Tag Archives: M2M

California IoT law requires manufacturers to build security into connected devices

by Steve Blum • , , ,

A pair of linked bills passed by the California legislature and signed into law late last month by governor Jerry Brown require manufacturers to preload passwords or install other security features on any kind of device that’s directly or indirectly connected to the Internet, beginning in 2020. Assembly bill 1906, carried by assemblywoman Jacqui Irwin (D – Ventura) and senate bill 327, authored by senator Hannah-Beth Jackson (D – Santa Barbara) are aimed at protecting privacy, and preventing the rise of botnets – networks of online devices that are infected with malware and used by cybercriminals for their own purposes.

The new law isn’t limited to consumer electronics products. Commercial and industrial devices – anything that’s part of the Internet of Things (IoT) – fall under the legislation’s broadband definition…

“Connected device” means any device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.

Manufacturers will have to equip a device with “a reasonable security feature” that’s “appropriate” to its “nature and function” and the type of information it collects. Preprogrammed passwords are specifically mentioned as acceptable, as is forcing users to create a password or otherwise “generate a new means of authentication” the first time they use it.

Enforcement of the new law is limited to the attorney general, county district attorneys and city and county attorneys. It doesn’t create a new windfall for contingency fee lawyers.

Up until now, California law hasn’t had much to say about IoT security. A law passed in 2015 requires warnings on Internet-connected television sets with voice recognition features, and prohibits using recorded conversations for advertising purposes. A 2006 bill established similar consumer notice requirements for WiFi access points.

A third IoT-related bill – AB 2167 by assemblyman Ed Chau (D – Los Angeles) – died in the California senate on the final day of the legislative session. It was specifically aimed at “ingestible” sensors used for health monitoring.

If you wait long enough for M2M, you’ll be disappointed

by Steve Blum • , ,

Don’t wait for orders from headquarters! Mount up, and ride to the sound of the guns!
Cavalry maxim, attributed variously to Napoleon, JEB Stuart and Pat Buchanan.

An industry committee could have prevented this.

“Machine to machine” – M2M – is a clear way of describing a rapidly growing high tech sector. It involves two (or more) devices directly interacting with each other, without the necessity of a human or higher level system reprocessing data or interjecting commands. It’s also a deeply unsexy term.

So we’re now calling it the “Internet of things” – IoT. I guess that has more marketing zing, but unfortunately it misses the point and steers attention away from the critical task at hand, which is making machine to machine communication over the Internet as ubiquitous and interoperable as people to machine interactions have been for the past 20 years.

We already have the Internet, and things can already use it at least as well as people do. What we don’t have is the World Wide Web of things: a (more or less) universally accepted device-level equivalent of hypertext transfer protocol. The M2M sector is still in its BBS era, with oases of functionality appearing here and there in the desert, sometimes linked by tenuous caravan routes of connectivity, sometimes not. We’re still waiting for a WWW-magnitude flood of interoperability.

Unhelpfully, groups of manufacturers and service providers are forming around semi-proprietary projects. Ponderous standards setting bodies, like IEEE, are lagging behind. We need an M2M equivalent of Tim Berners-Lee and his HTTP Working Group. Which seems to be where Google is headed right now. Build something simple, functional and unthreatening, then toss it out and hope that the people who want M2M to just work outnumber the people who want to own and control it. Leaving it in the hands of the latter will only disappoint. Imagine what the world would be like if we had left the colonisation of cyberspace to AOL and CompuServe?

De facto M2M protocol might be decided by appliance makers

by Steve Blum • , , , , , , ,

Popular standards flow from the lowest common denominator.

From Ericsson’s 50 billion node mobile universe to Qualcomm’s 1,000X meme, there’s been no shortage of grand vision for machine-to-machine (M2M) connectivity at CES. Meaningful standards are lacking, but at least a consensus seems to be building around what to call it: the Internet of things – IoT.

Since it’ll be using the same, old Internet, there’s no particular worry about how to deliver data from point A to point B, and back again. Work needs to be done on standardising wireless access to networks, including mobile gateways, but that’s a finite problem, both in terms of technological alternatives and the entities that need to agree on them.

The biggest hurdle right now is figuring out a protocol for interaction amongst devices that’s as universally acceptable as hypertext transfer protocol is for human-to-machine interaction.

