The Internet of Things (IoT) can be a network of connected convenience but this should not come at the expense of safeguarding your privacy and the personal data that connected devices collect and share.
This presentation contains an overview about the hot topics internet of things.
Presentation contins an intro to the modern embedded systems industry with simple technical concepts
Microsoft Azure-powered IoT & AI Solution To Help FarmerAndri Yadi
This deck is presented during my speaking in Microsoft's //DevCon / Digital Economy Summit, Jakarta, Feb 27, 2020, which was one of a kind event since it was attended by Mr. Satya Nadella (CEO of Microsoft) and Mr. Joko Widodo (President of Indonesia). I shared about how Azure can power SMARTernak - a livestock-farming assistance platform - to help farmers.
Wearable computers are computers that are worn on the body and are useful for tasks that require hands-free computing. They have features like consistency and allowing for multitasking. Examples include early pocket watches, hidden computers used to predict roulette, and devices like eyeglasses and gloves that allow for computer control and display. Wearable computers have applications for jobs requiring mobility and notetaking and advantages like enhanced communication and assisting with daily tasks and jobs like surgery. However, wearable computers also have disadvantages like being heavy, expensive, and potentially causing side effects like headaches.
IEEE CS Phoenix - Internet of Things Innovations & Megatrends Update 12/12/18Mark Goldstein
Mark Goldstein, President of International Research Center explored the next Internet wave, the Internet of Things (IoT), expected to connect tens of billions of new sensors and devices in the coming years. Waves of change will roll through home, business, government, industrial, medical, transportation, and other complex ecosystems. Mark examined how IoT will be implemented and monetized creating new business models from pervasive sensor deployments and data gathering, accompanied by new privacy and security risks. Explore IoT’s roadblocks and operational challenges, emerging standards and protocols, gateway and wireless integration, and big data strategies and opportunities in this presentation.
The document discusses the Internet of Things (IoT). It defines IoT as connecting physical objects through sensors and software to enable the collection and exchange of data. This allows objects to be more integrated and provide more value through services. The number of connected devices is growing rapidly and transforming many industries. Key drivers include lower costs of sensors, processing power, and connectivity. Common applications discussed include smart homes, cities, healthcare, and industrial uses. The document also examines how IoT is changing business models to focus on services and recurring revenue through data and connectivity between products.
This presentation contains an overview about the hot topics internet of things.
Presentation contins an intro to the modern embedded systems industry with simple technical concepts
Microsoft Azure-powered IoT & AI Solution To Help FarmerAndri Yadi
This deck is presented during my speaking in Microsoft's //DevCon / Digital Economy Summit, Jakarta, Feb 27, 2020, which was one of a kind event since it was attended by Mr. Satya Nadella (CEO of Microsoft) and Mr. Joko Widodo (President of Indonesia). I shared about how Azure can power SMARTernak - a livestock-farming assistance platform - to help farmers.
Wearable computers are computers that are worn on the body and are useful for tasks that require hands-free computing. They have features like consistency and allowing for multitasking. Examples include early pocket watches, hidden computers used to predict roulette, and devices like eyeglasses and gloves that allow for computer control and display. Wearable computers have applications for jobs requiring mobility and notetaking and advantages like enhanced communication and assisting with daily tasks and jobs like surgery. However, wearable computers also have disadvantages like being heavy, expensive, and potentially causing side effects like headaches.
IEEE CS Phoenix - Internet of Things Innovations & Megatrends Update 12/12/18Mark Goldstein
Mark Goldstein, President of International Research Center explored the next Internet wave, the Internet of Things (IoT), expected to connect tens of billions of new sensors and devices in the coming years. Waves of change will roll through home, business, government, industrial, medical, transportation, and other complex ecosystems. Mark examined how IoT will be implemented and monetized creating new business models from pervasive sensor deployments and data gathering, accompanied by new privacy and security risks. Explore IoT’s roadblocks and operational challenges, emerging standards and protocols, gateway and wireless integration, and big data strategies and opportunities in this presentation.
The document discusses the Internet of Things (IoT). It defines IoT as connecting physical objects through sensors and software to enable the collection and exchange of data. This allows objects to be more integrated and provide more value through services. The number of connected devices is growing rapidly and transforming many industries. Key drivers include lower costs of sensors, processing power, and connectivity. Common applications discussed include smart homes, cities, healthcare, and industrial uses. The document also examines how IoT is changing business models to focus on services and recurring revenue through data and connectivity between products.
The document discusses wearable computers. It defines wearable computers as small, portable computers designed to be worn on the body during use. It describes the key characteristics of wearable computers including being unmonopolizing, unrestrictive, observable, controllable, attentive, and communicative. The document outlines examples of wearable computers and their applications in fields like military, medical, and more. It discusses both the advantages of increased mobility, connectivity, and efficiency as well as disadvantages such as potential heaviness, expense, and privacy concerns.
Anti-Theft Protection of Vehicle by GSM & GPS with Fingerprint VerificationIJAEMSJORNAL
This paper focuses on preventing car theft using microcontrollers and GSM modules. We are generating the results with better accuracy and proficiency. It can be helpful to those people who want better and more advanced security in their vehicle.
The document discusses wearable computing. It begins with an introduction and overview of wearable computers and then discusses their history, aims, features, implementation, applications, advantages, and disadvantages. Key points include that wearable computers are portable devices that can be worn and allow hands-free use. They are integrated into everyday objects like watches. The document discusses examples of early wearable devices and outlines common components of wearable computers like input and output devices. It provides examples of uses in military and healthcare applications. The conclusion discusses challenges to wider adoption of wearable computers.
The document discusses the history and features of wearable computers. It describes how wearable computers evolved from analog computers in the 1960s to devices like smartwatches and augmented reality systems today. The key aspects are that wearable computers are always accessible, allow multitasking even during physical activities, and are designed to be worn comfortably while maintaining full computer functionality. Examples mentioned include early prototypes and current commercial devices like Motorola's wearable PC and Pranav Mistry's Sixth Sense system.
Global Azure Bootcamp 2018 - Azure IoT CentralAndri Yadi
The deck I presented when talking about Azure IoT Central during Global Azure Bootcamp 2018, in Bandung city, Indonesia.
I should have uploaded this on last March 2018. Usual, lot of works. So, some info in this deck may change and some code referred may be deprecated. But the concept still should be relevant.
This document describes the design and implementation of a smartwatch prototype using inexpensive, commonly available components. Key features included are a touchscreen LCD for display and input, Bluetooth module for communication with a smartphone, and a wireless charging system for the battery. The prototype demonstrates the integration of these technologies and serves as a proof of concept for a basic smartwatch. Challenges encountered included inefficient screen updates, modifying Bluetooth code for notifications, and addressing differences in the charging module and Arduino voltages. The completed prototype functions as a basic smartwatch, displaying time and notifications from a paired phone.
The Cicret Bracelet is a projected to be a wrist-worn device that projects a touchscreen interface onto the user's forearm, allowing them to control their smartphone without taking it out. It uses a pico projector and sensors to project the phone's screen and detect touch input. The founders are a four person French team seeking funding to develop a working prototype. While still in development, the bracelet aims to offer smartphone-like functionality through hand gestures on one's forearm such as reading emails, playing games, and taking calls.
50 Connected Devices - How Mobile and the Internet of Things Will Affect YouApteligent
What happens when everything we touch is connected to the Internet? Welcome to the Internet of Things (IoT). At Crittercism, we live and breathe mobile. Browse this presentation to learn about the connected devices all around you – in your pocket, on your kitchen counter, in your backyard.
Want to learn more about how Crittercism can help your connected devices and IoT strategy? Visit http://bit.ly/OptimizeIoT today
Wearable technology is developing rapidly and will see mainstream adoption in the next five years. It will help record our surroundings, nudge us to action, communicate information between people, control our environments, and reflect our well-being. Key drivers are the evolution of interfaces, sensors, algorithms and free communication across devices. Wearables can introduce technology into new environments and enable hands-free access to information for workers. Main applications areas are healthcare, fitness/activity tracking, and industrial uses. Challenges include uncomfortable designs, clunky interfaces, and reliable network connectivity.
