Subscribe to

Blogs

Security threats to wireless alarms?

 - 
Wednesday, July 30, 2014

Tech publication Wired magazine may not focus too closely on alarm monitoring or residential security, but it does devote a good deal of ink to assessing network security threats, no matter what the context.

Just last month a writer for the magazine, Mat Honan, painted a funny dystopian sketch of the connected home in revolt, commandeered by morally wayward hackers on some perverse quest for Internet notoriety. Identifiable only by screen names evoking bad cyberpunk films from the 90s, these lonesome code junkies are intent on doing everything from dousing homes by activating sprinkler systems to invading your privacy in all the imaginable ways in a home amply stocked with network cameras.

The piece, titled “The Nightmare on Connected Home Street,” is of course meant to be hysterical: The narrator is jarred awake at four a.m. by the blaring pulse of dub step music exploding from his connected pillow. The vignette ends, a few hours later, with a bare and awesomely memorable paragraph: “The skylights open up. The toaster switches on. I hear the shower kick in from the other room. It’s morning.”

It’s all just a thought experiment, but the piece is entertaining and well worth a read.

Interestingly enough, about a month later, Wired turned its attention to security again, this time focusing on concerns that, surprisingly, have nothing to do with Internet connected devices. This time, the article dealt with security vulnerabilities related to wireless home alarms, which, according to a pair of researchers cited in the article, could be comprised—the alarm being either suppressed (via “jamming”) or made to deliver false signals. The researchers found identical problems with a number of brands.

The issue, according to the report, has to do with radio frequency signals. While the conversation is understandable for a layman, it can seem a bit arcane. In sum, the researchers found that the systems “fail to encrypt or authenticate the signals being sent from sensors to control panels,” according to the report, “making it easy for someone to intercept the data, decipher the commands, and play them back to control panels at will.” Would-be malefactors, the report says, can do this relatively easily.

The researchers cited in the article—Logan Lamb and Silvio Cesare—plan to present their findings at the Black Hat security conference, a computer security conference held in Las Vegas next week. I’m eager to here more about their findings and to see what kind of impact the research could have.  

Are wireless home systems vulnerable?

 - 
Wednesday, July 30, 2014

Tech publication Wired magazine may not focus too closely on alarm monitoring or residential security, but it does devote a good deal of ink to assessing network security threats, no matter what the context.

Just last month a writer for the magazine, Mat Honan, sketched a funny, dystopian picture of the connected home in revolt, commandeered by wayward hackers on some perverse quest for Internet notoriety. Identifiable only by screen names evoking bad cyberpunk movies, these lonesome code junkies are intent on doing everything from dousing homes with sprinkler systems to invading your privacy through in-home network cameras .

The piece, titled “The Nightmare on Connected Home Street,” is supposed to seem nearly implausible. The narrator is jarred awake at four a.m. by the pulse of dub step music exploding from his connected pillow. The piece ends, a few hours later, with the bare and awesomely memorable paragraph: “The skylights open up. The toaster switches on. I hear the shower kick in from the other room. It’s morning.”

It’s all just a thought experiment, of course, but the piece is thought-provoking and well worth a read.

Interestingly enough, about a month later, Wired turned its attention to security again, this time focusing on vulnerabilities that have nothing to do with IP devices. This time, the article dealt with security concerns related to wireless home alarms, which, according to a pair of researchers cited in the article, could be compromised—the alarms either being suppressed (via “jamming”) or made to deliver false signals. The researchers found identical problems among a number of brands.

The issue apparently has to do with radio frequency signals. While the conversation is understandable enough for a layman, it can drift into the arcane. In sum, the researchers found that the systems “fail to encrypt or authenticate the signals being sent from sensors to control panels," the report said, “making it easy for someone to intercept the data, decipher the commands, and play them back to control panels at will.” Would-be malefactors, the report says, can do this relatively easily.

A vulnerability is a vulnerability, and certainly no security company wants there to be any possibility of a system being hacked. But it should probably be mentioned that while these techniques may come across as elementary to the reading community of Wired Magazine, these methods would probably be, for your run-of-the-mill burglar, well above the norm from a sophistication standpoint.

