IoT News Weekly – June 10, 2022
Brought to you by: IoT Secure
This week’s IoT News Kaleido Intelligence published a massive IoT Market survey. In Mumbai they are delivery diesel to your door with IoT, Automotive industry is gearing up to use even more IoT in their products, a “Smart” scale is leaking your sensitive information, the Industry IoT Consortium announced they updates to their Industrial IoT Internet Connectivity Framework, and finally major US agencies are warning of ongoing state-sponsored Chinese attacks.
Thank you for tuning it today to the third of our IoT News Weekly series, I am your host John Nye, and let’s get into the news
In London, a leading market connectivity and intelligence firm, Kaleido Intelligence, published the largest iot-connectivity survey ever. In their survey Kaleido surveyed over 750 IoT professionals asking them to identify pain-points for those that are planning to, or are currently deploying IoT. Questions like, what are your biggest concerns? And, what is required from IoT manufacturers? In order to better understand the drivers and hindrances in IoT adoption.
Some of the highlights of the research are: Cellular or 5g deployments present persistent concerns about security and service availability. Current and future IoT Developers said their number one concern is end-to-end security. They also expressed concerns about roaming restrictions for multinational soluitons, as well as an expectation that internet providers should provide security features.
In Mumbai, India a new startup is making waves as the first major Diesel fuel delivery service called “The Fuel Delivery”. The application, and backend IoT-based infrastructure make their service offering possible. By using multiple methods of contact, including iPhone and Android apps, they also take orders from their business to business customers via email, phone, and through their customer service representatives who maintain regular communications with their top clients. The startup uses tanker trucks with fuel dispensers called Bowser trucks. Their vehicles are all equipped with state-of-the-art IoT devices to track the trucks location as well as fuel levels.
The automotive industry is gearing up for full-on IoT takeover in the 2022 Automotive IoT Global Market Report. Some highights from the reports include; the automotive IoT market is expected to grow from it’s 2021 market cap of just over $115 billion by almost $10 billion to more than $125 billion in 2022. The market for automotive IoT is expected to grow to exceed $219 billion by 2026. The major manufacturers who will see the most benefit from this growth are the likes of Texas Instruments, NXP Semiconductors, Intel Corporation, TomTom, Cisco Systems, Microsoft, IBM, Google, AT&T and Robert Bosch… so no surprises there. To learn more and see the report check out the link below in the description.
Consumer focused IoT in the form of a Smart Weight Scale is in the news for a new zero-day exploit. According to security researchers at the UK InfoSec firm Fortbridge, they discovered five previously unknown vulnerabilities in the Yunmai Smart Scale app which when combined can be used to take over user accounts and access sensitive user details like age, gender, heights, family relationships, profile photos and of course their weight.
The Yunmai Smart Scale app is designed to allow users to record and track their weight, body-mass-index, body fat percentage, among various other health factors. According to the stats on the Androud app store the application in question has been downloaded more than half a million times just on the one platform. Yunmai did respond to the findings by releasing a single patch for ONE of the four issues, and researchers were able to bypass the patch and still exploit the application.
If you are using this device or application make sure and read more in the link in the description below.
On June 8th the Industry IoT Consortium, aka IIC, announced they had updated the Industrial IoT Internet Connectivity Framework, or IICF. The IICF is a foundational document that is intended to guide the development of Industrial IoT (IIoT) connectivity architecture. In this latest version of the IICF, IIC has expanded guidance around lightweight, resource-constrained devices often found in edge networks. The IICF is primarily designed to define the IIoT communications stack and provide connectivity standards guidance to assist Industrial IoT users in choosing the best standards based on their specific needs and system requirements.
Dr. Rajive Joshi, the lead author and co-chair of the IIC Connectivity Task Group said, “Five years ago, the IICF laid the foundation for ubiquitious data sharing across the rich but often confusing landscape of IIoT applications. Today’s important updates and new assessments cater to the communication requirements of resource-constrained devices. IIoT architects can use this document confidently to review up-to-date requirements, technologies, standards, and solutions that enabled rapid, open information exchange across their systems.”
United States agencies warned the public of Chinese hackers targeting telecoms and network service providers in the states. According to the joint advisory released by the U.S. National Security Agency, (NSA) the Cybersecurity and Infrastructutre Security Agency (CISA), and the Federal Bureau of Investigation warned that China-based state-sponsored cyber actors have been actively leveraging known network vulnerabilities to exploit both public and private sector organizations since 2020. The campaigns that this statement identifies are known to exploit known security flaws in networked devices, such as routers and network attached storage, using this access to burrow deepr into victims networks. The compromised devices are then used within their command-and-control (C2) networks to attack other targets at scale.
In the statement some of the most common vendors effected by the attacks are, Cisco, Citrix, DrayTek, D-link, Fortinet, MikroTik, Netgear, Pulse, QNAP, and Zyxel. If you have devices by any of those manufacturers or just want to learn about this alert there is a link in the description below.
Thank you for tuning in today, and don’t forget to like and subscribe to our channel so you won’t miss our weekly IoT News updates.
In the description below are links to the sources for all the stories we discussed today.
If you’d like to learn more about IoT-secure and what we can do to help protect your network, go to IoTsecure.io today.