The document discusses various Internet of Things devices including smart forks, cups, toothbrushes, egg trays, propane tanks, glucose monitors, washing machines, piggy banks, hydroponic systems, sprinkler controls, arcade machines, home security systems, pet games, lighting, sensors, air conditioners, insoles, sleep systems, planes, mirrors, tennis rackets, bikes, garbage cans, cooking assistants, pet feeders, gardening tools, cardio monitors, door locks, gesture controls, socks, sleep trackers, sports lights, and smart shirts that monitor health metrics. Many of these smart devices connect to smartphone apps to provide remote monitoring and control.
Wearable computers are computers that can be worn on the body, ranging from small wrist-mounted devices to bulky head-mounted displays. They provide computational support to users even when hands or attention are engaged elsewhere. Wearable computers have evolved over decades of research and development at institutions like MIT and now support applications like augmented memory, visual filtering, and gaming through body sensors. While offering portability and hands-free use, wearable computers also face limitations such as weight, cost, discomfort, and potential health effects or data privacy issues if lost or stolen.
The document summarizes a seminar on wearable computing presented by Shradha Maheshwari. Some key points covered include:
- Wearable computers are small, portable computers designed to be worn on the body during use and are usually integrated into clothing or accessories like wristbands.
- They aim to adapt to the user's needs rather than requiring the user to adapt, allow for continual accessibility, and have "always on" capability.
- Components include human-computer interfaces, networks to connect parts and the external world, and display systems like head-mounted displays or earpieces.
- Challenges include limited power, networking and privacy constraints, as well as developing effective
This document discusses wearable computing devices. It defines wearable computing as devices worn by users to facilitate constant human-computer interaction. It then covers types of wearable devices, latest developments in the field from companies like Google and LG, major application areas like augmented reality and navigation, growth projections, and future opportunities in sectors such as health, military, and entertainment.
IRJET- Smart, Secured and Solace Luggage Bag using Internet of Things and Com...IRJET Journal
This document describes the design of a smart, secure, and tracked luggage bag system using Internet of Things technologies and computer vision. The system allows users to track their luggage bag in real-time using an Android application. It also uses facial recognition technology for bag locking/unlocking. When an unauthorized person tries to access the bag, an alert is sent to the owner. The bag's movement is also controlled through the Android app and motors connected to a Raspberry Pi. The system provides security, real-time tracking and automated control of luggage bags.
IRJET- Gesture Controlled Gloves for Gaming and Power Point Presentation ControlIRJET Journal
This document describes a glove-based gesture control system for controlling presentations and gaming using hand gestures. The system uses flex sensors on a glove to detect finger bending gestures. The flex sensor values are sent wirelessly via Zigbee to a receiving computer where the gestures control a PowerPoint presentation by advancing slides, changing screens, or exiting. The same gestures could also control gaming functions like moving characters. The system aims to provide more natural human-computer interaction compared to traditional input devices like mice or remotes. It has applications for presentations, gaming, and could expand to other uses like medical procedures or robot control.
The document discusses Internet of Things (IoT). It defines IoT as physical devices embedded with electronics, software and sensors that can connect and exchange data. It notes that the number of IoT devices increased 31% to 8.4 billion in 2017. Common IoT applications discussed include smart homes, smart traffic/parking systems, smart farming, and more. Key IoT sensors like temperature, presence, pressure, water quality and smoke sensors are also explained.
This document describes a mobile app called the Women Security App developed by a group of students to help ensure women's safety. The app allows a user to save their contact details and then activate a "widget" that can instantly alert contacts and share the user's location if they feel unsafe. It also records audio from the user's surroundings and sends the recording along with a text message and GPS coordinates to the designated contact. The app aims to help women get assistance quickly in dangerous situations.
The document discusses the Internet of Things (IoT). It defines IoT as a network of physical objects embedded with software and sensors that allows them to connect, collect data and exchange information. The key components of an IoT framework are sensors/devices, connectivity, data processing, and a user interface. Some applications of IoT include smart thermostats, connected cars, and activity trackers. Benefits include technical optimization, improved data collection, reduced waste and better customer engagement, while challenges are security, privacy and complexity.
The document discusses emerging global trends in the Internet of Things (IoT). It begins with an introduction to IoT, defining it as a system of interconnected computing devices, objects, and people that can transfer data over a network. It then covers the benefits of IoT for organizations, some example applications and use cases, and challenges associated with IoT. The document concludes by outlining several top IoT technologies and trends, such as the increasing role of artificial intelligence and a shift from centralized cloud architectures to distributed edge computing.
The document discusses wearable computers. It defines wearable computers as small, portable computers designed to be worn on the body during use. It describes the key characteristics of wearable computers including being unmonopolizing, unrestrictive, observable, controllable, attentive, and communicative. The document outlines examples of wearable computers and their applications in fields like military, medical, and more. It discusses both the advantages of increased mobility, connectivity, and efficiency as well as disadvantages such as potential heaviness, expense, and privacy concerns.
Anti-Theft Protection of Vehicle by GSM & GPS with Fingerprint VerificationIJAEMSJORNAL
This paper focuses on preventing car theft using microcontrollers and GSM modules. We are generating the results with better accuracy and proficiency. It can be helpful to those people who want better and more advanced security in their vehicle.
The document discusses wearable computing. It begins with an introduction and overview of wearable computers and then discusses their history, aims, features, implementation, applications, advantages, and disadvantages. Key points include that wearable computers are portable devices that can be worn and allow hands-free use. They are integrated into everyday objects like watches. The document discusses examples of early wearable devices and outlines common components of wearable computers like input and output devices. It provides examples of uses in military and healthcare applications. The conclusion discusses challenges to wider adoption of wearable computers.
The document discusses the history and features of wearable computers. It describes how wearable computers evolved from analog computers in the 1960s to devices like smartwatches and augmented reality systems today. The key aspects are that wearable computers are always accessible, allow multitasking even during physical activities, and are designed to be worn comfortably while maintaining full computer functionality. Examples mentioned include early prototypes and current commercial devices like Motorola's wearable PC and Pranav Mistry's Sixth Sense system.
Global Azure Bootcamp 2018 - Azure IoT CentralAndri Yadi
The deck I presented when talking about Azure IoT Central during Global Azure Bootcamp 2018, in Bandung city, Indonesia.
I should have uploaded this on last March 2018. Usual, lot of works. So, some info in this deck may change and some code referred may be deprecated. But the concept still should be relevant.
This document describes the design and implementation of a smartwatch prototype using inexpensive, commonly available components. Key features included are a touchscreen LCD for display and input, Bluetooth module for communication with a smartphone, and a wireless charging system for the battery. The prototype demonstrates the integration of these technologies and serves as a proof of concept for a basic smartwatch. Challenges encountered included inefficient screen updates, modifying Bluetooth code for notifications, and addressing differences in the charging module and Arduino voltages. The completed prototype functions as a basic smartwatch, displaying time and notifications from a paired phone.
The Cicret Bracelet is a projected to be a wrist-worn device that projects a touchscreen interface onto the user's forearm, allowing them to control their smartphone without taking it out. It uses a pico projector and sensors to project the phone's screen and detect touch input. The founders are a four person French team seeking funding to develop a working prototype. While still in development, the bracelet aims to offer smartphone-like functionality through hand gestures on one's forearm such as reading emails, playing games, and taking calls.
50 Connected Devices - How Mobile and the Internet of Things Will Affect YouApteligent
What happens when everything we touch is connected to the Internet? Welcome to the Internet of Things (IoT). At Crittercism, we live and breathe mobile. Browse this presentation to learn about the connected devices all around you – in your pocket, on your kitchen counter, in your backyard.
Want to learn more about how Crittercism can help your connected devices and IoT strategy? Visit http://bit.ly/OptimizeIoT today
Wearable technology is developing rapidly and will see mainstream adoption in the next five years. It will help record our surroundings, nudge us to action, communicate information between people, control our environments, and reflect our well-being. Key drivers are the evolution of interfaces, sensors, algorithms and free communication across devices. Wearables can introduce technology into new environments and enable hands-free access to information for workers. Main applications areas are healthcare, fitness/activity tracking, and industrial uses. Challenges include uncomfortable designs, clunky interfaces, and reliable network connectivity.
The document discusses various Internet of Things devices including smart forks, cups, toothbrushes, egg trays, propane tanks, glucose monitors, washing machines, piggy banks, hydroponic systems, sprinkler controls, arcade machines, home security systems, pet games, lighting, sensors, air conditioners, insoles, sleep systems, planes, mirrors, tennis rackets, bikes, garbage cans, cooking assistants, pet feeders, gardening tools, cardio monitors, door locks, gesture controls, socks, sleep trackers, sports lights, and smart shirts that monitor health metrics. Many of these smart devices connect to smartphone apps to provide remote monitoring and control.
