AWS re:Invent IOT

Amazon proposes the following data flow for IOT. It is built with AWS and the recently acquired 2lemetry and its ThingFabric platform.

https://aws.amazon.com/iot/how-it-works/

https://www.linkedin.com/pulse/iot-aws-reinvent-quick-hits-matt-trevathan

Components: Rules Engine, Registry, Shadows (state tracking), Data based decisions, Integrations with AWS (Redshift, Lambda, S3, Kinesis, DynamoDB)

AWS IOT Flows
Advertisements

Integrate Conference 2015

This conference has a focus on integration between technologies and is held with API World. A dominant theme was connected cars.

ActiveScaler demonstrated its Connected Car platform and API that delivers five types of information. It had a great session with visits from a number of car companies, partners, vendors advisors, investors and interested public.

The highlight was a visit by Maria Roat, CTO, US Department of Transportation where she and her colleague shared their views on the evolution of transportation technologies with ActiveScaler team.

ActiveScaler demonstrated an app that connects the car to the cloud to provide rich vehicle and driver analytics in real time.

TechCrunch Disrupt Hackathon

The Ford Hackathon at Techcrunch Disrupt encouraged use of the Ford SmartDeviceLink (SDL) SDK to talk to their head units. The apps can be submitted to Ford for cars supporting Ford Sync. Toyota also represented itself to lend support to this open source effort. With a combined open source effort  the number of cars targetted by such apps could be higher.

The SDK can be useful for insurance applications for measuring ride and driver quality. Many applications were built at the hackathon around this idea.

We built an application to synchronize brakes between two cars in real time to prevent car pileups in low visibility conditions. It alerts the driver that a car ahead acting as a virtual break light. Our goal was distraction free driving, so it used voice commands to alert and automatic brake detection instead of manual brake notification.

A previous SDK also supported by Ford was OpenXC. Another popular SDK at the hackathon was Vin.li SDK.

There was discussion of a Waze like app that is built into cars. Talking to people I learnt of the role the Department of Transportation is playing to bring Intelligent Transportation to reality.

Salesforce Dreamforce Conference

At the Salesforce conference were several interesting IOT demonstrations.

One of them could Docker to be run inside a Raspberry Pi. This can be used for seamless OTA upgrade of IOT software. Another allowed instant analysis of the chemical composition of a drug and the information is connected to an app.

Another interesting demo was Built.io, which is like an IFTTT for different apis and IOT flows – a virtual circuit diagram allows inputs to be cascaded together in a flexible manner to achieve a variety of outcomes.

Salesforce made the announcement of the IOT Cloud which is built on Salesforce Thunder, a massively scalable real-time event-processing engine. Business can create alerts or filters to identity important data from event streams. This can be used to send alerts from manufacturers to customers or customers to manufacturers, for instance for a malfunctioning device or for a car recall.

Marc Benioff – “The Salesforce IOT Cloud will empower businesses to build proactive 1:1 relationships with their customers to deliver a new kind of customer success”.

Here’s a review of this announcement with the opinion that it is currently more of a positioning statement than a real capability – http://www.zdnet.com/article/dreamforce-2015-salesforce-thunder-unavailable-2016/

CAN bus attacks

A CAN is a Controller Area Network. Electronic Control Units (ECUs) are networked together in a car using a bus based on the CAN standard. A car will have one more CAN buses which are typically accessible via the Onboard Diagnostics (OBD II) port.

The CAN allows a distributed network of micro-controllers and devices to do real time messaging with each other with CAN packets, to exercise real time control. It is used in industrial control systems, vechicles such as airplanes and ships, and automotive systems.

ECU examples are Airbag, HVAC, ABS and Engine Control Unit.

Some CAN related security resources –

  1. Hopping on the CAN bus. https://www.blackhat.com/docs/asia-15/materials/asia-15-Evenchick-Hopping-On-The-Can-Bus.pdf
  2. Charlie Miller, Chris Valasek.  http://illmatics.com/car_hacking.pdf
  3. Craig Smith, opengarages. http://opengarages.org/handbook/
  4. Original Spec by Bosch. http://www.bosch-semiconductors.de/media/pdf_1/canliteratur/can2spec.pdf
  5. http://www.instructables.com/id/Exploring-the-Tesla-Model-S-CAN-Bus/?ALLSTEPS
  6. http://tucrrc.utulsa.edu/DodgeCAN.html

A podcast interview with Chris Valasek: https://securityledger.com/2015/07/podcast-interview-with-car-hacker-chris-valasek-of-ioactive/

Most cars do allow CAN access via OBD. Tesla does not, but the CAN information is still accessible via another port.

