Bronco Webinar 800x100 1
Semiconductor Expert Forum

Posted on

New Cortex-M7 Chip to Help Power Sophisticated IoT Solutions

New Cortex-M7 Chip to Help Power Sophisticated IoT Solutions
by Tom Simon on 11-01-2016 at 4:00 pm
Categories: Arm, Foundries, IoT, IP, Mobile, STMicroelectronics

IoT architects face a dilemma in partitioning the compute power of their systems between the cloud and the edge. The cloud offers large storage and heavy duty compute power, making it an attractive place to perform the computation needed for IoT tasks. However, moving large amounts of data from the edge to the cloud servers, can easily swamp the available bandwidth. Plus, moving data can be power intensive, in and of itself. In addition, many IoT applications need lower latency than can be achieved by relying on cloud compute resources for executive actions.

Originally, IoT end point devices sported small MCU’s like the ATMEL AVR series, but the demands on these devices quickly swamped their capabilities. As a result, a new class of processors was spawned, most notable of which is the Cortex M family. The Cortex-M0 is an energy sipping processor ideally suited for low power IoT applications. Just the same, sensor fusion and increasing complexity have created the need for significantly more powerful processors. The Cortex M family now spans from the M0, to the M7 – a formidable processor with very advanced features.

The M7 was introduced in 2014, and many foresaw that it would bring extremely high performance and security, with low power draw. One of its major features is a superscalar architecture with a 6 stage dual issue pipeline which provides faster instruction execution – almost 2X the M4. It offers more options for memory configuration and can run at higher speed than its predecessors.

The fulfillment of the promise of a core delivered by ARM depends heavily on the specific implementation. ST has embraced the ARM Cortex M series with its STM32 family of microprocessors. Their first one was the STM32 F1 in 2007. Over the years they added many more. One of these was a Cortex-M7 implementation – the STM32 F7, but they just added a new high performance processor to their lineup.

I had a chance to visit the ST booth at the ARM 2016 Techcon in Santa Clara, where ST was demonstrating their new STM32 H7, which is their Cortex M7 implemented at 40nm. This node was chosen for its Flash memory process and higher speeds relative to the previous 90nm F7. The results are impressive.

Just looking at the processor, we can see that it achieves a very high score of 2010 on the CoreMark benchmark. This is double what the STM32 F7 delivers. Even more impressive is that the chip only requires 278uA/MHz, half of the F7 consumes. This is important because the STM32 H7 now makes more complex computation possible in edge devices, while also permitting longer battery life.

But processor speed and efficiency are only part of the picture. ST has designed the H7 with three power domains to allow flexibility in power management. Unused domains can be shutdown to save power. The 40nm process node offers dynamic voltage scaling. Below is a diagram that shows the power domain partitioning.

The STM32 H7 is not lacking in security features either. Edge nodes in the IoT present a higher potential security vulnerability than physically secure sever and hub devices. To deal with this, secure boot and code security are necessary. Also software updates need secure validation to deter malware and tampering. The STM32 H7 is designed to deal with eavesdropping, server spoofing, and fake devices.

ST has included secure memory for the system and application usage. There are embedded and protected cyptographic keys. To facilitate secure communications, the H7 adds a cryptographic HW accelerator, a hashing accelerator and a true random number generator. For code security there is flash memory read and write access protection, a memory protection unit and tamper protection.

At ARM Techcon I was able to watch the demo they provide with the development boards. On a small LCD touch screen they were running 4 concurrent videos using hardware acceleration. They also showed me another impressive demo that highlights their double precision FPU capabilities.

The smaller of the development boards looks something like an Arduino board with the standard Arduino IO pins. The larger board has a large number of interface options including video, networking and much more. The device is pin compatible with its predecessor. The software development ecosystem of development tools and libraries is comprehensive. Many high level interfaces are available for peripherals to make development easier and more efficient. Below is an overview of the ecosystem

There is a lot more about the STM32 H7 that makes it very compelling for IoT developers besides its high performance. I’ve not even touched on the extensive device and protocol support built in to the device. I’d encourage you to dig deeper by looking at the ST website.