Wearable computers are computers that can be worn on the body, ranging from small wrist-mounted devices to bulky head-mounted displays. They provide computational support to users even when hands or attention are engaged elsewhere. Wearable computers have evolved over decades of research and development at institutions like MIT and now support applications like augmented memory, visual filtering, and gaming through body sensors. While offering portability and hands-free use, wearable computers also face limitations such as weight, cost, discomfort, and potential health effects or data privacy issues if lost or stolen.
The document summarizes a seminar on wearable computing presented by Shradha Maheshwari. Some key points covered include:
- Wearable computers are small, portable computers designed to be worn on the body during use and are usually integrated into clothing or accessories like wristbands.
- They aim to adapt to the user's needs rather than requiring the user to adapt, allow for continual accessibility, and have "always on" capability.
- Components include human-computer interfaces, networks to connect parts and the external world, and display systems like head-mounted displays or earpieces.
- Challenges include limited power, networking and privacy constraints, as well as developing effective
This document discusses wearable computing devices. It defines wearable computing as devices worn by users to facilitate constant human-computer interaction. It then covers types of wearable devices, latest developments in the field from companies like Google and LG, major application areas like augmented reality and navigation, growth projections, and future opportunities in sectors such as health, military, and entertainment.
IRJET- Smart, Secured and Solace Luggage Bag using Internet of Things and Com...IRJET Journal
This document describes the design of a smart, secure, and tracked luggage bag system using Internet of Things technologies and computer vision. The system allows users to track their luggage bag in real-time using an Android application. It also uses facial recognition technology for bag locking/unlocking. When an unauthorized person tries to access the bag, an alert is sent to the owner. The bag's movement is also controlled through the Android app and motors connected to a Raspberry Pi. The system provides security, real-time tracking and automated control of luggage bags.
IRJET- Gesture Controlled Gloves for Gaming and Power Point Presentation ControlIRJET Journal
This document describes a glove-based gesture control system for controlling presentations and gaming using hand gestures. The system uses flex sensors on a glove to detect finger bending gestures. The flex sensor values are sent wirelessly via Zigbee to a receiving computer where the gestures control a PowerPoint presentation by advancing slides, changing screens, or exiting. The same gestures could also control gaming functions like moving characters. The system aims to provide more natural human-computer interaction compared to traditional input devices like mice or remotes. It has applications for presentations, gaming, and could expand to other uses like medical procedures or robot control.
The document discusses Internet of Things (IoT). It defines IoT as physical devices embedded with electronics, software and sensors that can connect and exchange data. It notes that the number of IoT devices increased 31% to 8.4 billion in 2017. Common IoT applications discussed include smart homes, smart traffic/parking systems, smart farming, and more. Key IoT sensors like temperature, presence, pressure, water quality and smoke sensors are also explained.
This document describes a mobile app called the Women Security App developed by a group of students to help ensure women's safety. The app allows a user to save their contact details and then activate a "widget" that can instantly alert contacts and share the user's location if they feel unsafe. It also records audio from the user's surroundings and sends the recording along with a text message and GPS coordinates to the designated contact. The app aims to help women get assistance quickly in dangerous situations.
The document discusses the Internet of Things (IoT). It defines IoT as a network of physical objects embedded with software and sensors that allows them to connect, collect data and exchange information. The key components of an IoT framework are sensors/devices, connectivity, data processing, and a user interface. Some applications of IoT include smart thermostats, connected cars, and activity trackers. Benefits include technical optimization, improved data collection, reduced waste and better customer engagement, while challenges are security, privacy and complexity.
The document discusses emerging global trends in the Internet of Things (IoT). It begins with an introduction to IoT, defining it as a system of interconnected computing devices, objects, and people that can transfer data over a network. It then covers the benefits of IoT for organizations, some example applications and use cases, and challenges associated with IoT. The document concludes by outlining several top IoT technologies and trends, such as the increasing role of artificial intelligence and a shift from centralized cloud architectures to distributed edge computing.
The document discusses emerging global trends in the Internet of Things (IoT). It begins with an introduction to IoT, defining it as a system of interconnected computing devices, objects, and people that can transfer data over a network. It then covers the benefits of IoT for organizations, some example applications and use cases, and the key technologies and trends driving IoT adoption, including artificial intelligence, edge computing, and 5G networks. The document concludes with discussions of smart farming and industrial IoT applications.
The document discusses emerging global trends in the Internet of Things (IoT). It begins with an introduction to IoT, defining it as a system of interconnected computing devices, objects, and people that can transfer data over a network. It then covers the benefits of IoT for organizations, some example applications and use cases, and challenges with IoT implementation. The document concludes by outlining the top 10 strategic IoT technologies and trends according to Gartner, including the increasing role of artificial intelligence and a shift from centralized cloud architectures to distributed edge computing.
This a IOT base ppt slide. It's more describe IOT system history and IOt devices . And also given most valuable and relevant information about IOT and devices.
The document discusses topics related to Internet of Things (IoT) and machine learning, including:
- Definitions and brief history of IoT and how it works by connecting devices to the cloud.
- Examples of common IoT applications and devices in various industries.
- The relationship between machine learning and IoT, where machine learning is used to analyze vast amounts of data collected by IoT sensors.
- Popular tools and platforms for developing IoT and machine learning solutions, along with online courses for further learning.
- Predictions about the growing role of IoT and technologies like 5G, artificial intelligence, and smart cities in the future.
Internet of Things, Examples and IssuesIRJET Journal
This document discusses Internet of Things (IoT), providing examples and issues. It begins by defining IoT and how it is connecting more things like home appliances and facilitating data sharing. Three levels of IoT are mentioned. Examples given include using sensors to optimize fleet management and infrastructure maintenance. However, IoT also poses privacy and security risks if devices are hacked. The document advocates for putting security measures in place to protect IoT devices and users' personal data and control over their information.
This document discusses the emerging field of ambient computing, which involves ubiquitous sensors, wireless connectivity, powerful microchips, and advanced analytics that are reshaping public and private spaces. It describes how ambient computing systems can continuously collect data about people and environments and use analytics to generate contextual information in real-time. Key aspects discussed include the layered ambient computing technology stack, the importance of APIs for combining different data sources, and how low-cost sensor networks coupled with cloud-based analytics can provide real-time decision making capabilities.
The document discusses the Internet of Things (IoT) in 3 paragraphs:
1) It defines IoT as connecting physical devices to the Internet and using sensors to collect data and turn it into useful insights. This creates new opportunities for businesses and economies.
2) IoT is enabling disruptive changes across industries through technologies like the Industrial Internet which combines machines, analytics and insights.
3) Popular IoT applications include home automation, healthcare devices, smart cities infrastructure, and banking solutions, though security is a major concern that developers must address.
IRJET- A Survey on Child Safety & Tracking Management SystemIRJET Journal
This document summarizes a research paper on a child safety and tracking management system using mobile phones. The system allows parents to monitor their child's location in real-time using GPS and set up geographical boundaries. It also allows children to send emergency SMS messages with their location if needed. The system is designed as an Android application to take advantage of the GPS, geo-fencing, and SMS capabilities on Android phones. It aims to help parents keep their children safe by knowing their locations and setting alerts if they leave approved areas.
Internet of Things- Remote Desktop & Wireless HibernationIRJET Journal
This document discusses the Internet of Things (IoT) and provides an overview of key concepts. It begins with defining IoT as the network of physical devices connected through sensors and electronics to collect and exchange data. By 2020, it is expected that there will be almost 50 billion active IoT devices. The document then discusses enabling technologies for IoT like short-range wireless technologies (e.g. Bluetooth, NFC, RFID) and long-range wireless technologies (e.g. LPWAN, VSAT). It also outlines the basic components and working of IoT including sensors, gateways, cloud infrastructure, and mobile apps. Potential advantages like automation, monitoring, cost savings, and time savings are highlighted.
The document discusses the Internet of Things (IoT), including its history, components, applications, advantages, and disadvantages. It provides examples of real-time IoT devices and discusses how IoT will affect business and work. The main applications of IoT discussed are smart homes, wearables, smart cities, smart grids, industrial internet, connected cars, connected health, smart retail, smart supply chains, and smart farming. The document concludes that while IoT has security and privacy disadvantages, its advantages of saving time and money will lead to its increased common use in households and companies.
