already paired with a remote. So to add it to the Wink I needed to unpair it, which I did with the aid of the Wink tech support guy. The unpairing step should probably be built into the app’s troubleshooting guide given that in most home networks if something won’t join your hub after a reboot, then resetting the radio to unpair it is the next step.
Then I tried to connect my TCP Connected lights, but couldn’t manage, despite resetting my remote access to ensure I had the right information. This could be a Wink issue or a TCP issue. It isn’t clear.
Adding the Kidde alarm took another call to the help line because there was some system-wide issue with the alarm, despite it being a Wink-ready product. When adding a product you had the option of using a barcode scanner or choosing from a list of products. But even with the Kidde smoke detector that was labeled as “Wink-ready,” the bar code scanner didn’t work.
I also had trouble pairing my Z-wave blinds to the system in part because the converter for my motorized shades is a clunky piece of equipment that is generally not consumer friendly. I mention it because others may want to pair other Z-wave and Zigbee devices to the Wink, but so far, other devices don’t seem to be well-supported. I couldn’t figure out a way to pair a Z-wave remote to the hub and I also couldn’t figure out ways to add the Zigbee outlets I had.
That could change with time and a software update — or so I hope. I finally gave up trying to connect new devices and stuck with the few I had managed to connect to understand the potential of the device….
7:53 pm • 30 July 2014
*This counts as yet another Internet-of-Things consortium that I hadn’t heard of. Of course a lot of guys in consumer electronics stare at the M2M scene as if they’d arrived via flying saucer from Antarctica. But they not only exist — they’re old and they’ve got muscle.
Telefónica today announced it has reached a major milestone of reaching 250 partners by the end of the year for its M2M Global Partner Program. Telefónica has signed on an additional 170 partners across Europe and the US six months ahead of schedule. New partners include device manufacturers, solution providers and distributors.
The press release follows. Please let me know if you have any questions or if you’d like to speak with Telefónica’s Pete Wilson, General Manager of Digital Services, Global Partner Sales – USA.
Telefónica now has over 250 M2M partners in Europe and the US
- Telefónica’s M2M Global Partner Programme now has 250 partners in Europe and the US. This includes device manufacturers, solution providers and distributors
- Telefonica’s target for the Programme to have “250 partners by the end of 2014” has been met after just 6 months, with 170 partners joining since the Programme’s expansion to Europe in February
Madrid, 22 July 2014: Telefónica today announced that over 250 partners have now joined its M2M Global Partner Programme, exceeding the Programme’s target of “250 partners by the end of 2014” six months ahead of schedule. This partner milestone comes just six months after the Programme expanded outside of the US to Europe.
Since February, 170 new partners - which includes device manufacturers, solution providers and distributors from Europe and the US - have joined the Programme with expansion into other markets expected this year. Interest in the Programme continues to grow with 100 additional companies close to joining as M2M partners.
The M2M Global Partner Programme was first launched in the USA by Telefónica in June 2013 as a way for the company to extend the commercial reach by partnering with key players in the M2M value chain. Telefónica is also able to use the Programme to find successful M2M Service Providers that could become future vertical solution partners for the company. The partner ecosystem supports a collaborative approach to M2M companies, enriching Telefónica’s M2M proposition to potential customers and generating a multiplier effect in terms of scale. In addition, partners can use the Programme as a way to reach new markets, helping them to increase sales and create new revenue opportunities.
Rafael García Meiro, Director B2B Global Partners Sales – Indirect Sales Channels at Telefónica commented “Our Programme has been positively embraced by the m2m market, exceeding our initial expectations and proving that this framework can establish new commercial opportunities.
“We’re moving fast, having surpassed our partner targets 6 months ahead of plan. We will now be working to extend the Programme into new regions which will further accelerate membership and enhance the portfolio of M2M solutions we can sell to our customers.
“The continued success of the M2M Global Partner Programme proves that Telefónica remains a leader in the M2M market and is further evidence of our successful transformation into a digital telco.”
It is estimated that there will be up to 20 billion objects connected by 2020 according to the GSMA. By comparison in 2004 only 92 million devices were connected worldwide.
The Global Partner Programme, and Telefónica’s activity in the global M2M market more widely, was recently praised - for the second year in a row - by Machina Research in their annual “Machine-to-Machine (M2M) Communications Service Provider – Benchmarking 2014″ report. Telefónica is listed among the four major global players dominating the global M2M market with activity such as the win of the UK smart meter contract and notable connectivity deals with the likes of Tesla and JC Decaux cited.
More information available about Telefonica M2M Channel Partner Programme on http://partners.telefonica.com
Telefónica is one of the largest telecommunications companies in the world in terms of market capitalisation and number of customers. With its best in class mobile, fixed and broadband networks, and innovative portfolio of digital solutions, Telefónica is transforming itself into a ‘Digital Telco’, a company that will be even better placed to meet the needs of its customers and capture new revenue growth.
The company has a significant presence in 24 countries and a customer base that amounts more than 313 million accesses around the world. Telefónica has a strong presence in Spain, Europe and Latin America, where the company focuses an important part of its growth strategy.