Posted on

IoT From SEMI Meeting: EDA, Image Sensors, MEMS

IoT From SEMI Meeting: EDA, Image Sensors, MEMS
by Daniel Payne on 11-01-2016 at 12:00 pm
Categories: EDA, IoT, Siemens EDA, Tanner EDA

Last Friday I learned something new about IoT by attending a SEMI event in Wilsonville, OR just a few short miles away from where I live in Tualatin. SEMI puts on two events here in Oregon each year, and their latest event on IoT Sensors was quite timely and popular judging by how many attendees showed up. First up was Jeff Miller from Tanner EDA, now owned by Mentor Graphics.
Continue reading “IoT From SEMI Meeting: EDA, Image Sensors, MEMS”

Posted on

The challenge of insecure IoT

The challenge of insecure IoT
by Bernard Murphy on 11-01-2016 at 7:00 am
Categories: Arm, IoT, IP, Security

An attack on Dyn (a DNS service provider) through a distributed denial of service (DDOS) attack brought down Github, Amazon and Twitter for a while and is thought to have been launched through IoT devices. Hangzhou Xiongmai, a provider of webcams and the most publicly pilloried source of weakness in the attack is now recalling all its webcams in the US.

The problem, per one review, is that devices were all shipped with the same default credentials (login and password) and worse yet these were hardcoded into the firmware and not possible to change using software provided with the system. Further, the web interface for these devices either doesn’t check for credentials, or that check is easily bypassed. For this class of web weaknesses, it is believed that over half a million devices today are more or less trivially vulnerable. Which equally means that it can be rather easy not only to compromise a device but also to build botnets to launch DDOS attacks against whatever targets you want. To get a sense of hacker enthusiasm for this area, google “uc-httpd”.

I’m guessing that some of the problem here is cost for the supplier – small margins don’t encourage significant investment in security. Some is probably lack of sufficient security understanding – “yeah, we got security features”. (A frightening number of engineers have told me that having a cryptography core in their design means they’ve taken care of security.) And some probably has been a lack of standard idiot-proof security platforms.

The ARM Corelink SSE-200 subsystem, together with mbed and mbed Cloud, could go a long way to providing the idiot-proof part of a solution, since that takes away from the supplier control of credential management, among other security-related features. Of course the consumer of a webcam would have to do a little cloud work to establish their device with validated credentials but that doesn’t seem like it should be too onerous.

But meantime there are 500k easily-hacked devices out there. It also seems improbable that at least some suppliers won’t continue to cut some corners, or simply take time to come up the security learning curve. There will likely be a lot of potentially hostile devices in the IoT for some time. A tricky problem here is that the threat posed by such a device is not necessarily to the owner since DDOS attacks simply use devices as launch points to attack some other target. The owner may not be aware, or if aware may not care that their device is part of a problem.

So while it is important to protect devices and their link to the cloud, in some sense it is also important to protect “the system”. The network has to be protected because your well-protected, fully credentialed device can still be rendered effectively inoperative if network traffic is swamped by a DDOS attack. And devices within the network have to be protected because if even one is a little weak, an attacker can exploit that weakness to gain privilege, from which they can then run rampant through the network. Paradoxically, this becomes even easier if nodes in the network are based on a common architecture.

Point being, while it is important to have solid protection for a device and its connection to the cloud (as provided by the ARM IoT integrated solution), it’s also important to think about system-level defenses which can isolate/disable distributed attacks and compromised devices. You can read a quick version of the Xiongmai role in the Dyn attack HERE and a little more technical detail HERE.

