All posts tagged: sydney

With the increasing popularity of Internet-of-Things connected products, security of these devices and their networks is a growing concern.

Let’s consider potential security vulnerabilities that can exist in Internet-of-Things appliances, and how these security threats may be mitigated. Security is a particular concern in the context of home automation devices and Internet-of-Things connected appliances in the home because hardware and/or software vulnerabilities in these devices have the potential to affect the security of homes, buildings and people.

Security vulnerabilities in these connected devices, such as home automation hubs, could potentially allow attackers to gain control of door locks or other actuators, access video cameras or otherwise compromise physical security.

Recent research from security firm Veracode has found that many of today’s popular “smart home” devices have security vulnerabilities, which are open to exploitation. The researchers examined a selection of typical always-on IoT home automation appliances on the market in order to understand the real-world potential impact of security vulnerabilities in these kinds of products.

The products that were studied by the researchers included the MyQ Internet Gateway and the MyQ Garage, which provide Internet-based control of devices such as garage doors, power outlets and lighting, the SmartThings Hub, a central control device for home automation sensors, switches and devices such as door locks, the Wink Hub and Wink Relay networked home automation products, and the Ubi home automation gateway.

These devices are just a representative sample of today’s popular “Internet-of-Things” appliances in the consumer market.

The Veracode researchers didn’t look for vulnerabilities in the firmware of the devices they looked at, but instead analysed the implementation and security of the communication protocols they use.

The researchers looked at the front-end connections, between the users and the cloud services, as well as the back-end connections between the cloud services and the devices themselves. They wanted to know whether these services allowed communication to be protected through strong cryptography, whether encryption was a requirement at all, if strong passwords were enforced and whether server TLS certificates were properly validated.

Researchers found that of the six products examined, only one enforced the strength of user passwords at the front end, and one of the products did not enforce encryption for user connections.

This research also looked at the back-end cloud service connectivity in these products, whether the devices used strong authentication mechanisms to identify themselves to cloud services, whether encryption was employed and whether safeguards were in place to prevent man-in-the-middle attacks and if sensitive data was protected – for example by hashing clear text passwords and transmitting only the crucial data needed across the Internet service.

What they found was a general trend towards even weaker security, with two of the products tested not employing encryption for communications between the cloud service and the device.

It was also found that one of the devices did not properly secure sensitive data, and man-in-the-middle attack protection was lacking across all the devices tested, with the exception of the SmartThings Hub, either because TLS (Transport Layer Security) encryption was not used at all or because proper certificate validation was not used.

This research suggests that connected products, marketed as appliances for the household consumer, have been designed with the assumption that the local area networks that they’ll be installed on are secure.

However, that seems to be a mistake since we know that if there’s anything worse than the security and user configuration we see with these new connected products, it’s the security of WiFi routers.

Researchers find serious vulnerabilities in consumer routers and their firmware routinely, and many of these have the potential to enable attackers to perform man-in-the-middle attacks on data going out to the Internet or to other devices on the LAN.

A quick search online and you can find default passwords for many IoT devices – often left unchanged or unable to be changed by users – and the security features in place are often very limited. User instruction and education can play a large part in minimising potential problems here – for example, choosing strong passwords, both for the Wi-Fi router as well as for devices connected to it, and regularly checking for and installing firmware or software updates provided by vendors.

This study is a good reminder to users to keep their networks secure by using strong passwords and security settings, across their PCs, phones or other devices, wireless access points and routers, as well as smart IoT devices. Furthermore, the research team also explored device debugging interfaces and services that run on these IoT devices which aren’t intended to be accessed by end users.

The team only investigated interfaces that are accessible over a network, whether over the local area network or through the Web. For example, attacking a device through a hardware interface, plugging a JTAG probe into a smart light bulb, is not considered to be a significant security threat compared to network-connected services.

This research explored whether access to these hidden services was restricted to users with physical access to the device, if open interfaces are protected against unauthorised access, and whether open interfaces are designed to prevent an attacker who gains access to these interfaces from running arbitrary code on the device.

The Veracode research found that the Wink Hub runs an unauthenticated HTTP service on port 80 that is used to configure the wireless network settings, the Wink Relay runs a network-accessible ADB (Android Debug Bridge) service, the Ubi runs both an ADB service and a VNC remote desktop service with no password, the SmartThings Hub runs a password-protected telnet server and the MyQ Garage runs an HTTPS service that exposes basic connectivity information.

