#Lab Sat IoT
Explore tagged Tumblr posts
Text
Laboratorio espacial, paralizado por trabas a importaciones
Un laboratorio espacial que se puso en marcha con fondos del Estado nacional por 36 millones de pesos está paralizado por las trabas a las importaciones impuesta por el propio Gobierno nacional. (more…) “”
View On WordPress
#AFIP#ANR#Argentina#Consejo Profesional de Ingeniería de Telecomunicaciones#Copitec#Estado#fondos#Fundetec#importaciones#Lab Sat IoT#laboratorio#Laboratorio espacial#Ministerio de la Producción de la Nación#Secretaría de Comercio#SIRASE#Sistema de Importaciones de la República Argentina y de Pagos de Servicios al Exterior#SpaceX#trabas#Universidad de Palermo#UP
0 notes
Text
Swarm gets green light from FCC for its 150-satellite constellation
Swarm Technologies aims to connect smart devices around the world with a low-bandwidth but ever-present network provided by satellites — and it just got approval from the FCC to do so. Apparently the agency is no longer worried that Swarm’s sandwich-sized satellites are too small to be tracked.
The company’s SpaceBEE satellites are tiny things that will provide a connection to devices that might otherwise be a pain to get online. Think soil monitors in the middle of corn fields, or buoys in the middle of the ocean. Their signals don’t need low latency or high bandwidth — so the requirements for a satellite that serves them are much lower than for consumer broadband.
Consequently Swarm’s satellites are small — so small in fact that the FCC was worried that they would be difficult to track and might be a danger to other satellites. Part of the company’s responsibility in its application was to show that isn’t the case.
The FCC approval is just one step in the long process of getting approved to go to space for commercial operations, but it’s a big one. In addition to granting Swarm permission to send up its planned 150 satellites (and up to 600 if it decides to spread out a little), the FCC assigned Swarm the wireless spectrum it needs to operate. No use being in space if you’re forbidden from transmitting on the frequencies you need, right?
Longtime satellite communications provider ORBCOMM had objected that Swarm would be taking over some parts of the spectrum it has been assigned — but the FCC found that wasn’t actually the case and in fact the company was in a way making a sort of power play that would have extended its control over those frequencies. So their concerns were dismissed.
SpaceX also filed a comment suggesting that Swarm had not adequately considered its orbital debris footprint, neglecting in particular to include its satellites’ antennas in various calculations. It also said the satellites might be a risk to the International Space Station. But documents filed by Swarm addressing these questions seem to have satisfied the FCC completely — “We find that Swarm has taken the appropriate steps to address SpaceX’s concerns,” and it granted the application with the condition that the company abide by any upcoming orbital debris rules.
Leo Labs and its high-fidelity space radar track orbital debris better than ever — from New Zealand
Swarm has clearly moved well past the black mark on its FCC record when it launched test satellites without the proper approvals. The red tape involved in space operations is voluminous and it’s not uncommon to fall afoul of it — especially when your competitors, as evidenced by the above, are making more of it for you.
Now that it has its paperwork in order, Swarm plans to get its entire constellation in orbit by the end of the year.
“The FCC grant of Swarm’s spectrum and launch approvals is a big milestone for the company. Swarm is now poised to be first to market for an entire global satellite data communications constellation before the end of 2020,” said CEO and co-founder Sara Spangelo in a statement to TechCrunch.
“This is an important moment for the satellite industry, for US innovation in space, and for the large number of IoT customers world-wide that Swarm is excited to support with 2-way data services,” added CTO and co-founder Ben Longmire.
Both Sara and Ben were at TechCrunch Disrupt earlier this month, and the former sat on a panel with Bessemer Venture Partners’ Tess Hatch and OneWeb CEO Adrian Steckel (with myself as moderator). We chatted about a variety of topics relating to the new space economy — if you’re thinking of getting up there yourself, you might be interested to watch it below.
youtube
0 notes
Text
Can AI Save the Retail Industry?
Over the years, I’ve studied retail innovation and also retail stagnation. Among the white hot trends propelling retail startups and giving legacy brands hope are artificial intelligence (AI), computer vision, Internet of Things (IoT), connected sensors and good old fashioned ingenuity.
My friend MacyBayern of TechRepublic recently wrote about the role AI is specifically playing in retail innovation. Her resulting article features insights from industry experts and innovators. I also wanted to share our unabridged conversation with you here…
Brick and mortar stores are closing left and right, but artificial intelligence may be able to keep them alive.
