Industrial IoT
The Linux Foundation | September 20, 2023
On September 9, 2023, LF Edge, an organization under The Linux Foundation dedicated to fostering open, interoperable edge computing solutions, announced the upcoming launch of the LF Edge Sandbox. This self-service platform, provided by ZEDEDA, allows for the deployment of LF Edge projects and solutions to edge devices.
The LF Edge Sandbox acts as a centralized system, enabling individuals to swiftly engage with LF Edge projects for creating proofs of concept (POCs), demonstrations, and end-user experiences. The service operates as a Software-as-a-Service (SaaS) solution and is offered by ZEDEDA, an LF Edge member organization. It grants remote management and orchestration capabilities for edge hardware running LF Edge project applications, utilizing the LF Edge Project EVE's open Linux-based operating system, EVE-OS, to facilitate secure device management and application orchestration at scale.
It is set to become available in the coming weeks, providing developers with a platform for testing open-source projects and experimenting with their own solutions.
Users with a Linux Foundation ID will be able to create a free LF Edge Sandbox account, select LF Edge project applications for deployment from a pre-configured list, and even test private applications for real-world use cases. The deployment process is designed to be quick and straightforward, with applications ready for testing within minutes.
With the Sandbox, developers can easily deploy LF Edge project applications, making it simpler for them to explore and test various projects. It aims to encourage the development of edge computing solutions by simplifying project deployment, allowing developers to focus on building valuable solutions.
GM, Networking, Edge and IoT at the Linux Foundation, Arpit Joshipura, remarked,
The development of the LF Edge Sandbox speaks to the community's robust array of in-demand edge computing solutions. This new service will make it even easier for people and organizations to trial various LF Edge project solutions and blueprints across formats, ultimately enabling faster deployment. Congratulations to the community for achieving this milestone, and thank you ZEDEDA for the resources.
[Source: Cision PR Newswire]
Joe Pearson, chair of the LF Edge Technical Advisory Council (TAC) and Open Source Strategy at IBM Software, Networking, and Edge Computing, stated that the abundance of intriguing LF Edge projects, with more on the horizon, has made it a challenging task for an individual or even a small team to acquire sufficient knowledge to install and experiment with all these solutions. He pointed out that Project EVE's platform, as executed and supported by ZEDEDA, offers a simplified approach for deploying any of these projects across various architectures and in the most suitable format, whether it be a bare install, virtual machine, or container. Joe also highlighted that this Sandbox would enable interested parties to become productive within minutes rather than spending days or weeks on the same task.
About The Linux Foundation
The Linux Foundation has emerged as the go-to organization for the world's leading developers and corporations seeking to foster ecosystems that expedite open technology advancement and widespread commercial adoption. Collaborating closely with the global open-source community, it tackles some of the most challenging technological hurdles, underpinned by the most extensive shared technology investment assembled.
Read More
IoT Security
Cisco | September 14, 2023
Cisco disclosed eight vulnerabilities in the OAS platform’s engine configuration management functionality.
Three of the eight detected vulnerabilities were rated as high-severity.
The issues detected in OAS platform v18.00.0072 were addressed and, v19 was released.
Cisco's Talos security researchers have identified eight vulnerabilities in the Open Automation Software (OAS) Platform that can be exploited to bypass authentication, disclose sensitive information, and overwrite files. The OAS Platform is commonly used to facilitate communication and data transfer between servers, industrial control systems (ICS), IoT devices, and other hardware in industrial and enterprise settings.
The OAS Platform is widely deployed in industrial operations, enterprise environments, and cross-platform integrations. It plays a crucial role in facilitating communication and data exchange across various devices and systems, facilitating logging and notifications. The vulnerabilities pose a significant security risk, especially in environments where the OAS Platform is used for critical industrial and enterprise operations. Unauthorized access and data breaches can lead to operational disruptions and potentially compromise sensitive information.
Among the eight vulnerabilities, three are rated as high-severity. Cisco's Talos security researchers were responsible for discovering and disclosing these vulnerabilities. The most critical issues are CVE-2023-31242 and CVE-2023-34998, both of which are authentication bypass flaws. CVE-2023-31242 can be triggered through a sequence of requests, while CVE-2023-34998 can be exploited by sniffing network traffic. The identified vulnerabilities in the OAS Platform mainly revolve around authentication bypass, information disclosure, and file manipulation. Attackers could leverage these weaknesses to create new users, gain unauthorized access, decrypt sensitive information, and perform arbitrary file and directory actions.
