IoT news of the week for Dec. 16, 2022

The GAO wants better IoT and OT security audits: In a report issued at the beginning of this month, the Government Accountability Office (GAO) issued an 80-page report that recommends federal agencies actually assess how well they are following the NIST and CISA cybersecurity recommendations around IOT and OT deployments. The report points out that none of the agencies called out by the federal government for protecting the energy, health and transportation sectors have developed metrics to assess the effectiveness of their efforts. They also have not yet conducted IoT and OT cybersecurity risk assessments. This feels like a pretty big deal, so this report ought to get more attention. (GAO)

Calling Mr. Robot: A security researcher is calling attention to a new form of attack designed to get information from air-gapped computers. The attacker first loads malware onto a computer (this is the hard part), which enables the malware to use the CPU on the hacked machine to share its contents by using electromagnetic radiation created by the CPU. A nearby smartphone then decodes the electromagnetic waves into intelligible data for the hacker’s perusal. The malware can detect what a computer is doing, and is most potent on desktops and computers with strong power signals and minimal shielding. Laptops and Raspberry Pis are harder to hack, but still possible. This isn’t something I personally would worry about, but if I had computers running sensitive process manufacturing operations or storing national security secrets, I’d want to know about it. I include it here to demonstrate how pretty much anything can be hacked. (Bleeping Computer)

Qualcomm now has its own Wi-Fi 7 chips for networking: After Mediatek launched Wi-Fi 7 chips earlier this year, it was only a matter of time before other companies would start with their marketing of Wi-Fi 7 silicon — all ahead of the actual certification of the Wi-Fi 7 specification expected in the second half of 2023. Why be so early to the party? Marketing! Wi-Fi 7 isn’t going to do much for the IoT as the focus is more on delivering more capacity and managing connections in the home dynamically so as to prevent congestion. In other words, your sensors won’t benefit from the upgrade, but your video cameras might. And improved networks are always welcome, even if Wi-Fi 7 routers won’t be out until late next year. (Qualcomm)

Indiana Farm Bureau Insurance will use Notion Security for smart home-based insurance: Comcast’s Notionbusiness is working with Peril Protect on behalf of Indiana Farm Bureau Insurance to provide Indiana Farm policyholders a Notion sensor kit and potential savings on their premiums. The Notion sensor monitors for water leaks, the opening of doors and windows, temperature changes, and alarms sounding in the home on the same device. Customers will get a five sensor starter kit for free and can sign up for a $10 a month Notion PRO monitoring service as well. Indiana Farm Bureau Insurance policyholders who participate could see potential savings of up to 15% on premiums. Notion has been working hard to bring its sensors to insurance firms and that effort has been paying off with several insurance customer wins. (Indiana Farm Bureau Insurance)

Somalytics’ sensors get embedded in a new sleep device: Back in September, I wrote about a sensor startup called Somalytics that was able to turn carbon nanotube-infused paper into cheap, accurate sensors that could measure proximity. The technology is still early, but the company has since inked a noteworthy commercial deal and been invited to show off its technology at Hyundai’s Open Innovation lounge. With Hyundai Somalytics is showing off its  sensor technology in a gesture-controlled door handle. The second is commercial deal that puts the sensors in a sleep mask designed to track eye movements for sleep tracking that will launch at CES. The SomaSleep mask is thin, lightweight, and can track REM sleep. I don’t have the pricing yet, but I like the concept of launching a new sensor on a dedicated device that can show what it’s capable of. The sensors can detect human presence at up to 200 millimeters using electric charge from our bodies, making it a cross between a PIR motion sensor and a haptic sensor. It’s pretty cool. (Somalytics)

The Eclipse Foundation releases Sparkplug 3.0 for MQTT: Sparkplug, which ensures that platforms that use the MQTT messaging protocol can share their data without a lot of integration work, is getting a bit of an update with its latest version. This version is the first managed by the Eclipse Foundation and seeks to “clarify ambiguities in the v2.2 version and add explicit normative statements while maintaining backward compatibility.” Basically, it sounds like it’s getting a professional gloss that means it should work a bit better. The Foundation is also prepping Sparkplug for an eventual ISO certification effort that could allow for greater adoption in industries where that matters. (IoT Business News)

How a French city is fighting back against surveillance tech: With sensors and computing getting cheaper all the time, more cities are deploying cameras in the name of safety. And cheap computing means those camera images are stored and easily searchable for specific faces or incidents over longer periods of time. Citizens are slowly waking up to what it means to have your face captured on camera (it no longer is a matter of being caught being in the wrong place at the wrong time, but also a mechanism to gather your image for later training or use with facial recognition software). Activists in Marseille are having none of it, and this article shows how they are fighting back through volunteer efforts to increase awareness and maps that show where cameras already exist. It’s worth reading this article to understand why citizens should be concerned about the proliferation of surveillance tech and how they can fight it. (MIT Technology Review)

Planning to add IoT? Get ready for constant maintenance: I skimmed through this article on the five challenges for IoT deployments not expecting to find anything exciting, but the third point is worth highlighting. It focuses on maintenance, and the idea that when an organization deploys what are essentially dozens or hundreds of computers and networks in its factories or enterprises it will have to deal with maintenance. This can include everything from battery changes to software updates and random glitches. In my opinion, this is an understated issue associated with the IoT, and probably the most painful and time-consuming one. I wish this article had more advice to offer other than noting that maintenance is an issue and whatever an organization plans to install, it should have a sustainable maintenance plan, but it’s a start. (IoT for All)

Updated: This story was updated on Dec. 19 to correct inaccuracies in the Somalytics story. The company uses carbon nanotubes, not graphite, and it does not have a commercial deal with Hyundai.