The future of retail continues looking grim, as more brick and mortar stores close their doors. US retailers have announced 8,558 store closures so far this year, with total US store closures predicted to hit 12,000 by the end of 2019, reported Coresight Research on Friday.
While the internet and automation are typically to blame for these closures, the same technology could actually be the solution for physical store locations
Macy Bayern: What are some of the most popular ways retailers are using AI?
Brian Solis: AI is one of those things that means a lot of different things to different people. I recently read a study that only 54% of CX leaders have an accurate understanding of AI. Basically, with AI, we’re dealing with machines that can simulate intelligent behavior or imitate intelligent human behavior, i.e. sense, reason, act and adapt. I share this because, one of the most popular way retailers, and leading brands, are using AI today, is actually through machine learning. The difference is that with machine learning, systems can recognize patterns from clean data sets, and with proper management, learn from that data to assess and even predict outcomes and improve performance over time. We most often see this in real-time and predictive analytics often employed in advanced marketing and CX cases. This helps retailers learn how to personalize engagement, offers and next best action as well as guide product and service development.
Beyond analytics, one of the more popular examples discussed is Amazon Go and its “Just Walk Out Technology.” What’s fascinating here is that the store is using computer vision, sensor fusion supported by machine learning (in this case deep learning) similar to how self-driving cars operate. In the latter case, self-driving cars are packed with sensors that generate data to drive in real-time and improve driving over time. In Amazon Go stores, the systems are observing and anticipating behaviors by tracking people from the time they enter the store to the time they leave. The technology is constantly looking for “who took what?” The system also pairs with the Amazon Go app to offer a checkout-free experience. Based on what the computer vision sees, i.e. what you pick up or put down, combined with historical purchase data, Amazon Go will automatically charge the customer via the app and update inventory management systems.
In April, Walmart unveiled its store of the future, called the “Intelligent Retail Lab” or “IRL” for short. Instead of using intelligent technology to track items and purchases, Walmart’s system is tracking inventor levels to alert staff when shelves need to be restocked or if fresh items have sat too long and need to be pulled.
In another example, Walgreens uses data from its anti-viral prescriptions to track the spread of the flu. Doing so helps customers see the flu levels in their area and also helps Walgreens manage stock across its 8,000 stores.
Using IBM Watson cognitive computing tech, North Face personalizes product matching based on real-time customer input on where they’re going and when and how they plan to spend their time when there.
Neiman Marcus uses intelligent visual search in its “Snap. Find. Shop.” app that allows customers to input pictures of their favorite things and then search inventory to match similar items.
Macy: How can AI help improve business functions in retail?
Brian: AI in all of its forms, is helping retailers in customer-facing and back office applications. Currently there are several parallel business functions where AI is already making an impact. As in the case of Amazon, transactions can be not only automated, but also in-store and online offers can be further personalized based on behavior while also improving and automating overall store operations. In the cases of Amazon, Walmart and Walgreens, that personalization based on real-time and predictive analytics, can also improve inventory and supply chain management, pricing and demand forecasting. AI-driven personalization can of course also improve and optimize marketing, promotion, CRM and customer service and support.
Macy: What does the future of retail AI look like?
Brian: In a word, experiential. AI takes the monotony of retail experiences and improves them. It also introduces new opportunities that unlock new possibilities with retail experiences.
The future of AI-powered retail ironically will help brands become more personal. At the same time, retail experiences will not only become individually personalized at scale, it will also become increasingly automated and autonomous. More so, consumer choice will become less chaotic and stressful. Even though consumers have unprecedented freedom choice today they also carry a burden of it too (and that causes great unfettered stress). Just search for blue dress shirt with straight collars (add your gender of choice on Amazon and look at the number of results. When I searched for a men’s shirt, I was presented with over 1,000 results. I think one of the more promising and realistic future scenarios includes screens, connected dressing rooms and virtual racks that are tailored to me based on my personal, data-defined, persona that only shares things with me that I would consider based on previous history and also coming trends aligned with individual preferences. You could play that scenario out in a multitude of retail sectors, i.e. automotive, appliances, etc.