More articles by Bernard…

Posted on

Behind the 3DEXPERIENCE for Silicon

Behind the 3DEXPERIENCE for Silicon
by Don Dingee on 10-31-2016 at 4:00 pm
Categories: Dassault Systemes, EDA

We’ve been covering the Dassault Systèmes “Silicon Thinking” platform for a while here, but, as I’m often prone to do, I wanted to explore the backstory to uncover more about the concept. With over 25M users of their product lifecycle management (PLM) solutions, why is Dassault Systèmes becoming so interested in semiconductor EDA? Continue reading “Behind the 3DEXPERIENCE for Silicon”

Posted on

Short History of the Fourth Industrial Revolution

Short History of the Fourth Industrial Revolution
by Bill McCabe on 10-31-2016 at 12:00 pm
Categories: General

In 2016, many companies are using Industry 4.0 as a buzzword. This doesn’t mean that the old industry has been revolutionized into a new version. On the contrary, this is an extension of what has currently existed, with the dawn of the modern variation arriving about 2010 in Germany.

While the first reference to Industry 4.0 would not occur until 2011, the German Federal Ministry of Education and research began to explore the various trends that were taking place. They wanted to identify things in high level technology that could help to improve the world and boost technology. This would allow those seeking future employment in the industrial sector to have a simplified work experience while allowing us to do more in a fraction of the time.

By 2012, the Germans had collected a great deal of research and they used this information to hold the first presentation. As part of this presentation, they took the smart factory setting and began to showcase some of the potential that was there. This allowed potential customers and industry professionals to gain a deeper understanding of what all was possible. Now machines could almost think and react to real life situations in order to boost effectiveness and help to make the industry more incredible than ever before. The German government was thrilled with the results and they began to boost funding to the research in the hopes it would advance their country and help them to become a front runner during the Industrial Revolution.

Once the research was determined and there was an understanding that the internet was far more powerful than originally believed, the incorporation of information relay over the internet helped to further propel the internet of things, which was already gaining significant prominence in other countries at this time. Funding was not at a new high through Germany’s manufacturing industry and the invention of the process was solidifying. It was at this time that the Platform of Industry 4.0 was introduced. But it was still a ways from where we find Industry 4.0 today.

In 2014, companies outside of Germany began to step in. There was more virtulization and input from neighboring countries, so that effective work solutions could be created. Decentralization became a key component for the process, and ensuring that digital manufacturing would ultimately benefit from the new processing the most. This is the point where the internet of things became perfectly aligned with the industrial revolution and a sweet harmonious union was formed.

Further evolution occurred as new things began to appear thanks to the research and development that has taken place during the fourth industrial revolution. This includes advanced medical technology, effective cost saving mechanics for production plants and so much more. This is an exciting time in our world to be alive and witness the incredible changes that are taking place.

This is the 1st in a Series – be on the lookout for additional articles on this topic.

For more information about us check out www.internetofthingsrecruiting.com

Also read: Manufacturing Singularity is Comng!

Posted on

CEO Interview: Taher Madraswala of Open-Silicon

CEO Interview: Taher Madraswala of Open-Silicon
by Daniel Nenni on 10-31-2016 at 7:00 am
Categories: CEO Interviews, IoT, Open-Silicon, Semiconductor Services

Taher Madraswala started his career at Intel designing microprocessors and later overseeing ASIC development before joining Open-Silicon at its inception. During his 25 year semiconductor career Taher has experienced more than 300 tapeouts across a wide variety of applications.

Today Open-Silicon applies an open business model that enables the company to uniquely choose best-in-industry IP, design methodologies, tools, software, packaging, manufacturing, and test capabilities. The company has partnered with over 150 companies ranging from large semiconductor and systems manufacturers to high-profile start-ups, and has shipped over 120 million ASICs to date.

How do you view the current state of the ASIC market?
We believe we are at a real crossroad of choices that the industry will make on custom silicon. While Networking, Telecom, Storage and Computing (NTSC) applications are pushing the performance envelope with leading edge process technologies, mixed signal/ IoT applications are leveraging the mature process technologies that are optimized for low power applications. Even though many platform designers will want to create a differentiation with custom hardware, the rising cost of masks and wafers may make them rethink. However, ASIC enabled product differentiation provides a competitive advantage for many applications. Those who run the race of performance, power and product differentiation to distinguish their solutions will continue investing in ASICs.

