Enterprise Iot
PR Newswire | October 16, 2023
UL Solutions, a global leader in applied safety science, today announced it issued the first Smart System Verified Platinum rating for the SIBCA Connect: Internet of Things (IoT) Platform. SIBCA is a provider of fire, life safety, and information and communication technology (ICT) solutions.
"With our Smart Systems Rating Program, UL Solutions is helping the industry navigate the growing complexity of smart building systems and solidify the definition of a smart product based on features and best practices," said Sudhi Sinha, vice president of Ecosystems and Service Development at UL Solutions. "UL Solutions is pleased to announce that SIBCA has earned the Smart System Verified Platinum rating for their SIBCA Connect IoT Platform. Our Smart Systems Rating, a UL Marketing Claim Verification, helps our customers deliver confidence and peace of mind to buyers and consumers during their decision-making process, which helps them elevate their brand above competitors that self-declare their claims."
UL Solutions evaluated the SIBCA Connect platform using UL MCV 1587, Methodology for Marketing Claim Verification: Smart System Verified to level Silver/Gold/Platinum/Diamond. This assessment — along with evidence from SIBCA — enabled UL Solutions to verify SIBCA's marketing claim about its product.
UL Solutions Smart Systems Rating Program enabled us to demonstrate the level of our SIBCA Connect IoT Platform's smart system claim and differentiate our solution in a competitive and challenging market. We are honored to achieve the first Smart System Verified Platinum rating for our SIBCA Connect platform and be part of this industry-first program, said Ibrahim Lari, chairman and CEO of SIBCA.
UL Solutions evaluates building systems and products according to the Smart System Rating Program across six categories: connectivity and interoperability, control and automation, digital experience, functional value, resiliency and cybersecurity. This assessment is performed based on the specifications published in UL MCV 1587. Each category has different areas of examination reflected in sub-categories, and the examination utilizes science-based methodology against these criteria and the published specification.
Read More
IoT Security
Cisco | September 14, 2023
Cisco disclosed eight vulnerabilities in the OAS platform’s engine configuration management functionality.
Three of the eight detected vulnerabilities were rated as high-severity.
The issues detected in OAS platform v18.00.0072 were addressed and, v19 was released.
Cisco's Talos security researchers have identified eight vulnerabilities in the Open Automation Software (OAS) Platform that can be exploited to bypass authentication, disclose sensitive information, and overwrite files. The OAS Platform is commonly used to facilitate communication and data transfer between servers, industrial control systems (ICS), IoT devices, and other hardware in industrial and enterprise settings.
The OAS Platform is widely deployed in industrial operations, enterprise environments, and cross-platform integrations. It plays a crucial role in facilitating communication and data exchange across various devices and systems, facilitating logging and notifications. The vulnerabilities pose a significant security risk, especially in environments where the OAS Platform is used for critical industrial and enterprise operations. Unauthorized access and data breaches can lead to operational disruptions and potentially compromise sensitive information.
Among the eight vulnerabilities, three are rated as high-severity. Cisco's Talos security researchers were responsible for discovering and disclosing these vulnerabilities. The most critical issues are CVE-2023-31242 and CVE-2023-34998, both of which are authentication bypass flaws. CVE-2023-31242 can be triggered through a sequence of requests, while CVE-2023-34998 can be exploited by sniffing network traffic. The identified vulnerabilities in the OAS Platform mainly revolve around authentication bypass, information disclosure, and file manipulation. Attackers could leverage these weaknesses to create new users, gain unauthorized access, decrypt sensitive information, and perform arbitrary file and directory actions.
These vulnerabilities essentially allow attackers to gain unauthorized access to the system by loading and saving configurations to a disk and installing them on other devices. The issues were identified in OAS Platform version 18 and have been addressed in the subsequent release, version 19.00.0000, highlighting the importance of keeping software up-to-date to mitigate security risks.
These issues stem from the fact that when the OAS engine is deployed, by default, no admin user is defined and no authentication is required to access functionality such as new user creation. Even if an admin user is created, the configuration must be stored prior to restarting the engine, or it will revert to its default state. An attacker can create a new user, save the changes, and thus gain access to the underlying system.
Also, the vulnerability enables an attacker to acquire a protobuf containing valid admin credentials and construct their own requests. The perpetrator could then again obtain access to the underlying system by utilizing the user creation and saving functionality. Cisco warns that these authentication bypass flaws could be combined with CVE-2023-34317, an improper input validation flaw in the user creation functionality, to gain access to the underlying system by adding ‘a user with the username field containing an SSH key.’
CVE-2023-34353 is another high-severity authentication bypass that allows an attacker to perform network snooping to acquire the protobuf containing admin credentials and then decrypt sensitive information. While two of the remaining vulnerabilities could result in information disclosure, the other two could be exploited to create or overwrite arbitrary files and create arbitrary directories.
Read More
Devices
Amazon | September 25, 2023
Amazon launched Echo Hub, a smart home control panel with support for over 140,000 IoT devices
It detects when a person is around and accordingly shifts its display
With an eight-inch display, it features voice control through Alexa
Amazon is set to provide a solution to simplify and streamline the management of multiple IoT devices
Amazon has introduced the Echo Hub, a sleek, smart home control panel featuring an eight-inch display and compatibility with over 140,000 IoT devices. Priced at $180, this hub offers voice control via Alexa and utilizes infrared technology. Notably, it automatically adjusts its display when someone approaches, simplifying smart home management.
This product is designed for use in smart homes, allowing users to centralize control of their IoT devices. The Echo Hub can be mounted on a wall or placed on a flat surface using an optional stand. It incorporates Alexa for voice control and supports infrared technology for added convenience. The device is also compatible with Sidewalk, Bluetooth, Thread, Zigbee and Matter, making it versatile for various smart devices.
Equipped with Infrared technology, it is a rare brand product with a slim design. Together with Amazon's third-party support, this factor makes the newly launched Echo Hub an ideal control panel for smart homes. The growing popularity of smart home management solutions has intensified competition within the market. Amazon, for instance, is set to introduce its Echo Hub later this year, which includes a Power over Ethernet (PoE) adapter. However, this expanding landscape also ushers in increased options for consumers. Recently, Home Assistant unveiled its budget-friendly Home Assistant Green, a plug-and-play smart home management device priced at $99.
As tech giants like Amazon enter the fray, consumers soon find themselves spoiled for choice. Nevertheless, this abundance of options may also pose a challenge as consumers navigate various products to address a common concern. While it is positive that smart home manufacturers are acknowledging the issue, developers must remain cautious about oversaturation. It is crucial to remember that consumers are discerning enough to recognize redundancy and may choose to retain their funds rather than make unnecessary purchases.
As the smart home market continues to grow, Amazon aims to provide a solution to streamline the management of multiple IoT devices. Amazon has introduced the Echo Hub as part of its smart home product lineup. It offers convenience and compatibility with various smart home products. Users interested in centralizing the control of their smart devices may find this product appealing.
Read More