This week’s podcast starts off with the launch of the Tuya Wi-Fi 6 modules, which will bring features of Wi-Fi 6 to IoT devices. Keeping on the Wi-Fi theme, we also discuss the new Shelly Wi-Fi motion sensor. We then talk about the new Raspberry Pi Pico, and the Raspberry Pi Foundation’s first custom chip before delving into Bosch’s win with AIoT. In consumer news, we cover rumors of an Amazon wall-mounted display and Fitbit’s addition of glucose monitoring. Then we explain why Renesas is buying Dialog Semiconductor, new funding for SecuriThings, and a big round for IoT security company Armis. We end by answering a listener question about Wi-Fi 6 for IoT devices, which brings the show full circle.

This week, our guest is Beau Woods, a cybersecurity expert who came on the show to discuss this week’s hack of a water treatment plant in Florida. He lays out the hack and lets us know whether we should freak out or not. After discussing that particular hack, we dig into the nature of threats facing the IoT and how the landscape has changed in the last four years, touching on ransomware, the new IoT Cybersecurity Act, and more secure chips. We end with Woods promoting his upcoming book, Practical IoT Hacking, which will teach readers how to hack IoT devices and help the non-technical get a sense of the types of threats they need to consider as they design their products. Enjoy the show.
I agree that the Oldsmar, Florida hack was more of an IT issue than IOT issue. Although I am surprised that the control system would permit a set point entry that would endanger the public. One would think they would enforce limits in either the interface system or the controller software to prevent any person to enter a dangerous command, irregardless if it was done through accident or malice.
The secondary sensors that would have detected and alarmed based on the the increasing level of Sodium Hydroxide is really meant for the scenario where a control valve failed to close properly or a manual bypass was left open. It should only be relied on to detect incorrect data entry as a last resort.
I agree with the above comment. The “rogue value” should have not been accepted by the user interface. This is just poor programming. If there was ever a reason to type in a value that high, it should have required a supervisor’s password. This is control systems 101 stuff.
My personal opinion is that the hacker was either an employee or a vendor that was pointing out the bad design in the system. A true hacker would have change the PLC program that actually does the control, like the Stuxnet virus.
The description by the guest of the sensor being redundant is just wrong. The sensor (in this case pH) is the control point–not a redundant sensor. Redundancy would be having two pH sensors. His description of this being “good design” is also wrong. It is the only design for a water treatment plant.
He is correct in that it would have been self correcting since the point of the control system in water treatment is to maintain a pH setpoint. However, it would have taken some time to reduce the amount of lye being introduced into the system.