AllJoyn is a rising contender for that role. Originally developed as an open source project by Qualcomm, it’s now been transferred to the custodianship of the Linux Foundation, which in turn has rolled it into the AllSeen Alliance, whose members…

…will contribute software and engineering resources as part of their collaboration on an open software framework that enables hardware manufacturers, service providers and software developers to create interoperable devices and services. This open source framework allows ad hoc systems to seamlessly discover, dynamically connect and interact with nearby products regardless of brand, transport layer, platform or operating system.

Qualcomm is a premier member, of course, as are LG, Sharp, Panasonic and Haier, all of which are in the business of making dull, reliable and absolutely necessary appliances like refrigerators, dryers and air conditioners. If white goods manufacturers continue to sign on with AllJoyn/AllSeen, it could become the de facto standard for consumer-grade M2M/IoT products by cornering an industry segment that makes a virtue out of short attention spans and long replacement cycles. It could also inject pizzazz into white goods – who knows, the superstar at a future CES could even be a dishwasher, instead of the usual gonzo-sized video screen.

The Linux Foundation has already made inroads into the appliance business with Tizen, bringing Samsung and Intel into the mix, at least on the operating system side. World wide washing, anyone?

Looking for the Facebook of mobile medical platforms

by Steve Blum • , , , , , ,

With 26 million people – more than 8% of the population – in the U.S. suffering from diabetes, a device that wirelessly tracks blood glucose levels will find a ready market. Which is what iHealth is targeting with a new, networked glucose monitor that was previewed at Pepcom’s Holiday Spectacular in San Francisco last week. Piece by piece, this consumer oriented medical device maker is also building an online health and wellness management platform.

The monitor costs $80 and connects to an iOS or Android device via Bluetooth. You prick your finger with a disposable test strip, the device then automatically analyses it and uploads the data to your account on iHealth’s website via your smart phone. You can log on and see your data, and share it with your doctor. Or, it seems, pretty much anybody you want.

There’s a nascent social networking function on the platform, and there are hooks to Twitter and Facebook. Although publicly broadcasting health stats seems more relevant to people who buy iHealth’s fitness related products, like its activity and sleep tracker, with the proper privacy controls it could be a valuable way to, say, keep tabs on diabetic children. Or elderly parents. There is a market and a purpose for consumer-focused, real time tracking of blood pressure, weight and blood glucose levels, as iHealth’s products do.

The online service is free, sorta. The proprietary test strips can only be used once and cost a buck apiece, so there’s recurring revenue in the business model. There’s also the potential for paid upgrades – online evaluation by medical professionals, for example.

Smart phone-enabled and M2M medical devices tied to cloud services are a growth market – hundreds of companies have adopted Qualcomm’s mobile health technology – and iHealth has a nicely diverse product range supported by an integrated and simple to use website, that’s extensible to a wide range of third-party service providers. The experience with social networks is that many jump into a market opening but, usually, one emerges as the dominant player for a given purpose – LinkedIn for professional networking, for example.

There’s no default online health platform yet, but given the history of social media, there’s every reason to think that it’ll emerge from a small start-up like iHealth.

Proprietary home automation platforms spring security leaks

by Steve Blum • , , , ,

Open source makes it harder to open doors.

The open source versus proprietary platform debate is moving into the home automation sector. Z-Wave is a proprietary protocol for wirelessly managing home devices, including locks, sensors and security cameras. It’s been hacked by two network security professionals who wanted to see if it’s really as secure as advertised.

It is and it isn’t.

Behrang Fouladi and Sahand Ghanoun took over a Z-Wave motion sensor using an idiot-simple trick – intercept a wireless command, record and replay it – and defeated a lock with only a little more effort. They didn’t say which one they electronically picked, but from the description I’d guess it was a Yale Z-Wave lock.

However, the exploit didn’t seem to rely on a vulnerability of the core Z-Wave protocol. Instead, it appears that the manufacturers were lazy in the way they implemented it. It’s hard to tell, though, because Z-Wave specs aren’t published.

Which is where the debate begins. Keeping the details as secret as possible means the bad guys have to sit patiently and take one guess after another as they try to crack the protocol. Which many are willing to do. Publishing the details – which doesn’t mean giving it away for free – gives the good guys a chance to comb through the code and find weak spots.

