“Vulnerable versions of Vera and Wink could be attacked through HTTP requests,” Young added. “These requests may come from a malicious web page (as demonstrated at IID on the Vera), a phone app on the LAN, or a malicious user on the LAN directly connecting to the vulnerable device. In the case of Vera, the attacker can directly supply commands to run on the Vera’s embedded operating system. In the case of Wink, the attacker would inject SQL commands to trick SQLite into creating a PHP script on the device. A subsequent request can then trigger execution of the PHP code with root permissions.”
The SmartThings hub had the least serious vulnerability as it was vulnerable to improper certificate validation. The holes in both SmartThings and Wink were patched, but that means the user must apply the patches. In the case of SmartThings, a mandatory update was pushed out in February. A spokesperson said, “Any inactive hub that was not updated, cannot connect to the SmartThings service and is automatically redirected to an update server.”
As the Internet of Things evolves over the course of the next few years, expect to see a lot more vulnerabilities exposed as the manufacturers creating these devices are not including security in the design stages of their products. IoT increases the cyber attack surface and will be a huge platform malicious actors – likely cyber criminals – will attempt to leverage to gain access to private data for nefarious purposes.
Voltage boosters are nothing new, but Batteriser scales down the technology to the point where it can fit inside a stainless steel sleeve less than 0.1 mm thick. Roohparvar says the sleeves are thin enough to fit inside almost every battery compartment imaginable, and the combined package can extend battery life between 4.9x for devices like remote controls and 9.1x for various electronic toys.
“The Batteriser has boost circuitry that will boost the voltage from 0.6 volts to 1.5 volts and will maintain voltage at 1.5—which is a brand new battery,” Roohparvar says. “There’s actually no IP [intellectual property] in the boost circuitry. Our technology is really a miniaturization technique that allows us to build the sleeve. We have some IP in some of the IC circuits that are in there, but the key is we’ve been able to miniaturize the boost circuit to a point that no one else has been able to achieve. “
Indeed, for now I think it likely that one of Apple’s oldest and most cherished skills — its ability to make beautiful, desirable objects — will make the Watch exactly what Tim Cook promised: another tentpole product that rivals the Mac, the iPod, the iPad, and even the iPhone. Framed as nothing more than A Watch that Does Stuff — and that you actually don’t mind wearing — Apple will rightly sell enough to kick-start a world that gets just a little bit smarter and little bit better when it knows who and where we are.
Moreover, the Watch may even help Apple to rival Google when it comes to Siri and the cloud: the best way to improve a service like Siri is to have millions of customers using it constantly, and I for one have used Siri more in the last two weeks than I have the last two years. Multiply that by millions of Watch users and you have the ingredients for a rapidly improving service. Perhaps more importantly, the fact that Siri is critical to the Watch’s success in a way it isn’t to the iPhone’s may finally properly align Apple’s incentives around improving its cloud services.
Ultimately, the Apple Watch has exceeded my quite high expectations. The complications and notifications fit into all the slivers of my life the iPhone has not, and the criticism I’ve levied at Siri has been primarily fueled by the appreciation of just how powerful it is to have a virtual assistant on my wrist instead of my pocket. As for apps, speed is the most easily solved issue in technology, thanks to Moore’s Law. I’m confident apps will be fully performant sooner rather than later.