What do you see as barriers to growth and innovation?
Lack of appetite to fund new architectures in silicon and a shrinking ecosystem of IP providers. To overcome this barrier, Open-Silicon has joined forces with Silicon Catalyst, which is an incubator for semiconductor solution startups to enable them to increase silicon innovation opportunities and pursue big ideas at a much lower cost through strategic partners. Reducing upfront costs enables startups to become higher value investments. Follow-on funding then leads to true innovation and value creation.

What kinds of design/technology innovations do you think are the biggest game changers, and why?
There are two. One is ASIC development platforms. These platforms can speed custom design while retaining the ability to differentiate. Creating ASIC platforms requires thinking like a system company, or even like a startup, and requires the consideration of end use cases.

The other is packaging technology, specifically system in a package (SiP) and 2.5D. These will have a large impact on the future of our industry by creating a new wave of system integration techniques that will exploit the benefits of the footprint compression that these packaging technologies provide.

How is Open-Silicon helping to bring these innovations to fruition?
We are investing in ASIC development platforms for emerging applications. Our Specification-to-Chip IoT ASIC Platform is a perfect example.Open-Silicon’s IoT platform includes pre-designed Register-Transfer Level (RTL) field-proven components along with a support ecosystem of software and services for a variety of protocols, operating systems and analytics. The design is scalable and allows for variations in hardware/software partitioning, as well as the integration of custom IP. With the hardware blocks already designed and the associated software already developed, the project can begin at a point that is months ahead of a full custom design.

We are also aggressively investing in solving the die-to-die and processor-to-memory links with internally developed IP, such as our High Bandwidth Memory (HBM) total solution and interposer technology development to support the SiP and 2.5D technologies.

Open-Silicon provides full turnkey ASIC solutions translating customer ideas into real silicon. Why is this significant?
The industry is transitioning very quickly from innovating at the hardware level to innovating at the application level. By providing expertise that can translate ideas into real silicon, we encourage and help innovators spend more of their time in listening to their customers rather than building and managing infrastructure to implement their ideas. From self-driving cars to virtual reality, the inventors and idea managers should invest their time into defining ground-breaking concepts. We want to help revive innovation by allowing dreamers to think and envision, rather than just manage.

What advancements in technologies, like 2.5D and HBM, is Open-Silicon working on that you would like to share with SemiWiki subscribers?
Open-Silicon made an early investment in 2.5D, which has allowed us to offer an ASIC package with integrated 3D memory stacks using silicon interposer 2.5D technology. The result is higher performance, lower power and a smaller form factor system — a three-way win. 2.5D and 3D stacking creates ways to mix and match chip components, meaning products can be divided into multiple dies. Some functions can be at a less expensive process node, or mixed with other functions that require a high frequency and/or low power.

Another significant advancement is Open Silicon’s HBM IP subsystem, which enables 1024-bit wide memory paths to ASICs using a 2.5D SiP solution. ASIC applications in networking, deep learning, virtual reality, gaming, cloud computing and data centers can improve their access to memory by applying this HBM SiP approach along with the necessary IP and JEDEC-compliant HBM memory chips, which come in stacked-die 3D versions.

What advice would you give to students or to those just entering the field of chip design engineering?
This is one of the most exciting times to be innovating with semiconductors. Never has there been more focus on the ability to interface machines with human users. Mega-trend opportunities in IoT, biotech, wearables, energy, autonomous vehicles and mobile will all have new semiconductor innovation at their core. You are joining a workforce that will continue to profoundly change the lives of humans, and that is both exciting and extremely rewarding.