Brian Solis, Author, Keynote Speaker, Futurist
Brian Solis is world-renowned digital analyst, anthropologist and futurist. He is also a sought-after keynote speaker and 8x best-selling author. In his new book, Lifescale: How to live a more creative, productive and happy life, Brian tackles the struggles of living in a world rife with constant digital distractions. His model for “Lifescaling” helps readers overcome the unforeseen consequences of living a digital life to break away from diversions, focus on what’s important, spark newfound creativity and unlock new possibilities. His previous books, X: The Experience When Business Meets Design and What’s the Future of Business explore the future of customer and user experience design and modernizing customer engagement in the four moments of truth.
Invite him to speak at your next event or bring him in to your organization to inspire colleagues, executives and boards of directors.
Follow Brian Solis!
Podcast: WTF (What’s the Future!?) Twitter: @briansolis Facebook: TheBrianSolis LinkedIn: BrianSolis Instagram: BrianSolis Pinterest: BrianSolis Youtube: BrianSolisTV Newsletter: Please Subscribe
Speaking Inquiries: Contact
Photo Credit: Marcin Kempa @ashenkris, Unsplash.com
The post Can AI Save the Retail Industry? appeared first on Brian Solis.
Can AI Save the Retail Industry? published first on https://likesandfollowersclub.weebly.com/
0 notes
Text
Machine Learning Courses
TensorFlow is a finish-to-finish open-source platform for machine studying. I'm sharing all those assets in a series of a weblog submit like this. Earlier, I have shared some programs to study TensorFlow, one of the in style machines studying the library and as we speak I am going to share some more to learn these applied sciences. We be taught what Unsupervised Learning algorithms are, working of the algorithms and their scope of application - Clustering and Dimensionality Reduction.
The growth of Machine Learning Courses functions has created a requirement for off-the-shelf machine learning methods that can be used extra easily and without essentially knowledgeable data. The aim is to progressively automate these manual duties in what's being called AutoML. Weekend Classroom Mode: The classroom faculty will be present to clear all of your doubts. They will also guide you in your lab periods and for tasks. All Nice Learning faculty are extremely skilled and technically expert, and will probably be desirous to make you study effectively.
To cater to any special wants of the candidates, we provide Online Machine Studying Coaching program as properly. Utilization of Multiple Technologies in ML: The rise of IoT has profited Machine Learning from quite a few points of view. The utilization of different mechanical strategies to perform higher studying is as of now could be followed in ML; later on progressively "group studying " by utilizing varied advances is plausible.
Every training program contains multiple initiatives that will totally check your expertise, learning, and practical information to make you match for the trade. Our learning expert will help you to choose the fitting programs. You do not have to create a six-point plan in an effort to construct a knowledge science enterprise. In line with Gartner, you may wish to perform small experiments in a set of enterprise areas with a certain technology with a view to developing a greater studying system.
Apply concepts of Machine Learning Courses to actual life issues and functions. Upon completion of the following minimum requirements, you will be eligible to receive the Publish Graduate Program certificate that will testify to your skills as an expert in AI and Machine Learning. Unsupervised Machine Learning is an algorithm that is useful to find and analyzing hidden patterns within the input information. Subsequently, it's nearly the alternative of supervised machine learning. Cluster analysis is the most typical method that is used for locating hidden patterns in data.
Turns on the market's other option for how you can spend your time this summer: studying. Somewhat than shutting down your mind, why not gasoline it instead? That approach, whereas everybody else is daydreaming, you possibly can climb up the profession ladder and finally take over the world. These world-class programs, which concentrate on a selected area of study, are nice stepping stones to lucrative and wonderful careers in machine studying, data science, and so much more. If you don't want the Baxters of the world to take you out of date, you greatest train them just who the grasp is.
It was fantastic learning expertise with Simplilearn. They provide great programs with each on-line and interactive lectures. Overall the educational was quite simple, as the identity says Simplilearn. Great schools and customer support to stick your queries and considerations rapidly. I might highly recommend Simplilearn. Machine Learning Courses is a field with an impressively numerous set of research kinds. Understanding this may be important in appreciating what you see at a conference.
ExcelR - Data Science, Data Analytics Course Training in Pune Address: 102, 1st Floor, Phase II, Prachi Residency Opposite to Kapil Malhar, Baner Rd, Baner, Pune, Maharashtra 411046 E-mail- [email protected] Phone Number- +91 98809 13504 Hour: Mon- Sat 07AM – 11PM Established in Year: 2013 Category- Training & Education
0 notes
Text
Swarm gets green light from FCC for its 150-satellite constellation
Swarm Technologies aims to connect smart devices around the world with a low-bandwidth but ever-present network provided by satellites — and it just got approval from the FCC to do so. Apparently the agency is no longer worried that Swarm’s sandwich-sized satellites are too small to be tracked.