Telefónica is a 100% listed company, with more than 1.5 million direct shareholders. Its share capital currently comprises 4.551.024.586 ordinary shares traded on the Spanish Stock Market (Madrid, Barcelona, Bilbao and Valencia) and on those in London, New York, Lima, and Buenos Aires.
For more information about Telefónica’s m2m business, visit m2m.telefonica.com or follow on Twitter at@m2mtelefonica and LinkedIn.
11:39 am • 30 July 2014
Get That Silicon Valley Guy Out of Our Chinese Five-Star Hotel
A San Francisco-based cybersecurity expert claims he has hacked and taken control of hundreds of highly automated rooms at a five-star Shenzhen hotel.
Jesus Molina was staying at the St Regis Shenzhen, which provides guests with an iPad and digital “butler” app to control features of the room including the thermostat, lights, and television.
Realising how vulnerable the system was, Molina wrote a piece of code spoofing the guest iPad so he could control the room from his laptop.
After some investigation, and three room changes, he discovered that the network addresses of each room and the devices within them were sequential, allowing him to write a script to potentially control every one of the hotel’s more than 250 rooms.
"Hotels are particularly bad when it comes to security," Molina said. "[They’re] using all this new technology, which I think is great, but the problem is that the security architecture and security problems are way different than for residential buildings".
With residential automation, Molina explained, most systems will be closed and encrypted. However, in hotels and airports “or any other space where a lot of people access the network”, keeping the network secure is far more difficult.
Molina said the KNX automation system the hotel used was also insecure, which made the hack easier.
"I’m an ethical hacker, if you can say that," Molina said, explaining why he didn’t immediately plunge the entire hotel into darkness or switch every television to the same channel. Instead, he stood in the corridor and triggered the do-not-disturb lights, "so I knew I was able to control the room and everything inside".
Molina reported the problem to hotel management, which disabled the entire network while they sought a more secure automation solution. Molina said he hoped the hack, and the attention it had received, would lead to more hotels improving their security systems.
Joost Demarest, a spokesman for the KNX Association, said the most recent version of the standard did feature authentication and encryption and that it was “essential that separate Wi-fi networks are used” for the purposes of guest internet access and automation.
In a statement, St Regis Shenzhen said it had “temporarily suspended the control system of the in-room iPad remote controls for system upgrading”.
The hotel described Molina’s claim that he took control of the automation system as “unsubstantiated”.
Molina will present his findings at the Black Hat Briefings cybersecurity conference in Las Vegas next month.
"The hotel industry needs to wake up when it comes to security," he said of the risk posed to guests by open hotel Wi-fi networks.
"People think that they go to these portals and put in their room number and last name and then you access the internet," but anyone connected to the Wi-fi, even non-guests "can still see you, because we’re on the same network".
Security experts have long warned of the dangers of public Wi-fi.
"We have seen an increase in the misuse of Wi-fi in order to steal information, identity or passwords and money from users who use public or insecure Wi-fi connections," Troels Oerting, head of pan-European police force Europol’s cybercrime centre, told the BBC in March.
This article appeared in the South China Morning Post print edition as Hacker takes control of Shenzhen hotel’s rooms
11:36 am • 30 July 2014 • 41 notes
Mat Honan at Wired. “The Nightmare on Connected Home Street”
I wake up at four to some old-timey dubstep spewing from my pillows. The lights are flashing. My alarm clock is blasting Skrillex or Deadmau5 or something, I don’t know. I never listened to dubstep, and in fact the entire genre is on my banned list. You see, my house has a virus again.
Technically it’s malware. But there’s no patch yet, and pretty much everyone’s got it. Homes up and down the block are lit up, even at this early hour. Thankfully this one is fairly benign. It sets off the alarm with music I blacklisted decades ago on Pandora. It takes a picture of me as I get out of the shower every morning and uploads it to Facebook. No big deal.
I don’t sleep well anyway, and already had my Dropcam Total Home Immersion account hacked, so I’m basically embarrassment-proof. And anyway, who doesn’t have nudes online? Now, Wat3ryWorm, that was nasty. That was the one with the 0-day that set off everyone’s sprinkler systems on Christmas morning back in ’22. It did billions of dollars in damage.
Going back to sleep would be impossible at this point, so I drag myself into the kitchen to make coffee. I know this sounds weird, but I actually brew coffee with a real kettle. The automatic coffee machine is offline. I had to pull its plug because it was DDOSing a gaming server in Singapore. Basically, my home is a botnet. The whole situation makes me regret the operating system I installed years ago, but there’s not much I can do. I’m pretty much stuck with it.
When I moved into my house in the 20s, I went with an Android-compatible system because there were more accessories and they were better designed. But then I changed jobs and now my home doesn’t work with my company-issued phone. Which is a bummer because I have to keep this giant 7-inch tablet around to control everything and Google doesn’t support the hardware anymore so I can’t update it and now the door just randomly unlocks. Ugh, I’m going to have to start using keys again.
I’d just reinstall the OS, but that would be too expensive. Besides, all my Nexus Home® stuff uses proprietary chargers, and I can’t deal with having Amazon drones come in and rip out the drywall again….
1:07 pm • 29 July 2014 • 54 notes
*The down-market, scroungy banality of this Time Magazine “smart home” is quite interesting and even refreshing
11:04 am • 29 July 2014