It is simply assumed that all these things are secure because the wireless LAN they’re on is secure, but this is commonly not true and these networks are secured poorly or not at all. For devices with exposed ADB interfaces, this can provide attackers with root access and can allow them to execute arbitrary code on the device.

At this point the casual observer may consider all these new consumer IoT-based devices to be a security risk, however if developed by the right team nothing could be further from the truth. With a great design team and user education security can become a non-issue for the end user.

The easiest part is to find the right designers for your IoT-based product – and here at the LX Group we have the team, experience and technology to bring your ideas to life.

Getting started is easy – join us for an obligation-free and confidential discussion about your ideas and how we can help bring them to life – click here to contact us, or telephone 1800 810 124.

LX is an award-winning electronics design company based in Sydney, Australia. LX services include full turnkey design, electronics, hardware, software and firmware design. LX specialises in embedded systems and wireless technologies design.

Published by LX Pty Ltd for itself and the LX Group of companies, including LX Design House, LX Solutions and LX Consulting, LX Innovations.

The Agile Manifesto is based around twelve principles, guiding concepts which build upon the four core values of Agile and support project teams in implementing Agile management methods, helping to lead to better project outcomes, better engineering and better customer satisfaction.

Let’s review these twelve principles of Agile project management and the relevance that they have to project management, particularly in the context of embedded computing, electronic engineering and product design projects.

The first principle is that it is the highest priority of an Agile project team to satisfy the customer through early and continuous delivery of valuable technology – and this remains true whether the product is software or hardware, embedded firmware, or any type of industrial design or engineering product.

Valuable engineering that is delivered to the customer early and continuously may not be the final product, but it might consist of rapid design iterations, demonstrations of certain subsystems or modules, proof-of-concept engineering, or prototypes constructed for demonstration using rapid manufacturing and rapid prototyping techniques such as 3D printing or digital logic synthesis in an FPGA.

The second of the core principles of Agile project management is that changing requirements should be welcomed, even late in development. This means that the customer should not be expected to provide a complete and concrete specification of all project requirements at the start of the project and never change or add to it.

Change should be welcomed, and Agile processes harness change for the customer’s competitive advantage. This principle applies equally for embedded design and hardware projects as it does for the management of software projects, however obviously there can be challenges when incorporating new requirements from the customer into a hardware project late in development.

For example, it may be difficult to incorporate new or different requirements into an existing PCB design and layout, requiring increased time and cost to design and fabricate a new PCB. In some cases, depending on size and mechanical requirements, using multiple modules and interconnected boards within a hardware system can allow for easier changes or the addition of new functionality without “wasting” existing hardware and its embodied time and money if a new iteration is required.

The use of programmable logic devices or FPGAs, or microcontrollers with their functionality reconfigurable in firmware, can also be useful in this regard – although this may increase cost or power consumption compared to a hardware system with application-specific, fixed functionality.

The third of the core principles of Agile management is to deliver working technology frequently, over a timescale of a couple of weeks to a couple of months, with a preference towards keeping this timescale as short as possible.

Like the other principles we have discussed, this principle is also useful and applicable towards hardware projects. Although there may be insurmountable time constraints, such as lead time for components, PCB manufacturing or assembly, the rapid delivery of working iterations of hardware, even if it is just for a subsystem or a prototype that validates part of the overall system design, is a valuable goal and it is practical to achieve in most cases in a typical hardware project.

Another of the twelve principles of Agile is that working engineering that can be demonstrated, even if it is just a subsystem, a component, an experiment or prototype and not the “final” deliverable product, is the primary measure of project progress. Other metrics that might be applied to gauge project progress are of secondary value compared to the actual technology created.

Further core principles of Agile are that business people and customer representatives should work together intimately with developers and engineers throughout the project, with close contact and communication between them during project development, preferably every day, and that project teams should be built around motivated individuals on the development or engineering teams who are given the support and environment that they need to get the job done, as well as given the trust that they will get the job done without micromanagement.

Among the other core principles of Agile project management are the principles that the most efficient and effective method of conveying information to and within a development team is face-to-face conversation, and the belief that Agile processes promote sustainable development and a sustainable use of the human resources of the team, where the sponsors, developers, engineers and users making up a project team should be able to maintain a constant pace of work indefinitely.

The remaining principles are that continuous attention to technical excellence, good engineering and good design enhances agility, that simplicity and the art of maximising the amount of work that does not need to be done is essential, and that the best architectures, requirements and designs emerge from self-organising teams.