Also Read:

CEO Interview: Simon Butler of Methodics

CEO Interview: Charlie Janac of Arteris

CEO Interview: Marie Semeria of LETI

Posted on

3 Steps To Choosing The Right IoT Vendor

3 Steps To Choosing The Right IoT Vendor
by Padraig Scully on 10-30-2016 at 8:00 pm
Categories: IoT

There are thousands of contrasting IoT vendors in the market today. A strong push from hardware companies, communication providers, independent software vendors, system integrators, startups and IoT cloud platforms (of which there are360+ competing providers in this market alone) has resulted in a complex and confusing market. As a result, it can be difficult for an OEM to evaluate which IoT vendor is the best fit for their connected solutions. But this is a very important decision that will shape an OEMs’ IoT journey as they will likely be reliant on that vendor for years to come.

The process of identifying the right IoT vendor was recently analyzed as part of an industry white paper we published with the title “Guide to IoT solution development”. In the white paper, we discuss the IoT Solution development process across 5 major phases:

[LIST=1]

  • Business case
  • Build vs. Buy Decision
  • Proof of Concept
  • Piloting
  • Commercial Deployment

    According to the paper, there are three important steps to choosing the right IoT Vendor:

    [LIST=1]

  • Mapping the engineering requirements
  • Deciding on build vs. buy
  • In case of buy: Selecting the actual vendor

    1. Requirements Engineering– Understanding what is needed for your IoT Solution.
    Assuming you have nailed the business case (i.e., you have a clear vision for your IoT solution) and have double checked the basic assumptions (i.e., expected ROI) for your business case you will need to formalize your engineering requirements. This is necessary (at least on a high level) so that you can craft the right IoT initiative for your organization, perform the Build vs. Buy decision and consult the right vendors or partners.

    a). Asking the right questions
    Firstly, you should come up with answers to operational questions such as:

    • What end points will provide the data?
    • What data points should be collected?
    • Which analyses will generate strategic insights?
    • Which enterprise systems need to be connected?
    • What services do I need to offer?

    IoT needs to be thought through from end-to-end or device-to-cloud. Keep in mind that the true value of IoT solutions resides in the data generated by your connected products – from which you derive actionable intelligence and feed timely insights back into products, processes, and operations to transform the entire business.

    b). Mapping the requirements by area
    As a second step, you should make a rough draft of your end-to-end solution according to 5 distinct layers: 1. Device, 2. Communication, 3. Cloud Services, 4. Applications, and cross-layer 5. Security. (For more details on the 5 layers see our white paper). For each component ask questions such as: Do we have the technology expertise in-house? Can we keep pace with the technology evolution and future customer requirements?

    For example, it is important to know how much data will be generated, in which form and how fast it will be retrieved. This will determine which kind of database and storage solution is required and whether you will be able to build this on top of your existing data infrastructure or not.

    2. The Build vs. Buy decision
    After assessing the engineering requirements, you need to decide which components of the solution you want to build from scratch. In many cases, it is beneficial to work with existing solutions by third-party vendors i.e., out-of-the-box solutions.IoT projects increasingly rely on existing out-of-the-box solutions

    The paper highlights that recently more and more IoT projects rely on existing out-of-the-box solutions.

    WHY COMPANIES GO WITH “OUT-OF-THE-BOX” SOLUTIONS
    Benefits & Reasoning:

    • Quicker Time To Market — Critical infrastructure in place by default.
    • Access to crucial skills — Readily available partner network with expertise across domains.
    • Secure by design — Secure development lifecycle builds in security from outset
    • Optimized to work with wider ecosystem — Aligned with industry standards across partner ecosystems e.g., IIC
    • Scale with ease — Modularized and optimized for large scale deployments
    • Enable a more end-to-end offering — Multiple parts work together from one vendor e.g., OS, Cloud, Analytics

    Before deciding to go with an out-of-the-box solution, companies should however evaluate the related costs as well as the threat of becoming “locked-in”. Being “locked-in” with the wrong vendor may strip away certain degrees of freedom in the overall solution or lead to uncontrollable support, maintenance and customization costs in the long run.

