The European Union is proposing new data regulations aimed at making it hard for companies to collect and use data as a barrier to competition. We talk about what it might mean for the IoT and Kevin also proposes that we think about regulations for using data collected by robots. We then dig into research from the PSA Certified organization that lays out how executives are thinking about IoT device security. Then we tackle smart speaker research from Omdia. In funding news, we discuss a $38 million raise for startup Phosphorus Cybersecurity and $58 million in growth capital for Federated Wireless and its peer-to-peer 5G network for IoT. In subscription news, we review some comments from Peloton’s new CEO Barry McCarthy who is rethinking the relationship between Peloton’s hardware and subscriptions. Peloton is also cutting off its Apple Watch integration for users participating in the new Lanebreak game. In smaller news, we talk about funding for a smart rower, we review the Eve Motion Blinds, and mention the new Eve Water Guard leak detection sensor. We also went back to last week’s IoT Podcast hotline to redo our answer to a question about connecting outdoor heaters to the internet.
Our guest this week is Joe Britt, CEO of Afero who is on the show to talk about securing IoT devices and the work his company has done with Home Depot. The home improvement retailer chose Afero to build out its custom app to control HomeDepot-branded products such as light bulbs, fans, and more. Britt explains what Home Deport was looking for and what he’s learned from his experience in the last eight years of working with IoT products. Britt, who was a founder of Danger, lays out the ways IoT platforms differ from traditional computing platforms and explains what companies with unsecured devices should do with them. Enjoy the show.
Hosts: Stacey Higginbotham and Kevin Tofel
Guest: Joe Britt, CEO of Afero
Sponsors: Somfy and Pantacor
Has there been a documented hack through non-ip based smart home devices like Z-wave and Zigbee devices? Not necessarily the various hubs and smart controllers that are IP based? I wonder about the security risks of Wifi devices and even future thread based products that are each IP addressed and exposed. Will that inexpensive lightbulb provide a easy back door to the rest of our networks?
On that note, has Wink, Smart things, Hubitat, or other smart hubs been breached?
Wink has had vulnerabilities, and we’ve seen exploits that target ZigBee and Z-wave networks.
Back in 2018, security researchers found a total of 20 vulnerabilities in the smartthings hub which could have caused severe breaches, including the ability to unlock a lock. These were reported to Samsung, who changed the security methods of the hubs and updated them with a firmware update. It was considered a pretty big deal at the time.
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html
Interesting. But that was still vulnerabilities in the Smart Things hub the various bulbs and plugs on the zigbee and zwave network.