IoT news of the week for Oct. 26, 2018

LoRa just added a major new feature: The group managing the LoRa Low-Power Wide-Area Network standard just certified three new specifications designed to let LoRa networks handle over-the-air updates in a certified way. This is awesome because one of the big complaints against LoRa has been that its low data rates make it difficult to send out larger updates to devices on the other end. Now the biggest complaint against LoRa will be the fact that Semtech is the controller of the IP and makes all of the LoRa silicon. Semtech has told me it plans to address that soon and that it already has other silicon partners that can make LoRa chips. (LoRa Alliance)

A big victory for consumers!  The US Copyright Office has ruled that consumers have a right to break the digital rights management on their connected cars, phones, tractors, etc. iso they can repair them. This is a huge deal for everyone from farmers who were being forced to call John Deere to repair their tractors instead of saving money and time by doing it themselves to DIY folks who want to add memory to their computers without having the device break because they did so. The ruling doesn’t apply to game consoles, HDMI copy protection systems, boats and a few other things. So, starting Sunday, if you want to try to buy a third-party replacement part for your tractor, go ahead. (The Register)

Why are 69% of industrial sites sending passwords openly? If the report from a few weeks back about the GAO review of military weapons lacking basic cybersecurity didn’t terrify you, this week we have the 2018 CyberX industrial security report. This report lives up to the Halloween season with lots of scary facts, including how 40% of industrial sites have at least one direct connection to the public internet making a mockery of air-gapping. It does provide a bit of hope, noting that in the three years that CyberX has been producing the report, customers have reduced their use of unsupported Windows machines. Last year, 76% of sites included legacy Windows systems; in 2018, it’s fallen to a mere 53%. Which is still pretty scary. (CyberX)

We’ve figured out a way to spy on 5G networks: The millimeter wave networks used for some 5G deployments were always considered more secure than those with longer frequencies that are used for 4G and 3G networks. Because of the shorter frequency, millimeter wave networks can’t penetrate through walls and have tighter bands in which one can try to collect information. However, researchers were able to deflect a bit of the mmWave signal and then recreate the data it carried, allowing them to eavesdrop on network traffic. All the more reason to invest in encryption, y’all. (IEEE Spectrum)

Sigfox is set to grow and launch a satellite service: Lee Ratliff, an IHS Markit analyst who has been at a conference featuring Sigfox’s CEO, has tweeted some news and excellent thoughts from the event. First up is that Sigfox, which provides low-power wide-area networking, now has 3.9 million devices connected, but expects 8 million by the end of this year thanks to a large deal it will announce soon. The second is that Sigfox plans to launch a low Earth orbit satellite, joining others in the low-power wide-area networking world with satellite dreams. It also plans to launch a device called Bubble that will provide location information with accuracy of a few meters. Next year, location is going to be hot, hot, hot. (Twitter)

Plume and Samsung open-source Wi-Fi tech for smart homes: Plume, which makes home Wi-Fi access points that can be plugged into rooms and have most of their intelligence in the cloud, has teamed up with Samsung to launch a new open source project for home Wi-Fi. Plume is open-sourcing part of its cloud-based Wi-Fi management software so device makers, router makers, and others can install that software on their devices. Doing so will let manufacturers’ products integrate and work better with the existing Wi-Fi networks in homes served by Comcast, Liberty Broadband, and other service providers. Plume has built a cloud-based Wi-Fi optimization product that several ISPs have integrated into their own offerings for consumers. By open-sourcing this layer of software, Plume allows a company like Bose or Sony to put software on their devices that can take greater advantage of Plume’s capabilities. For people who don’t use Plume, this won’t matter, but if enough ISPs use the service this open source code will make it easier to optimize products for a wide range of homes. (OpenSync)

Where the smart home went wrong: One of my favorite IoT experts, designer Alexandra Deschamps-Sonsino, has published a new book about designing the smart home. She’s coming on my podcast to talk about it, but in the meantime she’s written a really good blog post about how, so far, we’ve messed up when it comes to making smart homes. She also talks a bit about how to make smart homes better, but it’s more of a thoughtful retrospective on what she’s learned over the years. (DesignSwarm)

Tado raises $50M in round that includes Amazon: Tado, which is a European thermostat company, has raised $50 million, bringing its total funding to $102 million. The company was an early player in the smart home and has plans to not only save consumers money on their heating and cooling, but also hopes to help utilities handle demand. Amazon’s participation is noteworthy because it already has an investment in Ecobee, a Canadian smart thermostat maker. Typically venture firms don’t invest in competing businesses. However, it could be a signal that heating and cooling is such an integral part of Amazon’s Alexa strategy that it can’t afford to follow the traditional playbook. (TechCrunch)

There are bugs in my FreeRTOS! Researchers have found 13 vulnerabilities in popular embedded operating system FreeRTOS, including a few that affect the TCP/IP stack. The bugs could let an attacker access the device and grab data from memory. It could also allow for a device to take over. The good news is that FreeRTOS has been patched, but the bad news is there are likely still devices out there running older, unpatched versions. (Zimperium)