    Most vendors offer the ability to perform an initial pilot trial. While companies may initially test some features for free, it should be noted that a certain budget needs to be planned in for the pilot phase as some integration effort and data modelling is always necessary to get the pilot project up and running.

    3. The vendor selection
    There are numerous reasons to choose one IoT solution vendor over another. In an industry survey we asked 144 companies currently building IoT Solutions: Which vendor is primarily in the lead to co-ordinate your IoT solution development?

    Most companies looking to IoT Cloud Platforms for solution development:

    The analysis shows that most companies developing IoT solutions see IoT Cloud / Platform companies in the lead (29%). While 21% of respondents see no vendor in the lead, instead they are building in-house. (See Exhibit). However, finding the most suitable IoT Cloud / Platform vendor is difficult with hundreds of competing providers in the market today.

    One should also note, at this point (Q3/2016) there is no single IoT vendor that can provide the complete end-to-end out-of-the-box solution. However, as our 2016 IoT platforms market report verifies some companies offer more than others and together with their partner ecosystem some can provide complete end-to-end IoT solution support.

    Comparing key IoT Solution vendors
    Correctly assessing the capabilities of each possible vendor against your requirements definition is crucial for your selection. While there are hundreds of existing Enterprise IoT projects, the use case at hand determines your solution requirements, the vendor selection process largely depends on the components the vendors offer and how they fit into your solution.

    To assist companies in better understanding the offerings of IoT Solution Vendors, we showcase a high-level comparison of 8 major IoT solution providers including Microsoft, Amazon, IBM, Intel, GE, Google, PTC and SAP.

    The complete comparison as well as other best practices for OEMs, ODMs, and device manufacturers on how to transform their companies and build solid IoT Solutions can be found in the “Guide to IoT solution development” which is available for download free of charge.

    More IoT Articles on SemiWiki!

    • Posted on

    The IoTrojan Horse – an army of toasters

    The IoTrojan Horse – an army of toasters
    by Bill Montgomery on 10-30-2016 at 4:00 pm
    Categories: IoT, Security

    Most everybody is familiar with the term Trojan Horse, drawn from Greek mythology. It’s a tale from the Trojan War where, after a fruitless 10-year attempt to capture the city of Troy, the Greeks constructed a huge wooden horse, left it outside the city walls, and then sailed away, seemingly accepting defeat. The Trojans were elated, celebrated, and pulled the horse into Troy, as a victory trophy. Unbeknownst to them, the massive horse was filled with Greek soldiers.

    During the night, the Greek force crept out of the horse, and opened the gates for the rest of the Greek army, which had sailed back under cover of night. The Greek army entered and destroyed the city of Troy, decisively ending the war.

    Flash forward to 2016.

    In an insightful article (read it here) published this past February by Popular Science, Kelsey D. Atherton wrote, “About two and a half centuries after America declared independence, over 150 years since the end of the Civil War, and 66 years since the Soviet Union became the second country in the world to possess nuclear weapons, the greatest threat the intelligence community sees facing the United States is Wi-Fi-enabled toasters. No really.”

    Atherton’s article has proven to be prescient. Atherton’s toaster is just one of hundreds of millions of like devices – soon to be billions – that are permeating our lives on myriad levels. And last week, routers, DVR’s and IP cameras – basically millions of unprotected internet-enabled devices, joined forces at the direction of a bunch of amateur hackers – and launched a crippling DDoS attack against Dyn Inc. The IoTrojan Horse attack created overwhelming traffic to a number of high-level domains, such as Twitter, Amazon, Netflix and PayPal, effectively shutting them down. (read about it here).

    I can almost hear the folks in Hollywood noodling over this one. Let’s see. We’ve made Bad Teacher, Bad Grampa…hmm…how about Bad Toy Story? Or maybe Bad IoToy Story?

    Only this movie wouldn’t be engaging, or uplifting or funny. It would be a tragedy – a tragedy that is on the verge of happening in real life.

