By Jeremy Cowan
Well, this week’s themes are BIG. Fundamental flaws in chip security are affecting all kinds of IoT devices, and big players like Intel and Apple are in the frame as they scramble to patch the problem. ‘Does the IoT have the device management tools needed to fix this?’ asks Jeremy Cowan. One analyst doubts it.
Meanwhile, planners are asking if cities will be smart enough to provide help where it’s needed most – for the elderly. (In their timefames, that’s you and me, by the way.) It’s not a coincidence that we’re seeing a growing focus on edge computing for smart cities – in some IoT sectors that may be the only way to manage all this data.
As you will have heard unless you just got in from Mars, Google‘s Project Zero security research team has released details of a serious security vulnerability. Indeed, some are calling it the most serious hardware bug of the modern era.
Samuel Hale: Access to normally off-limits data
Samuel Hale, analyst and IoT development expert at the US-based analyst firm MachNation tells IoT Now: “This vulnerability impacts literally all large cloud-services companies like Google, Amazon, Microsoft, IBM and others that offer multi-tenant services.”
So, he believes it’s no wonder that Intel’s stock tumbled following this announcement. Fixing this security problem is going to decrease enterprise application performance by approximately 10-15% worldwide. “This vulnerability is so serious,” says Hale, “that any application running on a system may be able to access normally off-limits data, such as passwords, security keys, or other sensitive information.”
He insists the implications for Internet of Things devices will be huge. “The majority of all IoT devices worldwide will need a software update very soon. Without great IoT device management, this is going to be extremely difficult to accomplish.”
Gavin Millard: Long-standing blunder in chip design.
Gavin Millard, technical director at Tenable adds: “The latest vulnerabilities blessed with catchy names and logos are deserving of the hype that will surely build. Spectre and Meltdown are both incredibly concerning from a privacy perspective, affecting the average home user and enterprises alike.
The long-standing blunder in chip design could enable an attacker to access confidential pieces of information being processed, for example grabbing a password as it’s typed, installing malware that could slurp up anything a user is working on, or browser data to enable it to hoover up credit card details and logins.” (Other vacuum cleaners are available. Ed.)
“For home users, MacOS has already been updated to address the flaw with Apple’s recent 10.13.2 patch release. For Windows, there were also fixes made available last night. Almost everybody is affected by these bugs, in ways researchers are only just discovering. It is of the utmost importance that updates are applied in a timely manner,” says Millard. “With a possible decrease in processing speed caused by addressing the flaws, organisations that rely on cloud platforms could be facing a significant financial impact from the increase in the number of workloads required to complete tasks.”
Creating a city for all
The post A Week in IoT: How secure are your devices, and your elderly? appeared first on IoT Now – How to run an IoT enabled business.
Read more here:: www.m2mnow.biz/feed/Posted on: January 8, 2018