The emerging global trends in IoT are discussed in this presentation. We also look at various other trends in IoT which is now a very common factor that is being used all over the globe
Introduction We live in a world where smart technology.pdfbkbk37
This document discusses smart building subsystems and a proposed smart fire and gas detection system. It describes smart lighting, security, and proposed hardware for a gas and fire detection system using an Arduino microcontroller. The proposed system would use gas and flame sensors to detect risks, and the Arduino would signal a mobile phone using a relay module to warn occupants if sensors are activated. The document provides details on proposed components like the MQ-6 gas sensor and requirements for smart subsystems like lighting and security.
This document discusses applications of cloud computing and the internet of things (IOT). It provides examples of how cloud computing can quickly deploy and scale web/mobile applications, develop applications in a cost effective way, store and backup large amounts of data, make informed decisions using AI/ML, and stream audio/video. IOT connects physical devices to exchange data, and examples given include smart toothbrushes and digital assistants. Applications of IOT discussed are smart cities using technology for sustainable development, smart homes controlling appliances remotely, and wearable devices like smartwatches collecting health/fitness data.
This document provides an overview of the Internet of Things (IoT), including its history, applications, trends, architecture, and future. It discusses how the IoT has evolved from early concepts in the 1980s and 1990s to a vision of billions of devices connected by 2020. Key topics covered include smart home and city applications, addressing and networking challenges, the need for standards and frameworks, and the complexities of developing intelligent and autonomous IoT systems at large scales.
Sageer Mohammad is a robotics and embedded systems engineer who works with internet of things technologies. His document discusses 10 potential markets for IoT including automation, asset tracking, traffic management, and smart homes/cities. It also lists 9 common IoT use cases such as remote monitoring and control, process optimization, resource allocation, and context-aware decision making between connected devices and infrastructure. The document provides an overview of how adding computing and connectivity to everyday objects through embedded systems can make them "smart" and able to communicate over the internet to improve various industries and lives.
IRJET - Research and Analysis of Smart MirrorIRJET Journal
The document discusses the design and development of a smart mirror. It describes how a Raspberry Pi can be used along with sensors, a monitor, and internet connectivity to create an interactive mirror that displays useful information to users like time, weather, news, and allows control through voice commands. The paper also reviews several other smart mirror projects and discusses potential future applications and improvements.
Raspberry Pi Augmentation: A Cost Effective Solution To Google GlassIRJET Journal
This document proposes a cost-effective augmented reality system using a Raspberry Pi. The system includes a Raspberry Pi, camera module, augmented reality display through a semi-transparent mirror, and intelligent user interface using Amazon Alexa for voice commands. The system is designed to be worn on a head-mounted frame. It acquires visual data from the environment using the camera and processes it to provide real-time information to the user through the augmented reality display or voice responses. The goal is to create an affordable augmented reality solution that serves as a portable computer and human enhancement through voice interaction and visual processing.
Similar to IoT and Privacy by Design in the Smart Home (20)
Quasar, Sobaken, and Vermin: A deeper look into an ongoing espionage campaignESET Middle East
Using remote access tools Quasar, Sobaken and Vermin, cybercriminals have been systematically spying on Ukrainian government institutions and exfiltrating data from their systems.
The threat actors, first mentioned in a report from January 2018 and tracked by ESET since mid-2017, continue to develop new versions of their stealthy malware.
In this white paper, we take a closer look at this ongoing campaign. We provide further details on the malware used to compromise victims’ systems and on the payloads installed on compromised systems, and describe the various methods the attackers use to distribute and target their malware while avoiding detection
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
The document examines major software vulnerabilities and exploits from 2017-2018, including EternalBlue, WannaCryptor, CoinMiner, Diskcoder (aka Petya), and Meltdown/Spectre. It discusses how the number of reported vulnerabilities reached a historic peak in 2017, with the number of high severity vulnerabilities increasing by 68% from 2016. Exploits like EternalBlue were utilized by ransomware like WannaCryptor to devastating effect by taking advantage of vulnerabilities in older, unpatched systems. The risk posed by vulnerabilities underscores the need for multilayered endpoint security through timely patching and protection layers.
ESET Technology: The multi-layered approach and its effectivenessESET Middle East
ESET uses a multi-layered approach to security that provides protection at various stages of a threat's lifecycle. Some key layers include UEFI Scanner which protects the pre-boot environment, DNA Detections which identify malware based on behavioral genes, machine learning algorithms which help detect both known and unknown malware, ESET LiveGrid which shares threat data in real-time with other users, and a multi-layered approach combining multiple detection techniques to stop threats throughout their lifecycle. This multi-layered approach is necessary to effectively protect against modern threats that constantly evolve and employ evasion techniques against single-layer defenses.
ESET’s guide to deobfuscating and devirtualizing FinFisherESET Middle East
To help malware analysts and security researchers overcome FinFisher’s advanced anti-disassembly obfuscation and virtualization features, ESET researchers have framed some clever tricks into a whitepaper.
Cybersecurity Trends 2018: The costs of connectionESET Middle East
To help the reader navigate through the maze of current threats, ESET’s thought leaders have zeroed in on several areas that top the priority list in our exercise in looking forward.
Our deep dive into OceanLotus’s latest marauding campaigns shows that the group isn’t letting up in its efforts and combines legitimate code and publicly available tools with its own harmful creations.
Building a Raspberry Pi Robot with Dot NET 8, Blazor and SignalRPeter Gallagher
In this session delivered at NDC Oslo 2024, I talk about how you can control a 3D printed Robot Arm with a Raspberry Pi, .NET 8, Blazor and SignalR.
I also show how you can use a Unity app on an Meta Quest 3 to control the arm VR too.
You can find the GitHub repo and workshop instructions here;
https://bit.ly/dotnetrobotgithub
Google Calendar is a versatile tool that allows users to manage their schedules and events effectively. With Google Calendar, you can create and organize calendars, set reminders for important events, and share your calendars with others. It also provides features like creating events, inviting attendees, and accessing your calendar from mobile devices. Additionally, Google Calendar allows you to embed calendars in websites or platforms like SlideShare, making it easier for others to view and interact with your schedules.
2. The Internet of Things - 2 -
CONTENTS
1. ABOUT THE INTERNET OF THINGS . . . . . . . . . . . . . . . . . 2
2. THE SMART HOME . . . . . . . . . . . . . . . . . . . . . . . 3
3. THE PRIVACY POLICY AND DATA CAPTURE . . . . . . . . . . . . . 5
4. VULNERABLE DEVICES . . . . . . . . . . . . . . . . . . . . . 5
5. PRIVACY – THE BIG CONCERN . . . . . . . . . . . . . . . . . . 6
6. THE IOT DEVICES IN OUR BASIC SMART HOME . . . . . . . . . . . . 7
a. Amazon Echo (2nd Generation) . . . . . . . . . . . . . . . . 7
b. D-Link . . . . . . . . . . . . . . . . . . . . . . . . . 8
DCH-G020 Connected Home Hub . . . . . . . . . . . . . . 8
DCH-S150 Motion Sensor . . . . . . . . . . . . . . . . . 8
DCS-935L Camera . . . . . . . . . . . . . . . . . . . 9
DCS-2132L Camera . . . . . . . . . . . . . . . . . . . 9
c. NETAMTO Weather Station . . . . . . . . . . . . . . . . . 10
d. Nokia Health . . . . . . . . . . . . . . . . . . . . . . 11
Nokia Health Body+ Scale . . . . . . . . . . . . . . . . 11
Nokia Health Body Cardio Scale . . . . . . . . . . . . . . 11
e. Sonos PLAY:1 Speaker . . . . . . . . . . . . . . . . . . . 14
f. Wörlein –Soundmaster Internet Radio IR4000SW . . . . . . . . . 15
g. TP Link Smart Plug HS110 . . . . . . . . . . . . . . . . . . 16
7. CONCLUSION – IS IT SAFE? . . . . . . . . . . . . . . . . . . . 18
1. ABOUT THE INTERNET OF
THINGS
The Internet of Things (IoT) has become a globally recognized term in
workplaces and homes, and in a literal sense could be used to describe
anything that is connected to the internet. However, if you ask what sort of
devices are included in the IoT, then you are likely to get differing answers
with respondents describing the devices they have come into contact with,
or know about. This can include everything from cell phones, smart bulbs,
fitness trackers, smart speakers and dishwashers, all the way to water
quality sensors in pumping stations.