The researchers cited in the article—Logan Lamb and Silvio Cesare—plan to present their findings at the Black Hat security conference, a computer security conference scheduled next week in Las Vegas. For my part, I’ll be eager to hear more about their findings and to see what kind of impact the research could have.

Security threats to wireless alarms?

 - 
Wednesday, July 30, 2014

Tech publication Wired magazine may not focus too closely on alarm monitoring or residential security, but it does devote a good deal of ink to assessing network security threats, no matter what the context.

Just last month a writer for the magazine, Mat Honan, sketched a funny, dystopian picture of the connected home in revolt, commandeered by morally wayward hackers on some perverse quest for Internet notoriety. Identifiable only by screen names evoking bad 90s cyberpunk films, these lonesome code junkies are intent on doing everything from dousing homes by activating sprinkler systems to invading your privacy in all the imaginable ways in a home well stocked with cameras.

The piece, titled “The Nightmare on Connected Home Street,” is of course meant to be hysterical: The narrator is jarred awake at four a.m. by the pulse of dub step music exploding out of his connected pillow. The vignette ends, a few hours later, with a bare and awesomely memorable paragraph: “The skylights open up. The toaster switches on. I hear the shower kick in from the other room. It’s morning.”

It’s all just a thought experiment, but the piece is entertaining and well worth a read.

Interestingly enough, about a month later, Wired turned its attention to security again, this time focusing on concerns that, surprisingly, have nothing to do with Internet connected devices. This time, the article dealt with security vulnerabilities related to wireless home alarms, which, according to a pair of researchers cited in the article, could be comprised—the alarm being either suppressed (via “jamming”) or made to deliver false signals. The researchers found identical problems with a number of brands.

The issue, according to the report, has to do with radio frequency signals. While the conversation is understandable for a layman, it can seem a bit arcane. In sum, the researchers found that the systems “fail to encrypt or authenticate the signals being sent from sensors to control panels,” according to the report, “making it easy for someone to intercept the data, decipher the commands, and play them back to control panels at will.” Would-be malefactors, the report says, can do this relatively easily.

The researchers cited in the article—Logan Lamb and Silvio Cesare—plan to present their findings at the Black Hat security conference, a computer security conference held in Las Vegas next week. I’m eager to here more about their findings and to see what kind of impact the research could have.  

Security threats to wireless alarms?

 - 
Wednesday, July 30, 2014

Tech publication Wired magazine may not focus too closely on alarm monitoring or residential security, but it does devote a good deal of ink to assessing network security threats, no matter what the context.

Just last month a writer for the magazine, Mat Honan, painted a funny dystopian sketch of the connected home in revolt, commandeered by morally wayward hackers on some perverse quest for Internet notoriety. Identifiable only by screen names evoking bad cyberpunk films from the 90s, these lonesome code junkies are intent on doing everything from dousing homes by activating sprinkler systems to invading your privacy in all the imaginable ways in a home amply stocked with network cameras.

The piece, titled “The Nightmare on Connected Home Street,” is of course meant to be hysterical: The narrator is jarred awake at four a.m. by the blaring pulse of dub step music exploding from his connected pillow. The vignette ends, a few hours later, with a bare and awesomely memorable paragraph: “The skylights open up. The toaster switches on. I hear the shower kick in from the other room. It’s morning.”

It’s all just a thought experiment, but the piece is entertaining and well worth a read.

Interestingly enough, about a month later, Wired turned its attention to security again, this time focusing on concerns that, surprisingly, have nothing to do with Internet connected devices. This time, the article dealt with security vulnerabilities related to wireless home alarms, which, according to a pair of researchers cited in the article, could be comprised—the alarm being either suppressed (via “jamming”) or made to deliver false signals. The researchers found identical problems with a number of brands.

The issue, according to the report, has to do with radio frequency signals. While the conversation is understandable for a layman, it can seem a bit arcane. In sum, the researchers found that the systems “fail to encrypt or authenticate the signals being sent from sensors to control panels,” according to the report, “making it easy for someone to intercept the data, decipher the commands, and play them back to control panels at will.” Would-be malefactors, the report says, can do this relatively easily.