The classic example is proprietary Microsoft Windows versus open source Linux. Historically both have had vulnerabilities, but any problems with Linux have been quickly found and fixed, while Windows has fallen prey to countless attacks. The Linux community reliably treasures people who find problems and tell the world, Microsoft’s response is unpredictable.

The commercial advantage to a proprietary system is that the code is an asset and investing in developing and marketing it can bring a big return on investment – that’s how Bill Gates became the richest man on the planet. On the other hand, given an even start, open source operating systems can be quickly adopted and enthusiastically backed by manufacturers and services providers. That’s why Android is the world’s dominant smart phone platform.

Home automation has been held back by its reliance on proprietary technology and attempts at vertical control of the market. Removing the mystery and attaching familiar brand names will build consumer comfort and confidence, and reduce confusion. What this market sector needs is an open source platform nurtured by geeks and productised by mainstream manufacturers.

U.S. group drafting standards for industrial strength Internet

by Steve Blum • , , ,

Sorry. I thought you said the castanet of things.

The U.S. National Institute of Standards and Technology is coordinating an effort – with broad industry support – to create security and operating standards for industrial machine-to-machine (M2M) data communications.

There are already a couple of efforts underway amongst mobile carriers and equipment makers to standardise protocols for wireless segments of those networks. The expectation is that billions – 50 billion by 2020? – of devices will communicate directly back to the Internet of Things via mobile data modules.

But mobile standards are just one piece of the plumbing. A consortium of ten U.S. companies, including GE, AT&T, IBM and Cisco, is working with NIST to develop standards that will support interoperable M2M applications and services across all platforms and networks. As NIST’s S. Shyam Sunder explained in an interview with EE Times

The trick is to look at all these issues holistically rather than domain by domain,“ said Sunder in an interview with EE Times. ”This way, you wind up with common frameworks and don’t have to re-learn lessons of other domains.

The initial foundation for the work is a white paper published by GE last year. Broadly, it separates the Internet of Things into three broad categories: the things themselves, which can be as small as a nanobot or as big as a supertanker, the systems that people use to interact with or otherwise benefit from those things, and the analytical platforms that sit between the two.

The group very plainly sees this effort as an opportunity to gain a competitive advantage for the U.S. by being the first to develop and implement standards for the Internet of Things. The plan is to publish and test the first draft within a year.

M2M standards will unleash innovation

by Steve Blum • , ,

Bringing down the vertical market.

Machine-to-machine communication protocols are propriety, frequently established by low volume vertical applications that are bolted onto existing mobile networks. There’s no established way to make M2M equipment that can roam across a large ecosystem of different networks. But similar to the GSM and CDMA standards that were originally developed for voice, carriers are starting to group together, with four European carriers – Telecom Italia, Deutsche Telekom, Orange and TeliaSonera – forming the Global M2M Association (GMA) and a larger group – which includes NTT Docomo, SingTel, Telefonica, O2 and Optus – coalescing around a proprietary platform developed by Jasper Wireless.

A unified standard doesn’t need to emerge from the rival groups. Mobile equipment manufacturers can support two standards. In fact, they seem to like it that way. Having two viable alternatives can lead to healthy competition that keeps costs down and pressure on to continue to innovate.

Samsung, for example, isn’t happy with relying on Google’s Android operating system. Although Apple’s iOS gives consumers a choice, it doesn’t license it to other manufacturers. So Samsung is partnering with Intel and others to develop phones based on the Tizen OS.

In order for Ericsson’s expectation of 50 billion connected devices (or any of the other “billions and billions” predictions) to come true, manufacturers have to start knocking out M2M modules like popcorn. And they can’t do that in today’s fragmented, proprietary market.

Once operators start deploying infrastructure that supports either or both standards and seamless roaming becomes possible, expect to see a burst of new M2M products, applications and networks.

New M2M radio specs could challenge mobile networks

by Steve Blum • , , , ,

Wide area of possibilities.

Two new low power standards for wireless machine-to-machine (M2M) communications have been released in the past couple of weeks. The Zigbee Alliance and the Weightless special interest group have published specifications for wide area networking standards that address the low power, low bit rate needs of many M2M applications. Both are initially targeting the smart grid sector, which is growing rapidly as electricity providers deploy tools to intelligently manage power distribution systems in real time.