It may sound unusual that the OBD port meant for diagnostics should allow sending commands to the CAN bus, but this is in fact possible, in part because there is no source identifier or authentication build into CAN packets.

What if an ECU itself has some kind of problem or degradation ? This can increase vulnerability when combined with open CAN bus access.

For example, there were two independent recalls in early 2015 related to defective airbag deployments. The Jeep recall was due to software that detected rollover aggressively and deployed the airbags. The NHTSA recall was due to Takata airbags with faulty inflators.

As we bravely head to an IOT world where various devices and controllers are networked to external entities, such concerns will increase.

There are attacks on other car interfaces such as bluetooth, telematics unit and remote key. Recently (July) there was an attack on Jeep which caused an update to fix the bug. The Israeli media reported a couple startups, Argus and TowerSec could have prevented this attack.   Update Jan 2016: TowerSec is acquired by Harman – CES 2016 announcement.

OpenDNS and Cisco

Cisco recently acquired OpenDNS and its security offerings.

The Domain Name Service is a hierarchical lookup service that converts human readable names to IP addresses that are used for routing. As such the DNS lookup servers can see the names being accessed, their access trends, web security attack patterns such as phishing redirects and so on.

But how did OpenDNS come to focus on security ? It was preceded by a free DNS service called EveryDNS started by David Ulevitch in his college dorm in 2001. The free nature of it attracted an interesting clientele– a number of malicious services, sites and agents.  This gave EveryDNS visibility into this part of the internet – both the customer view and a real-time view. David realized the potential and started a new company OpenDNS with both a free+paid dns offering and a growing number of security services.

In 2012 OpenDNS offered an Umbrella service to blacklist malicious sites. The most interesting offering is its OpenDNS Security Graph. The Umbrella Security Graph maintains and automatically updates malware, botnet, phishing domain and IP blacklists. This is then sold to enterprises – a higher margin business than providing DNS lookup alone.

Verisign is also in the DNS security business after it sold its certificate business to Symantec.

Tesla Model S hacked by researchers

Tesla is an advanced computer on wheels. How is security for such systems designed ? Snippets from below are insightful.

http://www.wired.com/2015/08/researchers-hacked-model-s-teslas-already/

“Two researchers have found that they could plug their laptop into a network cable behind a Model S’ driver’s-side dashboard, start the car with a software command, and drive it. They could also plant a remote-access Trojan on the Model S’ network while they had physical access, then later remotely cut its engine while someone else was driving.”

“Tesla distributed a patch to every Model S on the road on Wednesday. Unlike Fiat Chrysler, which recently had to issue a recall for 1.4 million cars and mail updates to users on a USB stick to fix vulnerabilities found in its cars, Tesla has the ability to quickly and remotely deliver software updates to its vehicles. Car owners only have to click “yes” when they see a prompt asking if they want to install the upgrade.”

“The Model S has a 17-inch touchscreen that has two critical computer systems. One is an Ubuntu server responsible for driving the screen and running the browser; the other is a gateway system that talks to the car. The Tesla gateway and car interact through a vehicle API so that when a driver uses the touchscreen to change the car’s suspension, lock the doors, or engage its parking brake, the touchscreen communicates with the gateway through an API, and the gateway communicates with the car. The touchscreen never communicates directly with the car. “At least so our research has found so far,” Mahaffey says.”

“The Model S has an Ethernet cable for diagnostic purposes and by connecting to this they were able to get access to the car’s LAN. This allowed them to uncover information about the firmware update process, such as the configuration of the VPN the car used to obtain updates as well as the URLs from where the updates were downloaded. They also found four SD cards inside the car that contained keys for the VPN structure, and they found unsecured passwords in an update file that allowed them to gain access to the Tesla firmware update server. “By using the VPN credentials we got from the SD card, we were able to configure and open VPN clients to go and talk to Tesla’s infrastructure and mimic the car.”

Even though Tesla provided the update quickly, having unsecured passwords in a file that allowed access to go to the firmware update server should alert one to the risks of connected cars.