    How can this be? There are many reasons but one that is most apparent is the lack of standards within the IoT sector.

    Standards – a necessary evil then. A mission-critical requirement now.
    Standards bodies are typically packed with representatives from governments and enterprises, and their decisions are mostly based on politics and their respective agency or company interests. The process at arriving at standards has always been time-consuming and laborious, but in essence, it worked. Mostly because time was never a consideration in reaching global consensus on things like EDI standards. When they happened, they happened.
    Not today. Today, time is of the essence and procrastination is only going to make matters worse. With no standards to adhere to, companies worldwide are rapidly rushing IoT products to market for fear of losing out on the predicted IoT gold rush. Just check out the list of manufacturers (here) whose devices were conscripted to attack Brian Krebs’s KrebsOnSecurity website. It’s absolutely ridiculous that this has been allowed to occur.
    Things have to change, and fast.

    Cyberwar Measures Act – a radical approach to a dangerous problem
    In 1970, Canada’s Prime Minister, Pierre Elliot Trudeau, invoked the War Measures Act in response to the FLQ’s (a terrorist group bent on independence for the Province of Quebec) kidnapping and murder of Pierre Laporte, a senior elected official. The Act gave the government sweeping powers, allowing it to arrest and detain anyone they believed was affiliated with the FLQ. While controversial at the time, the desired effect was realized. A second kidnapped victim, a British diplomat was released, and the Act effectively squashed the FLQ’s efforts to break up the country.

    The US and indeed the entire world is in a similar state of crisis with far more dire consequences, and I feel strongly that it’s time to dispense with the slow, plodding standards-based way we deal with change in our connected world in favour of dramatic actions which will rapidly protect us from future attacks.

    Furthermore, while we are wont to blame North Korea for the Sony hack, Russia for email hacks, or other nations for the attacks on our connected world, the sad reality is that the doors are so wide open that clever kids in their parent’s basements in any part of the world could be launching IoT-driven cyberattacks.

    So, what should we do?

    Invoke a Cyberwar Measures Act approach.

    First, governments everywhere should steadfastly refuse to allow importation of any connected products that have hard-coded passwords (firmware) that cannot be changed, and those which do not enforce strong password setting at time of installation.

    Second, every IP address that was used in the Dyn attack should be disabled, and any of the things, which were connected at those IP addresses, which cannot be secured as described above, should be denied reconnection.

    Third, the remaining IP addresses with known to be insecure ‘things’ connected (devices similar to those used in the recent DDoS attacks), should also be disabled.

    Fourth, let’s immediately ban the importation of the devices that Brian Krebs revealed were used in that particular IoT DDoS attack, putting the onus on the manufacturers to prove their devices are sufficiently secure before reinstating them as IoT safe manufacturers.

    The IoTrojan horse has arrived, but unlike the citizens of the city of Troy, we can still win this battle if we act quickly.

    Governments of the world, are you listening? It’s time to step up and do what you are meant to do…serve and protect the citizens of your respective nations.

    Also Read:     Top 5 Things to Know About Recent IoT Attacks

    Posted on

    Top 5 Things to Know About Recent IoT Attacks

    Top 5 Things to Know About Recent IoT Attacks
    by Matthew Rosenquist on 10-30-2016 at 12:00 pm
    Categories: IoT, Security

    Recent internet attacks resulted in popular sites becoming unreachable, such as Twitter, Etsy, Spotify, AirBnB, Github, and the New York Times. These incidents have brought to light a new threat to online services: Internet of Things (IoT) botnets. Distributed Denial of Service (DDoS) attacks have been commonplace for over a decade but rarely been too troublesome. For the past several years’ network providers’ security services have been able to absorb such attacks to keep online properties available. But the game has now changed.

    In essence, when a number of devices can be controlled to simultaneously flood a destination with network requests, the target becomes overloaded and legitimate requests cannot be processed. Traditional network filters are smart enough to recognize a handful of systems attempting this malicious behavior and simply drop all requests from them. But when thousands of different systems mount an attack, the normal filters fail to recognize legitimate from malicious traffic and the availability of the system crumbles.