The new Zigbee IP specification is the more interesting of the two. As the name implies, traffic is transmitted over a Zigbee mesh using the IPv6 standard, which means it can flow directly onto the Internet or into a plain vanilla local area network, at speeds up to 250 Kbps. That’s plenty fast enough to handle the short bursts of data that are typical of M2M applications.

The range of a single radio varies, with 30 meters being a common limit for indoor applications and 100 meters or more outdoors. The maximum, albeit difficult to achieve, range is somewhere around 1,000 meters. But the mesh architecture means that data can be relayed from device to device, extending the practical range of a network within a building or over a large outdoor area. Those additional hops can slow the throughput rate way down, but we’re talking about numeric sensor readings, not streaming video.

The Weightless protocol has a longer theoretical range – 10 kilometers – and a wider selection of data rates – 1 Kbps to 10 Mbps – in its trade space. It relies on a hub architecture, with low power field devices communicating back to base stations, which then convert the traffic to IP and send it upstream. It uses TV whitespace spectrum, which partly accounts for the longer range, while Zigbee relies on common unlicensed spectrum, for example in the 900 MHz and 2.4 GHz bands.

The differences between the two standards should allow for reasonably peaceful coexistence, since each should eventually settle into separate market segments. Deployment on smart grids will be an early test of whether either are practical for wide area, outdoor applications. If so, M2M devices designed around relatively expensive commercial mobile data networks and technology will see serious competition.

FDA might tax and regulate mobile apps, but that’s not the worst part

by Steve Blum • , , ,

We’ll just do it the old fashioned way.

Medical applications are approved and regulated by the federal Food and Drug Administration (FDA). An agency representative [recently told a congressional committee](https://searchhealthit.techtarget.com/news/2240180401/Congress-explores-potential-regulation-of-mobile-health-apps) that rules regarding mobile medical apps are coming later this year.

Over the course of a week, three separate committees heard a wide range of helpful advice on how best to regulate, or not, mobile medical applications and devices. Taxes were also an issue. The Affordable Care Act – Obamacare – puts a 2.3% tax on medical devices. Depending on the circumstances, mobile medical applications could be hit. Most of those testifying believed it wouldn’t extend to smart phones and tablets that run the apps or to purchases from retail app stores. Not everyone was convinced, though.

The real problem isn’t regulation and taxes as such. It’s uncertainty over what the rules will be, how those rules will be enforced and how long it’s going to take to find out. At last fall’s MobileCon show, Eric Topol, a cardiologist at Scripps Translational Science Institute, said the FDA is a bottleneck for innovators.

Unregulated medical devices are potentially damaging. But so is a lack of innovation. And uncertainty makes or breaks innovation. Too much of it and entrepreneurs back off. It doesn’t matter if they’re uncertain about market share or technical brilliance or government regulation. Once enough uncertainty accumulates, the balance tips towards, say, the next Angry Birds. Stay within the comfort zone, though, and money, talent and energy goes to making healthier lives for everyone.

“We have some things today, but you have to think that in future years we’ll have some things are really incredible,” Topol said.

Health care driving mobile M2M traffic

by Steve Blum • , , , ,

Bits keep you fit.

Some time this year, we’ll hit the point where there are more connected devices on mobile networks than there are people on the planet. That doesn’t mean everyone everywhere will have a smartphone. A lot of people have more than one device, of course. And a growing share of those connections don’t involve human beings at all.

According to a report on worldwide mobile data traffic just released by Cisco, 369 million machine-to-machine (M2M) devices accounted for 3% of global traffic last year. By 2017, the total will climb to 1.7 billion and generate 5% of mobile data traffic around the world, an annual traffic growth rate of 89%.

Health care is the fastest growing segment of the M2M data market. Cisco’s prediction is that it’ll grow 74% per year for the next five years, driven by bandwidth intensive applications deployed to hospitals as well as directly with patients.

Equipment manufacturers are even more bullish in their predictions. Qualcomm, in particular, aims to drive growth in M2M chip sales by providing support to health care related ventures. Either way, though, it’s a huge new market for both hardware and services, with the number of devices in use growing 36% per year for the next five years, according to Cisco’s forecast.

Overall, M2M products are becoming more sophisticated, with the average device generating 64 Mbps per month in mobile traffic, a figured expected to grow to 330 Mbps in 2017. Asia will generate the highest volume of traffic by then, but Europe is predicted to have the fastest rate of growth.