When predictions on the proliferation of IoT devices started to emerge,
we heard huge numbers from analysts. 50 billion by 2020 was the number
quoted in a presentation by Ericsson’s former CEO Hans Vestberg in 2010.
Eight years later the initial hype around the industry sector has subsided
and the numbers cited are more conservative. Today, Ericsson offers a
more nuanced view, estimating that around 29 billion connected devices are
forecast by 2022, of which around 18 billion will be related to IoT.
While the numbers game will remain ongoing, what is certain is that many
of these devices will be consumer gadgets which may bring numerous
benefits to households, but may also threaten consumers’ privacy and
security. The sensors packed into Smart Home products – with their
microphones, cameras, interface with GPS, not to mention interoperability
– are juicy targets for malware attacks. By gaining control over these
devices, cybercriminals can not only attack other devices on a user’s
network but also spy and gather sensitive and personal data.
A team of enthusiastic researchers at ESET has investigated some
these popular IoT devices such as cameras, scales, sensors and home
management systems. This white paper details the research they carried
out and looks specifically at privacy concerns relating to the creation of a
3. The Internet of Things - 3 -
basic smart home. Where obvious issues relating to a specific device have
been found we do, of course, mention them.
As there is no widely agreed definition of what constitutes a ‘smart home’,
we decided to focus our attention, for this white paper, only on IoT devices
apparently aimed primarily at the consumer market.
Arguably, a truly smart home would require a major remodel and
significant initial financial commitment to create an intuitive and
automatic environment that anticipates and adapts to the changing
lifestyle of the occupants in real time. The attraction for consumers is to
save energy and long-term expenditure while increasing comfort and
convenience.
Alas, this is probably a commitment out of reach for many, or at least for
today. The smart home for most of us will be a small foray into the world
of IoT, with a limited number of well-placed devices that add convenience,
comfort or novelty. One of the challenges facing even the most basic
implementation of a smart home is interoperability between devices from
different manufacturers to provide a harmonious, unified experience.
Each device provides a feature set designed to inform us about our
activities or enables us to perform an activity. There are, or should
be, concerns about the risks to individuals that arise from possibly
inadvertently or inappropriately sharing data about personal movement
or lifestyle. The sheer volume of such data shared nowadays fully justifies
these concerns.
A single device risk was highlighted recently by Nathan Ruser, a 20 year
old Australian university student who is studying international security
at the Australian National University. In a tweet on January 27, 2018, Ruser
highlighted an operational security issue for military personnel using a
fitness app from Strava. The app uses GPS location in cell phones to track
routes for jogging, cycling or other fitness activities. By default, users
allow anonymized sharing of their data so that Strava can produce a
heatmap showing popular routes. The example highlighted by Ruser was
the Bagram Air Base in Afghanistan, showing the regular jogging routes
used by US military personnel stationed there. This is a good example of a
popular app collecting data and aggregating it to produce some useful and
very cool output, but in this case raising obvious security issues. Attempting
to find a route to jog when away from home is now simple, but the
consequences to security and privacy are not immediately apparent.
2. THE SMART HOME
Each ‘thing’ in the term ‘Internet of Things’ refers to a device, and there
are many types of connectable device, from cameras, scales, sensors, and
home management systems, all the way to heart monitoring implants to
cars or sensors monitoring livestock. The opportunities for interconnection
are endless. For example, San Jose, California, has committed to creating a
smart city that they claim will deliver the safest and most inclusive, user-
friendly environment for its residents. The project promises to use an IoT
platform employing transit vehicles and an infrastructure of smart sensor
technologies to improve safety, mobility and optimization of the transit
system.
Science fiction writers once envisioned a world regulated via the
interconnected devices used in everyday life. Today such a world is fast
becoming reality. Take, for example, a security camera that starts recording
when a motion sensor is activated and alerts your phone. Already we have
a number of devices involved in maintaining a cloud-based service. In
simple terms there is the device, the network to which it is connected, the
device that controls or interacts with it – most probably a smartphone –
and then there is the cloud service that either stores the data from it or is
acting as a conduit to deliver the data to the phone. Potentially, one more
4. The Internet of Things - 4 -
component, a home management system comprising a master device or
hub might be deployed, providing a single interface to manage connected
devices that provide services around the home.
There are several main scenarios for controlling and communicating with
devices. As consumers, we are familiar with at least two of them: Bluetooth
and Wi-Fi. If for example there is a device that only needs to be controlled
locally by a smartphone, then a short-range wireless technology such as
Bluetooth or Wi-Fi could be used. In home automation systems where a
hub is used, it is common to find one or more of the Z-Wave, BidCoS and
ZigBee, communication protocols that provides low-latency data transfer
and power consumption lower than Wi-Fi. The hub is then connected
through Wi-Fi or wired Ethernet, allowing connection from remote devices
or cloud services.
5. The Internet of Things - 5 -
3. THE PRIVACY POLICY AND
DATA CAPTURE
Each manufacturer should have a privacy policy or similar document
explaining how the data captured by a device, or through its associated
services, that you use is collected and used. Some of the policies are
vague and hard to read and in some cases difficult to locate, while others
demonstrate exceptional efforts by companies to make them readable and
understandable.
Companies also have a tendency to make privacy policies cover a wider
range of eventualities than may arise in reality, so they may not be
collecting all the things stated in the policy. The policies are complex
documents that require considerable legal resources to write, modify and
maintain, so listing everything you might collect is seen as a method of
future-proofing the policy. It does, of course, mean that if you accepted
the policy today, then the company could be collecting the listed data
tomorrow.
We are not questioning the reasons for, or other aspects of, data collection
for this paper; we’re taking a holistic view of the data being collected
overall in order to provide services in a basic smart home. Looking at the
quantity and depth of data collected raises concerns that an individual is
oversharing unwittingly.
It is understood that most devices and services will collect basic personal
details that may include given name, address, date of birth, email and
phone number. The data included for each device are taken from the
applicable privacy policy published by the company concerned. Often
companies use the term ‘but not limited to’, meaning that if they want,
they can collect more than what is described on the list.
When devices are controlled by a service other than the one offered by
the vendors that created the devices, then data could be collected by the
third party service provider as well. For example, the D Link products that
use the cloud service can also be controlled by Amazon’s Alexa. A simple
command such as ‘Alexa, tell mydlink to switch on the garage camera’ may
mean that both mydlink and Amazon are aware not only of the instruction,
but of what device it operates and how it is used. The consequences of all
commands sent to various devices from different vendors flowing through
a single party could add up to greater convenience for the end user, but
some may see this as one entity able to build up a full lifestyle profile on the
household and its occupants.
4. VULNERABLE DEVICES
Did we find vulnerabilities? Yes.
We initially chose and tested twelve products from eight vendors: the
details of eleven products from seven vendors are included later in this
white paper. The product that is missing from this paper had significant
vulnerabilities. As a security company we value the commitment to
responsible disclosure and the collaborative nature of the IT security
industry — therefore, we notified the company in question with specific
details of this device’s vulnerabilities. That device is a home automation
control panel that can manage motion sensors, heating controls, shutter
motors, environment sensors and smart plugs. The device has a number of
vulnerabilities, including:
• The login process from the local network is not fully authenticated. The
default option is to allow auto-login, which bypasses the need for standard
credentials such as userID and Password. The manufacturer does mention this
issue in a security alert, and recommends disabling this default option.
6. The Internet of Things - 6 -
• As with nearly all smart home systems, a cloud service provides the
functionality to manage the connected devices from one place. The
communications to the cloud service are not encrypted.
• The vendor’s cloud service has the ability to establish a virtual private
network (VPN) connection to the remote devices. Once this tunnel is
established, it could be possible for the remote network configuration to be
changed. This could result in the users’ local network being accessed without
consent.
• Accessing the cloud service requires registration, but if the user details
become compromised the VPN access to the remote network could present a
considerable risk.
The remaining devices that we tested and detail in this paper demonstrate
the need for research and investigation before making a decision to
purchase. For example, the D-Link cameras and the TP-link Smart Plug
have well documented security issues. The main concern with cameras is
the lack of encryption of the video stream coupled, in this case, with weak
authentication.
There are cameras available that are secure and encrypt the video stream,
both in real-time and when stored. The devices we tested were from a
recognized brand, which suggests that ‘name brand’ does not necessarily
mean secure, at least where cameras are involved.