Finally, one of the core principles of Agile management is that it values regular adaptation to changing circumstances. Ideally, an agile team reflects on how to become more effective and then tunes and adjusts its behaviour accordingly at regular intervals.

These Agile principles also retain their advantages and their potential usefulness irrespective of the technical nature of the particular project that you’re managing – there is no real difference between a software project or a project working with electronic hardware or any other kind of engineering or non-engineering project when it comes to understanding the potential benefits of these Agile values.

With some thought and buy-in by all members of your team, you can use Agile methods on a wide variety of projects. And if you’re looking for a partner in yoru project development, here at the LX Group we have the team, knowledge and experience to bring your ideas to life.

Getting started is easy – join us for an obligation-free and confidential discussion about your ideas and how we can help bring them to life – click here to contact us, or telephone 1800 810 124.

Published by LX Pty Ltd for itself and the LX Group of companies, including LX Design House, LX Solutions and LX Consulting, LX Innovations.

Agile project management methods aren’t new, however they can still be considered somewhat foreign to most teams developing hardware or combined embedded hardware and software products.

There are a number of both advantages and potential disadvantages that are worth considering when it comes to the role of Agile management methods in hardware projects that should be considered in the decision-making process of switching from a traditional waterfall project management method to an Agile approach for the management of your projects.

Imagine a team that focuses on how their work will be used by the customer, and who quickly incorporates feedback from other teams and test users to build something that gets better and better in noticeable and usable incremental chunks of productivity. They may work without the usual documentation and strict procedures because communication is fast and usually face-to-face, with the results being what is important.

These are some of the typical advantages associated with Agile project management techniques, along with improvements in efficiency and team productivity that come from co-location of teams, pair programming (and more generally, “pair engineering” in the context of a non-software project), regular stand-up meetings and similar interpersonal communication techniques within your project team that are an important part of many Agile methods.

Some of the other key advantages that are typically ascribed to Agile project management techniques include the reduction of traditional, formal written documentation because of the sense that reducing the requirement for this type of documentation allows creativity to increase, a reduction in the time that is typically consumed doing blind research, and the relatively rapid delivery of new iterations of hardware or software prototypes which allow improvements to be demonstrated more rapidly, broken up into smaller chunks.

Another advantage of Agile methods is that multiple cycles of iterative development, testing and feedback speed up the evolution of a quality product, as well as allowing relatively rapid education of new members of the development team, allowing skills and experience with particular tools, client industries or user stories to be learned rapidly where prior experience may be lacking.

Despite many apparently compelling advantages of Agile methods, however, some development teams and companies prefer the perceived stability and predictability of a traditional development process and a “waterfall” project model.

They feel that the traditional approach of comprehensive documentation and specific up-front contract negotiation protects them from risk and allows one team to follow the work of another in a consistent and reproducible way. When your product involves a combination of hardware and software – as is often the case in today’s world of embedded systems and connected Internet-of-Things devices, this involves special hurdles and some people feel that agile methods are not well suited, or insufficiently well developed, to handle this area well and that traditional engineering management strategies are the best when you’re working with this type of technology.

Some possible disadvantages that you may encounter when trying to incorporate agile methods into your product development include an increase in the amount of data that you need to manage, in order to keep track of rapid revisions and many different versions of prototype hardware and software, and the increased complexity of your communication and coordination within your team and between the team and the customer as the project proceeds.

Some organisations may find that they have a hard time getting over the disadvantages of changing their processes and dealing with perceived increases in risk. There are real costs associated with your transition to new, different procedures and tools, and the perception that moving away from formal up-front contract and specification processes with your clients could expose you to increased risks can be, to some extent, correct.

Another one of the challenges facing agile management of projects with both hardware and software development components is that software can normally be developed relatively rapidly, and the software development process broken down into smaller chunks or iterations relatively easily.

On the other hand, it may require three to six months or more to develop an iteration of a hardware product and to demonstrate a working component or feature. Hardware is hard, as they say, and it is harder to break up the project into small components that can be worked on in small, short sprints with a working iteration of a product or component at the end. If the software must wait for the hardware to be created prior to final testing of the integrated system, this can add delays to your testing process.

Nevertheless, don’t let these put you off considering Agile for your project development. By working with experienced partners you can exceed your goals, and here at the LX Group we have the team, knowledge and experience to bring your ideas to life.

Getting started is easy – join us for an obligation-free and confidential discussion about your ideas and how we can help bring them to life – click here to contact us, or telephone 1800 810 124.