The researchers cited in the article—Logan Lamb and Silvio Cesare—plan to present their findings at the Black Hat security conference, a computer security conference held in Las Vegas next week. I’m eager to here more about their findings and to see what kind of impact the research could have.  

Viscount will be highly visible at ASIS

 - 
Wednesday, July 23, 2014

Viscount, the access control system that is software-based and does not have a panel, will be highly visible at ASIS, according to CEO Dennis Raefield.

Raefield joined Viscount at COO in December of 2013 and became CEO of the company, replacing Steve Pineau, in January of 2014. In February, Viscount "raised $2.4 million in new cash in a  private placement." He's used that funding to "staff up" adding tech support and sales people including hiring Michael Pilato, as VP of sales and marketing. Pilato has worked for Schlage/Ingersoll Rand, Assa Abloy, Honeywell Security, and Sensormatic/Software House (now Tyco).

"We went from 26 to 36 employees," Raefield said. "We now have dedicated tech support from 5 a.m. to 5 p.m. and on-call support 24/7," he said.

Viscount has been in business for 12 years, but its Freedom Encryption Bridge access control product is relatively new. It made traction with the federal government, in banking and it is  installed at Microsoft's GSOC.

"Our biggest deal is with the Department of Homeland Security, the CIS (Citizens Immigration Services) Group. [Freedom] is installed all over the country in 30 different sites and the plan is to roll out 200 more sites in the next year," Raefield said.

Freedom is doing well for two reasons, Raefield said. "One. It's highly secure from hacking for a very simple reason. The traditional [access control] panel has a database ... that is highly vulnerable to hacking. ... What we did is very simple. We took that database out of the panel," he explained. "We use a little thing called a bridge that converts all information at the door ... sends it to the company's own computer. Our software is on their server and the server makes the decision [about access]." This makes the IT director much more comfortable than a traditional access control system where a security appliance that is out of the IT director's hands is hanging on the company's network, he said.

Because the Freedom access control system is behind a company's firewall, it is as secure as any other application on an end user's network, Raefield pointed out.

Raefield noted that the recent Target data breach which received so much publicity and resulted in the firing of the Target CEO "was not a frontal assault on the IT infrastructure" but rather a "backdoor breach"—the result of a stolen HVAC contractor's password. That kind of backdoor breach cannot happen with this access control system, he said.

The second reason the federal government likes Freedom, according to Raefield, is that "our little bridge is much less expensive that anyone's panel. ... "You take out the expensive control panel and the dedicated computer for security and you now have a significaly lower total cost of ownership," he said.

The security director now can worrry about physical security instead of managing hardware and computers, he added.

Viscount Systems did about $4.1 million in revenue in 2013. About $3 million of that came from Viscount's legacy telephone entry system, a product called Mesh Enterphone, which is used in highrise buildings. It's been a "stable bread and butter" product for Viscount for 12 years. Raefield is also investing in that product, making it "high end with a touch screen." It can also be integrated with the Freedom access control system. The remaining $1 million in 2013 revenue was from Freedom, which Raefield said went from $0 to $1 million in one year. Raefield expects Viscount, which is a publicly traded company based in Vancouver, to do "between $6 and $8 million" in revenue in 2014.

Asked about whether Freedom can be used as a managed access control system, Raefield said yes. "The long term strategy is that [Freedom] will be able to be managed on site, in the cloud, any of the above, because it's all software."

Viscount is currently working with major integrators such as Stanley, Convergint and Johnson Controls. At ASIS, the company plans to make its case from a big booth to the integrator community that "this is the next direction and a smart direction," Raefield said.

Pilato said that Freedom has been rigorously tested by the federal government, it has shown itself to be "secure, scalable architecture" and it's ready for wider deployment in the commercial market, in K-12 schools, in banking and elsewhere. "ASIS will be the official commercial launch of Freedom," Pilato said. "The commercial side of the house is ready for prime time."

 

 

 

 

 

 

Another tech giant making a $200m move into the connected home?

 - 
Tuesday, July 22, 2014

I’ve written recently about Google’s $3.2 billion buy of smart thermostat and smoke alarm maker Nest Labs, and then Nest’s $555 million plan to buy Dropcam, which makes video cameras that stream video to a user’s computer or cellphone. Also, Apple in June introduced HomeKit, its new home automation/home security framework.