These vulnerabilities essentially allow attackers to gain unauthorized access to the system by loading and saving configurations to a disk and installing them on other devices. The issues were identified in OAS Platform version 18 and have been addressed in the subsequent release, version 19.00.0000, highlighting the importance of keeping software up-to-date to mitigate security risks.
These issues stem from the fact that when the OAS engine is deployed, by default, no admin user is defined and no authentication is required to access functionality such as new user creation. Even if an admin user is created, the configuration must be stored prior to restarting the engine, or it will revert to its default state. An attacker can create a new user, save the changes, and thus gain access to the underlying system.
Also, the vulnerability enables an attacker to acquire a protobuf containing valid admin credentials and construct their own requests. The perpetrator could then again obtain access to the underlying system by utilizing the user creation and saving functionality. Cisco warns that these authentication bypass flaws could be combined with CVE-2023-34317, an improper input validation flaw in the user creation functionality, to gain access to the underlying system by adding ‘a user with the username field containing an SSH key.’
CVE-2023-34353 is another high-severity authentication bypass that allows an attacker to perform network snooping to acquire the protobuf containing admin credentials and then decrypt sensitive information. While two of the remaining vulnerabilities could result in information disclosure, the other two could be exploited to create or overwrite arbitrary files and create arbitrary directories.
Read More
Enterprise Iot
floLIVE | September 11, 2023
floLIVE, the global creator of the largest hyperlocal global cellular network and a provider of global connectivity and network solutions for IoT has announced a collaborative effort with Qualcomm Technologies, a leading provider of advanced wireless technologies. This partnership aims to enhance connectivity globally on the innovative Qualcomm Aware Platform.
The collaboration between floLIVE and Qualcomm Technologies has global implications as it seeks to address the IoT connectivity challenges faced by enterprises worldwide, benefiting diverse industries. The integration of floLIVE's expertise into the Qualcomm Aware Platform underscores their commitment to providing innovative global connectivity solutions.
floLIVE's contribution to the Qualcomm Aware ecosystem brings unique hyperlocal global cellular network capabilities to the table. This network, tailored for OEMs and global enterprises, complements Qualcomm Aware's suite of technologies and intelligence. Together, they offer nearly seamless local connectivity woldwide, redefining how IoT devices connect and communicate globally.
Qualcomm Aware targets issues related to ecosystem fragmentation and system design complexity, offering differentiated services for managing assets that require precise and timely decision-making. One of the significant challenges enterprises encounter is the time and cost associated with establishing reliable connectivity. floLIVE's solution addresses these concerns by enhancing connectivity reliability, enabling devices to access a global network operator database, and overcoming roaming restrictions.
President, Americas at floLIVE, Curtis Govan, stated,
Qualcomm Technologies' integration of floLIVE into the Qualcomm Aware Platform to help enhance global connectivity is a testament to our dedication to delivering innovative and impactful global connectivity solutions.
[Source: Cision PR newswire]
Curtis further said that they are excited to collaborate with Qualcomm Technologies to bring their hyperlocal cellular network expertise to Qualcomm Aware, empowering businesses to harness the full potential of IoT. Mohammed Ansari, Senior Director of Business Development at Qualcomm Technologies, expressed enthusiasm about the inclusion of floLIVE into the Qualcomm Aware ecosystem as a collaboration partner. He noted that a significant feature of Qualcomm Aware is its capacity to incorporate and enhance global IoT device connectivity intelligently, with a strong emphasis on security. Additionally, he highlighted the system's ability to intelligently oversee the connection from the device to the cloud, tailored to meet customers' requirements across various industries.
Qualcomm Technologies is set to revolutionize the IoT landscape with its Qualcomm Aware platform, designed to unify and optimize developer tools, hardware, software, positioning capabilities at the chipset level, and global connectivity. This initiative will add digital intelligence, visibility, and control to enterprises while simplifying the complexities and challenges of IoT deployment.
About floLIVE
floLIVE operates the world's premier hyperlocal global cellular data network, strategically positioned with local points of presence (POPs) across numerous international locations. One can easily monitor their devices, access real-time network data and events, remotely switch operators, and proactively address potential issues, ensuring uninterrupted device performance. Its network provides direct access, allowing it to manage connectivity, while its global connectivity library is unparalleled in its scope, offering centrally managed, localized connectivity solutions for any device, anywhere. This global reach empowers businesses to operate without geographical constraints, while its localized approach ensures minimal latency, exceptional performance, and full compliance with privacy regulations, data laws, and roaming restrictions.
Read More