    Cybercriminals and hacktivists have found a new weapon in this war, the Internet of Things (IoT). Billions of IoT devices currently exist and can be as small as a piece of jewelry or larger than a tractor. They all have one thing in common, they connect to the Internet. This has tremendous benefits as people can monitor their home with cameras from afar, check the contents of their refrigerator while at the store, and do a myriad of other great things with these connected beneficial gadgets. We cannot forget however; these are just tools. They can be wielded for good or employed for malice. To hackers, each one of these devices is a potential robotic soldier, which they might be able to recruit into their bot-army.

    The most recent attack, against a major DNS provider has highlighted this very fact to millions of Internet users. Botnets containing tens or hundreds of thousands of hijacked IoT devices can bring down major pieces of our beloved Internet. There is a lot of hype, fear, and speculation bubbling out of the shadows. We are at a tipping point. IoT devices now represent a new and formidable threat. The next few months will be telling. For now, let us cut through the hype and understand the important aspects of recent IoT DDoS attacks.

    Here are 5 things you should know about the recent IoT attacks:

    1. Insecure IoT devices pose new risks for everyone. For every IoT device which can be hacked, it is another soldier in a botnet army which could be used to bring down important parts of the Internet. Such attacks can interfere with your favorite sites for streaming, social media, online-shopping, banking, etc. If you own such weak or poorly configured devices, then you could be contributing to the problem.

    2. IoT devices are valuable to hackers and they won’t give them up without a fight. Although these attacks, with malware like the Mirai botnets, are simple in nature, they will evolve as quickly as they need to for the attackers to remain in control. IoT devices are hugely valuable to hackers, as they empower them to conduct devastating DDoS attacks with little effort.

    3. DDoS attacks from IoT devices are severe and tough to defend against. Identifying and filtering out attacks from a handful of systems is easy. When faced with tens or hundreds of thousands, it is near impossible. The amount of resources needed to fend off attack is tremendous and costly. A recent attack to knock Brian Krebs’s security-reporting site offline, resulted in Akamai’s vice president of web security to state “If this kind of thing is sustained, we’re definitely talking millions” of dollars in cyber security services to keep the site available. That is powerful. Look for attackers to not give up easily. These always-connected devices are perfect for DDoS botnets.

    4. Cybercriminals and hacktivists are driving these attacks. There is speculation and fear that nation states are behind the latest string of attacks. That is highly unlikely. Authors of Mirai, one of hundreds of botnets, voluntarily released the code to the public, something a professional government offensive team would never do purposefully. However, it is a good bet that after witnessing how powerful IoT botnets are, nation states are probably working on similar strategies but with much more advanced capabilities. In the short term, cybercriminals and hacktivists will remain the main culprits of these attacks. Over the next few months, expect criminals to find angles which they can make a financial profit, like extortion.

    5. It will get worse before it gets better. Unfortunately, most of IoT devices that have been deployed to date, lack strong security defenses. The ones being hacked now are the easiest, with default passwords that are published for anyone to lookup. Hacker software simply connects and logs into the device, unless the owner has gone out of their way to change the default password. Unsurprisingly, most have not taken this important step. Instantly, the attackers have another soldier to do their bidding. In order for this situation to get better, several aspects must be addressed. Devices must be designed with security in mind, configured properly, and managed to keep security updated. This will take both technical and behavioral changes in the long-run to keep pace with evolving hackers.

    Also read: How to Secure the Future of IoT
    Hacking IoT devices is now a problem for everyone. Due to the ease of compromise and massive numbers of IoT devices which are connected to the Internet, cybercriminals and hacktivists have a vast resource to fuel powerful DDoS campaigns. We are just starting to see the attacks and issues around IoT security. It will continue to be a problem until more comprehensive controls and behaviors make us all more secure.

    Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

    Also read:How to Secure the Future of IoT