Now, Samsung also may be making a home automation push with a $200 million buy of startup SmartThings, according to news reports.

The potential deal was first reported in TechCrunch.

Forbes says that SmartThings is based in Washington, D.C. and “sells $100 hardware hubs and provides a cloud platform to make the hundreds of smart gadgets out on the market talk to each other in one unified app.”

Forbes notes that Samsung “already has many connected home appliances on the market.” However, Forbes says SmartThings could enhance those.

“What the SmartThings technology could do is better connect its appliances to other third-party devices onto one central platform. This is what Apple looks to be aiming to do with its HomeKit and what Nest may one day achieve after opening up its API program to allow other devices to talk to its growing family of smart gadgets.”

SmartThings, founded in 2012, has “tens of thousands” of SmartThings systems currently installed in U.S. households, Forbes said.

 

Vivint providing actionable intelligence for smart homes

 - 
Wednesday, July 16, 2014

The BusinessDictionary defines “actionable intelligence” as data “that can be used to boost a company's strategic position against industry peers.” But with a new partnership announced this week, Vivint is using data collected from sensors in smart homes to “identify actionable insights to enrich their customers’ lives.”

Provo, Utah-based home automation/home security company Vivint has partnered with Cloudera, which offers businesses “one place to store, process and analyze all their data,” according to a July 15 news release.

Palo Alto, Calif.-based Cloudera provides businesses with “fundamental new ways to derive value from their data.” In Vivint’s case that means, according to the news release, that “for the first time, Vivint is able to apply a new lens to data generated from intelligent devices and systems embedded with sensors in and around homes.” More than 100,000 data points “from smart sensors embedded in devices [are now] visible with Cloudera,” the release said.

Brandon Bunker, Vivint’s senior director of customer analytics and insights, put it this way in a prepared statement: “Vivint has been at the forefront of the connected home for decades, and now with the emergence of [the] IoT (Internet of Things), we are truly able to innovate by collecting and analyzing vast amounts of data from sensors embedded in our devices. We've taken that one step further with Cloudera and can now look across many data streams simultaneously for behaviors, geo-location, and actionable events in order to better understand and enrich our customers' lives.”

Vivint has more than 800,000 customers using various third party, smart-enabled devices, the release said. Each home has from 20 to 30 sensors, it said.

Here, according to the release, is how Cloudera’s services will make a difference with data from those sensors:

“Many of those devices come in the form of thermostats, smart appliances, video cameras, window and door sensors, and smoke and carbon monoxide detectors. Without a central internal repository to gather and analyze the data generated from each sensor, Vivint was previously limited in its ability to innovate and to add higher intelligence to its security offerings. For example, knowing when a home is occupied or vacant is important to security -- but when tied into the heating, ventilation and cooling (HVAC) system, you can add a layer of energy cost savings by cooling or heating a home based on occupancy. Similarly, by adding geo-location into the equation, you can begin to adjust temperature changes to a home based on the proximity to an owner's arrival, for instance, when the owner has a connected vehicle.”
 

Such "actionable intelligence" would be a sellling point for Vivint because consumers can save from 20 to 30 percent in energy costs by turning off their HVAC systems when they’re away or sleeping, the release said.

Vivint said it chose Cloudera because it has a proven track record and a very broad “big data ecosystem, to ensure support as more and more devices are connected to the Internet each day.” The company also ensures the data’s security, the release said.

And that traditional definition of “actionable intelligence,” about boosting a company’s position against industry peers?

Well, that’s actually a part of the partnership too, according to Vivint. “This platform has differentiated our business and given us a tremendous competitive advantage,” Bunker said in his statement.

 

ESA taps new president and officers

 - 
Wednesday, July 16, 2014

The Electronic Security Association has installed Marshall Marinace, owner of Yorktown Heights, N.Y.-based Marshall Alarm Systems, as its president for the next two years.

Marinace’s presidency was one of five new officer appointments announced at ESA’s annual membership meeting held during ESX 2014 in Nashville.