5. PRIVACY, THE BIG CONCERN
Are there privacy concerns? Yes.
Each device in the test collected different data to facilitate its functionality
and in most cases the data collected seemed in context with the service
being provided. The Soundmaster Internet Radio, without an obvious
privacy policy and with a lack of any meaningful terms, raised a red flag for
our researchers. If there is no stated policy, then no informed decision can
be made.
The most significant concerns are raised by voice-activated intelligent
assistants — in this instance Alexa. A service that acts as a conduit to
all other devices and then stores the interactions with them, potentially
creates a single treasure chest for a cybercriminal. Neither the reputation
of the device nor Amazon’s services are in question, but a smart hacker
trying to harvest personal data for identity theft could create a spear-
phishing attack on individuals to gain access to their Amazon accounts.
he screen images above are examples of the Alexa app’s Smart Home functionality.
7. The Internet of Things - 7 -
Alexa – can you be secured? Possibly.
If you decide to utilize this polite and obedient intelligent assistant, then
configure it with some parameters.
• Require a PIN when purchasing through voice, or better yet don’t purchase
through voice.
• Train Alexa to know your voice and then limit functionality to only your
recognized instructions.
• When you don’t need an assistant, switch it off, or at least mute the mic.
6. ESET TEST: THE IOT DEVICES IN
OUR ‘BASIC’ SMART HOME
a. Amazon
Amazon Echo (2nd Generation)
The Amazon Echo is a hands-free, voice-activated, virtual assistant that
uses the Amazon Alexa service to answer questions or to allow you to give
commands such as to play music, set alarms or to control smart home
devices that are Alexa-compatible.
Seven microphones and noise cancellation ensure that Alexa can hear your
commands from across a room even when music is playing.
With 360 degree omnidirectional audio it can fill the room with music that
benefits from Dolby processing and dynamic base response.
A growing number of vendors are adding support for Alexa through ‘skills’
which gives the device control of other devices and services to bring
together the smart home into one verbally controlled device.
Alexa Terms of Use
https://www.amazon.com/gp/help/customer/display.html?nodeId=201809740
Alexa enabled products collect and send to Amazon:
Your Alexa interactions
Voice inputs
Music playlists
Your Alexa to-do and shopping lists.
Device type
Name
Features
Status
Network connectivity
Location
Amazon may automatically update the firmware for certain auxiliary
products on behalf of the applicable manufacturer.
Note: This does not included details of Amazon’s general privacy policy,
only the details of the Alexa service.
Security & Privacy
If you own an Amazon Echo then your best friend may well be Alexa, a
device to which you can pose an unlimited number of questions, as well
as give it instructions and receive polite and prompt responses. When
setting up a smart home, it is probably a must-have device. The device
can perform a wide range of services both directly or through connections
you approve to third parties, including playing music, reading the news,
checking your calendar and putting together your to-do list, and of course
purchasing things through your Amazon account.
8. The Internet of Things - 8 -
The Echo is constantly listening for your commands and is voice-controlled,
sitting dormant until it recognizes the ‘wake word’. This word brings Alexa
to life and allows you to give a direct command or a command tied to a
skill (see next paragraph). The instruction is transmitted to Amazon for
analysis and a response is generated. These interactions are associated
with your Amazon account and can be reviewed.
If the interaction is related to a third party – for instance, you are asking
Nokia’s Health Mate app how much you weigh – then Nokia does not
get the audio request, just the request for your weight. To make this
interaction possible, there is a requirement to connect the third-party
account to Alexa in order to make the information available. This is referred
to as an ‘Alexa skill’.
The audio interactions are stored in, and associated with, your Amazon
account. You can delete them either one at a time in the Alexa app, or in
blocks through Amazon’s website. Are users engaged enough to review
what is being stored and to delete anything that may be deemed personal?
Probably not.
The data could be enlightening to a marketer. Your interactions will have
informed Amazon what products you like to purchase and from whom,
what you listen to, what other connected products you have, and so
on. This collection of data enables a profile to be built that potentially
contains very specific details about your lifestyle – a marketer’s dream, and
potentially a cybercriminal’s too. It is important once again to emphasize
that you are in control and there is nothing hidden here since you can
see the interactions and delete them. Also, if you become too concerned
then you can always switch Alexa off, either fully or by just muting the
microphone.
With data breaches frequently in the news, any voice-activated digital
assistant could be a reason for concern. If, for example, someone gains
access to your Amazon account name and password, they have the ability
to listen to your interactions with Alexa. The depth of information stored in
the interactions could cause embarrassment as well as be a privacy issue.
There are precautions you can take:
• Set up voice recognition so only you can use Alexa, which will stop visitors to
your house having fun with it
• Delete the recordings of past interactions
• Consider not connecting other devices when the data is deemed to be too
personal
• Switch off Alexa when you don’t need it
• Protect your Amazon account with two-factor-authentication. This prevents
access should your login details inadvertently fall into the wrong hands
b. D-Link
D-Link DCH-G020 Connected Home
The DCH-G020 is a Connected Home Hub that is a central conduit to
link all of your existing mydlink Wi Fi and Z Wave devices. When used in
combination with home sensors it can alert you when doors or windows
are opened or when motion is detected. With the cloud service mydlink
Home it can simplify setting up a smart home without the need for
additional subscriptions or charges.
D-Link DCH-S150 Motion Sensor
The DCH-S150 Motion Sensor detects motion and can be paired with
other devices to take predefined actions, for example, when paired with
a camera, video can be captured, or paired with a Smart Plug it could
switch on lighting. Notifications and alerts can be sent to mobile devices or
through email.
9. The Internet of Things - 9 -
D-Link DCS-935L Camera
The DCS-935L Camera is a connected camera that can capture clear crisp
images. It boasts 720p HD video quality, night vision up to 16 feet and has
both sound and motion sensing technology. Notifications and alerts can be
sent to mobile devices or through email. Remote viewing is free through
web browsers and mobile devices when viewed through D Link’s cloud
service mydlink.
D-Link DCS-2132L Camera
The DCS-2132L provides the ability to directly transmit high quality video
images for security and surveillance or other purposes. It hosts its own web
server and has a built in CPU which means it can be accessed from any
web browser over the internet. The integrated device has infrared for night
video, motion detection, a microphone and a speaker.
‘mydlink‘ is a cloud service providing configuration, control and monitoring
of all of your compatible D Link devices. Accessed through mobile device
apps or a web browser, it provides a single, central location to view
cameras or to see the status of the smart home network.
Privacy Policy
https://www.mydlink.com/privacyPolicy
Each mydlink product will collect some or all of the following:
Voice
Sound
Face
Temperature
Ambient Light
Humidity
CO2 Levels
Precipitation
Moisture
Noise decibels
Motion from sensors
Utilities usage data
App Settings
Scheduling
Alerts
Notifications
Product location in premises
SSID (Wi-Fi Name)
Wi-Fi password
Audio and Video signals
Amazon Echo Enabled
Yes
Security & Privacy
Communication from a mobile device to the mydlink cloud service is
encrypted and the connection between the device and the D Link servers is
also encrypted.
However, firmware updates are delivered by http rather than by https,
which means an attacker could inject malware into the update since the
data stream is not encrypted. Our attempt to take control or change
the operation of the device by creating a modified update resulted in its
failing to be installed. This is evidence that checks on the update package
are taking place despite the fact that the data delivered is not encrypted.
Interestingly, changing just a few unimportant bytes did not stop the
update from taking place.
The cameras included in the ESET smart home test do have weaknesses,
some of which have been documented in other tests. For example, AV
10. The Internet of Things - 10 -
Test in Germany tested the D Link DCS-2132L and awarded it only one star
out of five, noting a number of significant security issues. One year later
there are still issues, such as basic http authentication and video stream
encryption remains insufficient and reversible, as well as accessible over a
public IP address. However, the camera is controlled from the mydlink app,
which is encrypted. But if the video stream itself is poorly protected, then
the security and privacy concerns centre on the content being captured.
If a camera is used to monitor surfing activity at a beach then it could be
argued that reversing the encryption to see how big the wave is would be
a waste of time and effort. However, a camera placed in the home would
have very different security and privacy implications.
