“More than 9 in 10 cybersecurity researchers who find software vulnerabilities generally let the makers know and coordinate their disclosure, according to a new survey from a Commerce Department working group published Thursday.Only 1 in 6 (15 percent) expect any kind of reward, but nearly three-quarters (70 percent) expect to be engaged by the maker. It’s frustration around unmet communications expectations that’s most often the cause of unilateral disclosure, according to the survey report Vulnerability Disclosure Attitudes and Actions published by the National Telecommunications and Information Administration.”

Source: Hackers expect replies, not rewards, for finding bugs | Cyberscoop

‘This week the Electronic Frontier Foundation (EFF) renewed its call for the legal protection that manufacturers use to safeguard automotive software to be relaxed.For three years, farm machinery maker John Deere has found itself in a fight against the EFF, Silicon Valley’s most reliable proxy group, over the right to control its own intellectual property. Auto manufacturers use a variety of legal mechanisms to stop people tinkering with their gear willy nilly, and one of them is copyright.

Last year the US Copyright Office recommended that “computer programs that operate … motorized land vehicles would also receive a limited exemption” for “good faith research.”’

Source: Meet the Internet of big, lethal Things | The Register

“According to a recent estimation by McKinsey, the potential economic impact of IoT applications in 2025 is between US$ 3.9 and $11.1 trillion, of which $1.2 to $3.7 trillion is allotted to IoT applications within the factory environment. Also known as smart manufacturing, or Industrie 4.0 in Germany, these are fully networked manufacturing ecosystems driven by the IoT.”

Source: Internet of things (IoT) trends and realities: what to expect in 2017 | The Next Silicon Valley

The Internet of Things is a security problem. The Mirai botnet attacks drove the point home in October, but security experts have been warning about these weaknesses for years, providing endless demos about how a hacker might break into your baby monitor or seize control of your thermostat. There are more and less secure devices, but they all share the same basic weaknesses: they’re underpowered, making it hard to implement serious security systems, and their basic functions require them to accept requests from anywhere on the web. That combination makes them easy targets for hackers, who can use the devices to build botnets or launch ransomware attacks. And since those aren’t the kind of problems you can fix with a software patch, the security world has been at a loss for what to do.

Source: How do you fix the Internet of Things? A better router | The Verge

The Internet of Things offers the promise of all sorts of nifty gadgets, but each connected device is also a tempting target for hackers. As recent cybersecurity incidents have shown, IoT devices can be harnessed to wreak havoc or compromise the privacy of their owners. So Microchip Technology and Amazon.com have collaborated to create an add-on chip that’s designed to make it easier to combat certain types of attack—and, of course, encourage developers to use Amazon’s cloud-based infrastructure for the Internet of Things.

The AWS-ECC508 is an add-on chip designed to make devices more secure—at least for developers using Amazon’s IoT cloud. Cloud services are an integral part of the Internet of Things, which is built around the concept of connected objects becoming ubiquitous in our environment, and which must therefore rely on large-scale computing infrastructure.

Source: A Chip to Protect the Internet of Things | IEEE Spectrum

It’s relatively easy to build your own Internet of Things hardware, but the software is another story. How do you connect it to cloud services, push updates or just write code? Google might help. It’s trotting out a developer preview of Android Things, a toolbox that theoretically makes connecting IoT devices as straightforward as writing an Android app. Think of it as a more mature, more accessible Project Brillo. You’re not only using ordinary Android developer tools (Android Studio and the official SDK), but tapping into Google Play Services and Google Cloud Platform. In theory, most of the heavy lifting is done for you — future versions in the months ahead will even grab regular updates (both from you and Google) and use Google’s ad hoc Weave networking.

Source: Google makes it easier to get Internet of Things devices online | Engadget

“Parenting site BabyCenter says parents find that sensors and connectivity in the devices/objects they use save time, provide control, and add security.

The study, “The Internet of Things Empowers Parents,” says that 70 percent of parents in the U.S. now own an IoT device, 37 percent who own one want to buy another, and more than a third believe these gadgets make them better parents. And the report points to a potential major marketing opportunity for companies pitching parents.”

Source: Report: Parents like the Internet of Things | Marketing Land

‘The FTC’s IoT Home Inspector Challenge is seeking ideas for a tool of some sort that would address the burgeoning IoT mess. The agency says it’s offering a cash prize of up to $25,000 for the best technical solution, with up to $3,000 available for as many as three honorable mention winner(s).

The FTC said an ideal tool “might be a physical device that the consumer can add to his or her home network that would check and install updates for other IoT devices on that home network, or it might be an app or cloud-based service, or a dashboard or other user interface. Contestants also have the option of adding features such as those that would address hard-coded, factory default or easy-to-guess passwords.”’

Source: The FTC’s Internet of Things (IoT) Challenge | Krebs on Security