Published by LX Pty Ltd for itself and the LX Group of companies, including LX Design House, LX Solutions and LX Consulting, LX Innovations.

Agile project management practices, which can be applied to the management of hardware development or other engineering projects – and not just the software development projects for which these methods were mostly originally developed, have the potential to deliver increased customer satisfaction compared to traditional project management methods such as the “waterfall” technique.

These improvements in customer satisfaction that can be achieved by Agile projects come about because of a combination of many different advantages that Agile practices can offer, particularly in the ways that Agile project techniques involve and engage the customer, the customer’s feedback, ideas and expertise throughout the product development lifecycle.

These Agile project management practices can increase the satisfaction of your customers by keeping the customers involved and actively engaged through the development cycle of their new product, making the customer feel like they are a valuable, integral part of the project team – which, of course, they are.

This enables rapid and precise feedback between the customer (or customer representatives and advocates on the team such as the “Product Owner”, who often play an important role in Agile project teams) and the development team.

Furthermore this also gives the development team an intimate contextual understanding of the customer’s requirements, specifications and ideas by keeping the customer or customer champion embedded in close contact with the development team. Finally, customer satisfaction is increased thanks to your progress and with the product; these practices can help to make the product itself fundamentally better, too.

Whilst these kinds of Agile project methodologies can work at their best when an actual customer representative is available frequently for team meetings, to communicate product requirements and business needs, if a customer representative is not available then the Product Owner, a role filled by one member from the project management team, can perform this role effectively.

The “Product Owner”, who is a core part of many Agile project teams, is an expert on the customer’s needs and product requirements, and serves as an advocate for customer and business outcomes, constantly directing the team in a direction that is focused on customer results and customer centred value, rather than considerations such as what is technically easiest, or technically most elegant, which otherwise may be given greater emphasis by the engineering or development teams.

Agile project management practices can deliver improved customer satisfaction and customer-focused outcomes by keeping the product backlog updated regularly and prioritised, allowing the team to quickly and efficiently respond to urgent issues, to newly established product requirements, or other changes that need to be addressed, without wasting time with less organised project management or implementing new features or changes that are less urgent and less important to the customer and business outcomes. Agile practices can also deliver improvements in customer satisfaction and product outcomes by demonstrating working functionality to customers in every sprint review.

This rapid iteration of new prototypes and repeated demonstration of working software or hardware technology gives the customer and/or the Product Owner a very clear understanding of the project progress that is being made, inspires new ideas for features or changes either in the product itself or in the ways that the product may be used or marketed, and allows for rapid discussion of changes, improvements or design specifications that are desired between the customer and the project team.

Another way that Agile management practices can result in a project with relatively strong satisfaction for the customer is by delivering products to market quicker and more often with every release.

Finally, another factor that can allow Agile project management techniques to deliver greater customer satisfaction from your project is by possessing the potential for better results with self-funded or crowd funded projects; allowing the scope, scale or schedule of a project to rapidly be changed even in the middle of the project development cycle.

This means, for example, that Agile projects can adapt to be most compatible with a changing or insecure funding environment, a self-funded environment with very limited access to cash flow and resources, a crowd funding project that has delivered funding less than what has been hoped, or a crowd funding project that has turned out much more successful than anticipated, with plenty of upfront funding available, but with demands for manufacturing scale and product fulfilment that are much larger than originally anticipated.

These and other Agile hardware development techniques can be harnessed by any organisation. However if this is new to you, or it seems like a complex path – then consult the experienced team here at the LX Group.

We can partner with you – finding synergy with your ideas and our experience to create final products that exceed your expectations.

To get started, join us for an obligation-free and confidential discussion about your ideas and how we can help bring them to life – click here to contact us, or telephone 1800 810 124.

Published by LX Pty Ltd for itself and the LX Group of companies, including LX Design House, LX Solutions and LX Consulting, LX Innovations.

The PubNub Data Stream Network enables developers to rapidly build real-time apps that scale globally, without worrying about infrastructure. PubNub enables you to easily build and scale real-time apps and connected data-stream services for home automation, Internet-of-Things applications, connected devices and just about anything else with APIs and support across a large range of different platforms, operating systems and programming languages.

Using PubNub’s extensive, friendly documentation, quick-start guides, APIs and building blocks, you can easily get started building your own real-time, connected apps very quickly – building an entire simple app in minutes, without worrying about cloud connectivity or infrastructure.