It is disappointing that after a thorough examination by AV Test in January
2017, the issues remain largely the same 12 months later.
c. NETAMTO
NETAMTO Weather Station
The NETAMTO Weather Station has two modules: an outdoor module
provides real time access to weather conditions while an indoor module
monitors conditions indoors such as air quality. Knowing the exact
conditions before heading off to the cabin for the weekend could prove
very useful. Through a crowd sourced network of NETAMTO devices, you
can see local condition variances and conditions in other locations.
Privacy Policy
https://www.netatmo.com/en-US/site/terms
The NETAMTO privacy policy is not as detailed as some of the others.
The wording is generalized and is about categories of data rather than
specific examples of what actual data is collected. This means users may
be unaware of the reality of what is being collected, stored or shared.
However, when purchasing a NETAMTO Weather Station, one of the
key buying propositions is the Weathermap (see the link and description
below).
When you use the services, there is automated collection of:
Personal data and measurement
Usage
Your activity with services
IP address
NETAMTO share aggregated anonymized personal data with third parties
Amazon Echo Enabled
Yes
Security & Privacy
NETAMTO provide a Weathermap so you can see the weather in any
location where a device is installed and shares its findings. If you choose to
contribute to the Weathermap then the data from the external sensor will
be shared. Your internal data remains private. If you choose not to share
then only you will see your device on the map.
If you do decide to share the data from your device, then the location is
specific. Take a look using the Weathermap link above and select one of
the devices. The street address is shown in the details on the right. The
only thing missing is the house number. Opening a Google map in another
browser window and comparing could potentially enable you to ascertain
the actual address.
Is sharing the address a cause for concern? Yes. Ever received a call saying
that an issue has been identified with your laptop or Windows? If you have,
then it came from one of the many tech support scams designed to charge
11. The Internet of Things - 11 -
you for a service that you did not need. Imagine the call being a little
more specific and no longer guessing whether you have a laptop running
windows and instead the caller asking specific questions about your
weather station. This validated knowledge about what devices are installed
at your location may make it significantly harder to detect a fraudulent call.
NETAMTO did have issues with plaintext Wi-Fi credentials being
communicated, back in 2015. They resolved these issues with a firmware
update. Once connected, the device automatically downloads the latest
firmware version from the cloud. While not delivered over SSL, it is encoded
using a proprietary method.
d. Nokia Health
Devices
Nokia Health Body+ Scale
The Nokia Health Body+ Scale is far more than a bathroom scale. It can
accurately provide additional information such as body mass index, body
fat, water percentage, muscle and bone mass. With the Health Mate
app you can track progress and get coaching advice to help reach your
objectives.
Nokia Health Body Cardio Scale
The Nokia Health Body Cardio Scale adds additional functionality over the
Nokia Health Body+ Scale and can track your cardiovascular health via a
heart rate monitor.
Privacy Policy
https://health.nokia.com/us/en/legal/privacy-policy
When you are using Nokia digital health Products and Services, the privacy
policy states that Nokia may need to collect:
Identity Data
IP address
Videos and pictures of you
Activity Data
Your number of steps
Distance travelled
Number of swimming strokes
Number of calories burned
Type of activity
Level of activity
Sport session time
Body Metrics Data
Your weight
Muscle
Fat
Health rate
Breathing rate
Blood pressure
Environmental Data
Noise level
Light level
Temperature level
CO2 concentration
Positioning and location Data
Amazon Echo Enabled
Yes
12. The Internet of Things - 12 -
Security & Privacy
Privacy with health-related data should be paramount. Nokia’s privacy
policy states:
Some services may allow you to share your personal data with other users of the
service or with other services and their users. Please consider carefully before
disclosing any personal data or other information that might be accessible to other
users.
When you look at the personal nature of the data collected, then sharing
may seem inappropriate: however, someone on a drive to lose weight may,
of course, be motivated by sharing information on steps walked or weight
lost. In general, once data is shared, even with other family members or
friends, it should be considered to be public, as you have passed control to
someone else.
The ESET research team took a deeper look at the device because of the
type of data collected, and the team’s actual comment was “the security of
this device was relatively good”. We set out to attempt to access the data
flowing between either the scale or the Health Mate app and the cloud
service they communicate with and the affiliated cloud service.
It was possible to launch a man-in-the-middle (MitM) attack between the
Android app and the cloud, but to achieve this the Android device needed
to be rooted and a MitM root certificate needed to be installed. As the
scale communicates with the Android device and firmware updates are
delivered through the app, the MitM attack allowed us to intercept the
firmware updates. The download is encrypted using SSL, then ultimately
flowing through the Android device to the scales. Modifications to the
firmware could be made and then written to the scales over the Bluetooth
connection, but to do this a setup mode button needed to be pressed on
the scales, meaning you needed to be physically next to them so a remote
attack was not a factor.
Modifying the firmware to downgrade the communications with the scale
from https to http was successful. The data being transmitted was then
readable. Even then, though, the data and parameters being transmitted
are not easily ascertained.
In summary, it is highly unlikely to find a scenario where a hacker can
access the phone, root the device, intercept the firmware download,
rewrite it, then press a magic setup button on the actual weighing scale
and install the new firmware. And if they did, the data they could see is
meaningless without extensive further reverse engineering.
One other curious feature of the scale is a weather forecast. Yes, you are
reading this correctly. If the scale knows your location, which is established
from your phone, then a local forecast is available on the scales display
while you weigh yourself. Whether this is a security or privacy risk remains
to be seen, but sharing your location with your scale’s seems out of
context.
The biggest risk with the scales is that users might overshare their own
data through social media networks, or that a third party might get access
to sensitive personal information. The third party focused on in this paper
is the Amazon Echo. When linking the Nokia Scale to the Amazon Echo
you can ask Alexa questions about the data stored in your Health Mate
account. On the Amazon web page that details the Nokia skill and offers
enablement, there is the following statement:
https://www.amazon.com/Nokia-Apps-Distribution-LLC-Health/dp/
B0786NLDBF
Note: Alexa and Amazon, Inc. do not store or retain your Nokia Health data, but
voice interactions associated with your Amazon account may contain your Nokia
Health Mate data.
13. The Internet of Things - 13 -
When you link Alexa and grant Amazon permission to access your
Nokia Health Mate account, the screen above is displayed. Note that it
is specifically mentioned that you are granting Amazon Alexa access to
personal data including weight, distance, sleep and objectives.
When asking Alexa your weight, the privacy policy statement should give
you confidence that Amazon is not storing the data from your Nokia
Health Mate account. However, they are storing it in the form of voice
interactions associated with your Amazon account. Remember, if you
access your voice interactions in the Alexa app then you can see all the
interactions in written form, and you can play the original audio back. You
do have control and can delete these interactions and can optionally review
the accuracy of the Alexa interaction.
The issue with placing control back in the hands of the user to delete these
interactions is that many will not know they are stored and even if they do,
then deleting them is a task likely to be both arduous and infrequent.
14. The Internet of Things - 14 -
e. Sonos
Sonos PLAY:1 Speaker
The Sonos PLAY:1 is a Wi-Fi-connected speaker that can stream music
regardless of the status of your mobile device. No more interruptions due
to an interruption in Bluetooth connectivity. Combined with an Amazon
Echo or Dot you can verbally control the tune, playlist or radio station that
is playing. Multiple speakers in different rooms can be synchronized to play
the same song or everyone can be enjoying a different tune at the same
time.
Privacy Policy
https://www.sonos.com/en-us/legal/privacy
The policy states that Sonos may collect:
Product type
Controller device type
Operating system of controller
Software version information
Content source (audio line in)
Signal input (example – Dolby)
Information about Wi-Fi antennas
Audio settings
Product orientation
Room names you assign
Tuned using Sonos Trueplay
Temperature of your product
Wi-Fi information (signal strength)
Music services you connect to (for some services login username – but not
password)
How often you use the Sonos app vs another control mechanism
Flow of interactions within Sonos app
How often you use physical controls on the unit
Location data when app is in use
Duration of use
Duration of music service use
Product and room grouping information
Command information, play, pause, change volume, skip tracks,
information about tracks, playlist, station container, Sonos playlist, Sonos
favorites
Amazon Echo Enabled
Yes
Security & Privacy
It is important to note that this device is a Wi-Fi-enabled speaker as
opposed to Bluetooth-enabled. This removes the necessity for a paired
device, for example a cell phone, to be in a certain proximity and allows the
phone’s audio functions to work independently.