Marinace has been involved in the security industry for 38 years, and his alarm company was founded in 1976. He also has a longstanding involvement with ESA, serving in several different capacities with the association, including multiple terms as vice president, chairperson of the Membership Committee and liaison to the Standards and Fire Life Safety Committee, among other roles, according to an ESA news release.

“Having been involved with association boards and committees for the past 30 years and counting, my personal goal is to continue the legacy and ongoing development of strong leadership that has made ESA the foremost industry association,” Marinance said in a prepared statement. “I am therefore honored and humbled to have been given the opportunity to fill the role as ESA president for the next term.”

The following industry practitioners were also elected to ESA roles:

-- Dee Ann Harn, CEO of RFI Enterprises, elected to one-year term as vice president

-- Chris Mosley, president of Complete Security Systems, elected to two-year term as vice president

-- Angela White, executive vice president of Central 1 Security, elected to two-year term as vice president

-- Jon Sargent, industry relations / government affairs for Tyco Integrated Security, elected to two-year term as secretary

Milestone research: Video, metadata, operational intelligence

 - 
Wednesday, July 16, 2014

Interesting piece of news in my inbox this morning having to do with research that VMS provider Milestone Systems (recently acquired by Canon)  is working on.

The VMS provider is working with Technical University of Denmark (DTU), Aalborg University, Securitas and Nabto, on a research project that looks at using video for operational intelligence.

The news release said that Milestone is putting some of the research into practice already. From the release: “Research that is ongoing in a 3-year project to develop technological innovations is already paying off: the latest release of Milestone XProtect 2014 launched a new metadata framework that vastly improves the speed of searching and analysis with the video software. … Milestone's software manages video for security uses, but can also support and optimize activities in production, logistics, marketing, sales, healthcare, intelligent buildings, environmental control, and other analytical applications. Thanks to the XProtect open platform architecture, other companies are integrating software applications with Milestone's video management software to adapt it for particular operational needs in different business sectors.”

The Danish National Advanced Technology Foundation provided funding (DKK 15 million) for the project. The goal is “to interpret the recorded video material so the content can be described automatically.”

In a prepared statement, Hans Jorgen Skovgaard, Milestone VP of R&D said:
"We are still in phase one and expect to present to the market several new solutions for searching in metadata—the framework has already been released in XProtect 2014. During the next phases, we will do research among other things on how the software can learn to distinguish between normal and abnormal activity in video images. This means video surveillance can proactively give an alert before an incident occurs, and further enable use as a business tool in many more operational scenarios. … For example, if there is an accident or an assault at a bus station, the police or security personnel can search for the exact area where the incident happened by linking GPS coordinates with the video recordings from the buses, and within a few seconds they will have the relevant recording of the offender or other people involved.”
 
The release says that the metadata technology “can also be used with mobile phones as moving security cameras where GPS coordinates and compass information can be stored with the video. Operators thereby will know precisely where the video was recorded. Used in this way, mobile phones can increase security and safety, and threatening behavior can easily be proven. The technology can also be used as evidence of pollution emissions, for resolving insurance claims, or many other applications yet to be explored.”

Vivint taps into DIY with new online Support site

 - 
Wednesday, July 9, 2014

Vivint is not a DIY company—it offers professionally installed and monitored home security. But its new online Support site—which the company announced this week—is geared toward those who like to take things into their own hands.

Vivint notes that it already offers customer support 24/7/365. But in addition to that, the Provo, Utah-based home automation/home security company has launched the new Support site. Here’s how it describes its new online service:  

“If you’re a go-getter, a do-it-yourself-er, a knowledge-seeker, or a hate-being-put-on-hold-er, then this is great news for you. On our new Support site, you’ll find video tutorials, step-by-step instructions, troubleshooting, FAQs and more for anything from changing the batteries on your electronic door lock to adding a new camera to your system.”

I checked out the site. It’s easy to read and it provides answers to basic questions that range from “Where can I send my payment?” to “Why do you use a door-to-door approach?” Vivint’s answer to the latter is that it’s more personal and allows a sales rep to customize systems for each homeowner.

But in case anyone is wondering, Vivint stresses that the site does not replace its traditional customer service. “If you’re a I’d-rather-just-talk-on-the-phone-er, we will always be here to answer your call,” the company says.

Pages