The aim of the PubNub system is to provide a real-time infrastructure and framework for developers to build real-time apps as easily as building a web page. The PubNub Realtime Network provides global cloud infrastructure and key building blocks for real-time interactivity, allowing developers to spend their time and effort on what they do best, creating brilliant real-time apps, without worrying about infrastructure challenges, but also providing users with the real-time information updates, real-time connectivity, interaction, communication and collaboration experiences that they expect from today’s apps and web services.

Key “building blocks” are provided to implement basic functions such as analytics, mobile support, security, storage, presence detection and push notifications in your app, allowing you to rapidly “plug together” cloud-connected application prototypes.

The system provides support and SDKs for over 50 languages and development platforms, including iOS, Android, JavaScript, .NET, Java, Ruby, Python, PHP, and many others, and supports a vast array of platforms and frameworks with easy-to-use APIs for mobile, browser, desktop, server, or embedded Internet-of-Things applications.

Furthermore, PubNub Presence allows real-time monitoring of devices and their presence in Internet-of-Things applications, and PubNub offers many other features that are particularly valuable in IoT applications. However, the capability that PubNub provides, allowing you to add real-time communications to your apps without worrying about infrastructure, and to stream, store, sync, secure and manage your data on all devices, everywhere, is valuable for applications in all kinds of mobile, desktop or browser-based environments – not only in Internet-of-Things applications.

As well as support for these languages and operating systems, PubNub provides support, documentation and SDKs to enable connectivity with many popular hardware platforms for embedded and IoT applications, such as Electric Imp, mBed and Raspberry Pi. This allows for low-cost prototype and final product development thanks to PubNub working with these open-source hardware platforms.

You can try PubNub free of charge, using a free sandbox account for demonstration, hacking or experimentation. A sandbox-level account allows you to build PubNub-based applications with up to 20 daily active devices, which should be more than enough to get you up and running. If you need support, the free sandbox-tier account also provides access to the PubNub community forums, and a “best effort” service-level agreement.

Of course there are also a broad range of paid account tiers available, allowing you to support the number of devices and amount of bandwidth that your application requires at an economic rate that can scale up and grow with your business.

Message payloads up to 32 kilobytes in size can be sent through PubNub, with a small fee per message applicable to paid accounts, charged on a varying scale depending on the message payload size you send and whether or not SSL encryption is required for your message traffic.

The PubNub Developer Portal gives you easy access to all of your usage metrics, and these metrics are updated at least once per day, allowing you to always get an up-to-date snapshot of your historical message traffic and usage charges.

PubNub’s global cloud infrastructure allows you to build and deploy real-time apps with a very robust level of scalability, reliability, performance and service guarantees. PubNub streams more than three million messages a second to 150 million devices per month, connecting every PubNub-enabled device and platform in the world with a latency of less than 250 milliseconds.

With replication across 14 data centres around the world, PubNub provides a very high level of service reliability, and building and deploying your real-time apps via PubNub’s global infrastructure provides your applications and services with that same level of reliability even when you’re scaling up to hundreds of thousands of concurrently connected clients.

Data streamed through the PubNub real-time network is instantly replicated to PubNub’s data centres around the globe to minimise latency for the end user, and multiple levels of redundancy and failover ensure that your PubNub-based real-time app solutions always work essentially anywhere with very low latency, even with millions of users.

PubNub allows you to send messages between mobile devices instantly, and allows you to send and listen to events within your app by using simple publish and subscribe API calls. You can subscribe to a channel with a simple API call, and once subscribed to a channel, simply use the Publish API, specify the channel name and the message you’d like to send in order to publish a message to a channel.

The fact that PubNub is built around a Publish/Subscribe model for real-time messaging and signalling makes PubNub ideally suited to collecting, collating and distributing information from Internet-of-Things networks, an application area where protocols such as MQTT that are also based around a publish/subscribe messaging model are increasingly popular.

Once again, all of this means there exists another option, another choice, another system to get your Internet-of-Things ideas from your notebook to reality. And doing just that with any system may seem like an impossible task.

However with our team here at the LX group, it’s simple to get prototypes of your devices based on the Arrayent platform up and running – or right through to the final product. We can partner with you – finding synergy with your ideas and our experience to create final products that exceed your expectations.

To get started, join us for an obligation-free and confidential discussion about your ideas and how we can help bring them to life – click here to contact us, or telephone 1800 810 124.

Published by LX Pty Ltd for itself and the LX Group of companies, including LX Design House, LX Solutions and LX Consulting, LX Innovations.