The Sonos or other app that is aware of the device’s existence, broadcasts a
network wide desire to play audio. As the speaker is in permanent listening
mode, it will see this request being broadcast and play the requested audio.
A Sonos account is required to work with the app. The speaker frequently
connects to Sonos servers. There are two connections: one is a permanent
connection while the other is an hourly connection. Both are protected
with encryption. The permanent connection is not surprising as the speaker
works with Amazon’s Alexa. Asking Alexa to play a track on your Sonos
speaker would require a connection between Sono’s servers and the
speaker so the track can be streamed.
15. The Internet of Things - 15 -
Sonos’s privacy policy states that interactions with the app and music
services to which you connect are captured. This is to be expected, as
nearly all music services offer recommendations on music you may like.
The policy also states that room names you assign to the device are stored.
This is understandable as you need to be able to specify what device you
want to play a track on, “Alexa please play ‘Beautiful’ by James Blunt on
the kitchen speaker”. If someone gained access to this data, that could
possibly be an overshare, depending on what you have called the rooms. If
for example you have speakers in your children’s bedrooms, then naming
the speakers using your children’s names may be inadvertently sharing data
with Sonos about the people in your family.
There is a new version of the speaker available, the Sonos One. This
combines the functionality of the speaker and the Amazon Echo. The Sonos
speaker in effect takes the role of being an Amazon Echo. In this scenario,
Sonos’s privacy policy is clear that interactions with Alexa are not retained
by Sonos.
f. Wörlein
Soundmaster Internet Radio IR4000SW
This modern designed internet radio in appealing black lacquer look with
practical carrying handle is the perfect companion for those who are
looking for a radio that leaves nothing to be desired. The internet radio
IR4000SW in white also supports the reception of DAB + and FM PLL radio,
whereby your favorite stations can be stored by preset memory and are
thus easily accessible. The device is connected via Wi-Fi to the internet.
In addition, a USB port is add this available. [Description translated from
amazon.de.]
Privacy Policy
We could not find a privacy policy related to the products of the company.
There is a German language privacy policy for visitors to the company
website, here. However, for an English- speaking visitor to the website, the
policy is still displayed in German. You can buy products in English but not
read the policy. There is, of course, Google Translate, but nuances may be
lost in translation – particularly important for legal documents.
Amazon Echo Enabled
No
Security & Privacy
With no privacy policy, we need to rely on our investigation to understand
what communication is happening between the device and the internet.
Firstly, when configuring the device to connect to the Wi-Fi network
the password is not obscured once typed so anyone who can visually
observe it being configured, can see the password in clear text. If the
16. The Internet of Things - 16 -
device is accessible, for example in a public place such as an office or retail
establishment then the Wi-Fi credentials would be accessible by clicking
through the settings. If a company creates products with security by design
as a prerequisite, then a password being displayed in clear text or accessible
without authentication is unlikely to occur.
When selecting a radio station, an instruction is sent in clear text to
mediayou.net, which appears to be a portal for accessing online radio
content. mediayou.net will know the IP address of the radio connecting to
it, the requested radio station, and the time and duration of listening.
There is no privacy policy listed on the mediayou.net website. Even when
creating an account on the site there was no offer of any privacy policy or
terms of use. Researching the mediayou.net domain to establish who owns
it is futile, as the domain details are hidden behind a privacy shield, which is
a little ironic.
Without any understanding of what, if any, data may be collected and
retained, then you have to assume the worst case: that is, that a company
will collect everything they can and sell it to whomever and however they
choose. At a time when personal data has value and identity theft is a
growing issue, this is an unacceptable situation.
g. TP-Link
TP Link Smart Plug HS110
The TP Link Smart Plug allows you to connect a standard non-smart device
and control the power to it directly from your smartphone. Remotely
switching on a fan, the lights or boiling a kettle without having to replace
the devices with new, smart, connected devices is a cost-effective way to
start a smart home.
Privacy Policy
http://www.tp-link.com/us/privacy
The policy states that TP‑Link may collect:
Firmware version
IP address
MAC address
Other identifying information, such as names and images that associate
you with account users
Your location
Devices
Scenes
Device configuration details
Demographic information
Third party account details
Schedules
Audio/Video recordings
Third party device usage, such as when a motion sensor senses motion
Type of device or service information is received from
User configurable device name, group name, location name
IP Address
Location
17. The Internet of Things - 17 -
Mobile device information
Amazon Echo Enabled
Yes
Security & Privacy
When we set out to create our basic smart home, we selected devices
by price, availability and a perception of popularity. Taking a device that
may not itself be connected or ‘smart’ and controlling it through its power
source is both cost effective and convenient. For example, you may want to
boil a kettle of water without the need to actually visit the kettle. Imagine
that before heading to bed you flip the switch on the kettle to ‘on’ and
when you wake up you switch on the power to the socket remotely or
through a voice activation service such as Amazon Alexa.
This device has well-documented vulnerabilities that include easily-
reversible encryption between the device and the TP Link Kasa app used
to control it, certificate validation issues and potential man-in-the-middle
attacks.
On January 5, 2018, TP Link published a vulnerability statement detailing
issues with WPA2 Security due to KRACK. However, KRACK is an industry-
wide issue and the details were widely disclosed in October 2017 by the
two researchers who found the flaw. The HS110 is shown in the TP Link
statement as having been fixed if you are running the correct firmware,
which is delivered through the Kasa app.
Searching online for ‘tp link hs110 vulnerabilities’ over 2600 results. The
content of the results page should raise a red flag to a potential purchaser.
In the first few results, ignoring the KRACK items mentioned above, you
see terms such as ‘Reverse Engineering the TP Link HS110…’, ‘TP LINK HS110
weak authentication…’ and ‘Hacking TP Link devices…’.
Purchasing an inexpensive device in an attempt to use an otherwise non-
connectable device as part of a smart home may seem like a cost-effective
solution but, as you can see in this case, it is not always without issues.
18. The Internet of Things - 18 -
7. CONCLUSION – IS IT SAFE?
Is it safe to create a smart home? Possibly.
At its inception, the goal of this project was to create a basic smart home
that mimics something that could end up in typical household. The concern
from our research team was “what if we don’t find any issues?” What a
great leap forward it would be for IoT if we actually had found no concerns,
and our recommendation to all who feel the need to start building that
smart home was to ‘go right ahead!’. Alas, this is not the case, and in
fact the conclusion that I am writing now is different from what I had
envisioned at the start.
No device or software is guaranteed secure or without potential
vulnerabilities. However, companies can be judged based on how they react
to disclosure of vulnerabilities in their products. Some of the devices tested
had vulnerabilities that have been dealt with quickly with new software
and firmware. Unless such disclosures are promptly acknowledged and the
vulnerabilities fixed, choosing an alternate device would be an appropriate
response. By using sound judgement and caution it is possible to start
building a basic smart home. Below are the main considerations we would
suggest that you follow before purchasing components or starting out on
this journey.
• Researching potential vulnerabilities before purchasing should be a mandatory
requirement before making a decision. A simple search as per the examples
below will give you an indication if there are known issues.
Device name security vulnerability
Device brand name security vulnerability
Device brand name privacy breach
Device brand name data leak
• Does the manufacturer update the firmware and can it be auto-updated, or
at a minimum, notify you through an app or email? Check the vendor website
or perhaps search online to find the information.
• Read the privacy policy. Understanding what data is collected, stored or
shared will help you make the decision on whether the device should be part
of the overall network or kept isolated. And if neither of these is deemed
secure, then of course don’t purchase.
• Use caution when sharing data on social networks or with a vendor’s
own systems. Sharing your location, device and pattern of usage may give
cybercriminals enough data to scam you or start a targeted attack.
• Voice-controlled intelligent personal assistants are convenient. They are also
all-knowing. Think carefully how much you tell your assistant, or how much
you ask it to gather on your behalf.
Each person reading this paper will have a differing view on what personal
information they are willing to disclose, either to a single vendor or to a
company that has an aggregated view. The potential for home, lifestyle,
health and even browsing data collected by internet service providers to be
available to a single entity should only be permitted after due consideration
for the consequences. As companies discover new ways to monetize data
collected by IoT devices, then either the industry needs to self-regulate, or
governments will need to strengthen privacy legislation in a similar way to
that in which the EU has implemented GDPR.
19. ESET, spol. s r.o.
Aupark Tower, 16th Floor
Einsteinova 24, 851 01 Bratislava
Slovak Republic
February 2018