The company’s SpaceBEE satellites are tiny things that will provide a connection to devices that might otherwise be a pain to get online. Think soil monitors in the middle of corn fields, or buoys in the middle of the ocean. Their signals don’t need low latency or high bandwidth — so the requirements for a satellite that serves them are much lower than for consumer broadband.
Consequently Swarm’s satellites are small — so small in fact that the FCC was worried that they would be difficult to track and might be a danger to other satellites. Part of the company’s responsibility in its application was to show that isn’t the case.
The FCC approval is just one step in the long process of getting approved to go to space for commercial operations, but it’s a big one. In addition to granting Swarm permission to send up its planned 150 satellites (and up to 600 if it decides to spread out a little), the FCC assigned Swarm the wireless spectrum it needs to operate. No use being in space if you’re forbidden from transmitting on the frequencies you need, right?
Longtime satellite communications provider ORBCOMM had objected that Swarm would be taking over some parts of the spectrum it has been assigned — but the FCC found that wasn’t actually the case and in fact the company was in a way making a sort of power play that would have extended its control over those frequencies. So their concerns were dismissed.
SpaceX also filed a comment suggesting that Swarm had not adequately considered its orbital debris footprint, neglecting in particular to include its satellites’ antennas in various calculations. It also said the satellites might be a risk to the International Space Station. But documents filed by Swarm addressing these questions seem to have satisfied the FCC completely — “We find that Swarm has taken the appropriate steps to address SpaceX’s concerns,” and it granted the application with the condition that the company abide by any upcoming orbital debris rules.
Leo Labs and its high-fidelity space radar track orbital debris better than ever — from New Zealand
Swarm has clearly moved well past the black mark on its FCC record when it launched test satellites without the proper approvals. The red tape involved in space operations is voluminous and it’s not uncommon to fall afoul of it — especially when your competitors, as evidenced by the above, are making more of it for you.
Now that it has its paperwork in order, Swarm plans to get its entire constellation in orbit by the end of the year.
“The FCC grant of Swarm’s spectrum and launch approvals is a big milestone for the company. Swarm is now poised to be first to market for an entire global satellite data communications constellation before the end of 2020,” said CEO and co-founder Sara Spangelo in a statement to TechCrunch.
“This is an important moment for the satellite industry, for US innovation in space, and for the large number of IoT customers world-wide that Swarm is excited to support with 2-way data services,” added CTO and co-founder Ben Longmire.
Both Sara and Ben were at TechCrunch Disrupt earlier this month, and the former sat on a panel with Bessemer Venture Partners’ Tess Hatch and OneWeb CEO Adrian Steckel (with myself as moderator). We chatted about a variety of topics relating to the new space economy — if you’re thinking of getting up there yourself, you might be interested to watch it below.
youtube
from TechCrunch https://ift.tt/35LkXpm via IFTTT from Blogger https://ift.tt/2MPKIML via IFTTT
0 notes
Text
Startups Weekly: Lessons from a failed founder
I sat down with Menlo Ventures partner Shawn Carolan this week to talk about his early investment in Uber. Menlo, if you remember, led Uber’s Series B and has made a hefty sum over the year selling shares in the ride-hailing company. I’ll have more on that later; for now, I want to share some of the insights Carolan had on his experience ditching venture capital to become a founder.
Around when Menlo made its first investment in Uber, Carolan began taking a step back from the firm and building Handle, a startup that built tools to help people be more productive. Despite years of hard work, Handle was ultimately a failure. Carolan said he shed a lot of tears over its demise, but used the experience to connect more intimately with founders and to offer them more candid, authentic advice.
“People in the valley are always achievement-oriented; it’s always about the next thing and crushing it and whatever,” Carolan told TechCrunch. “When [Handle] shut down, I had this spreadsheet of all the people who I felt like I disappointed: Seed investors who invested in me, all the people at Menlo and my friends who had tweeted out early stuff. It was a long spreadsheet of like 60 people. And when I started a sabbatical, what I said was I’m going to go connect with everyone and apologize.”
Today, Carolan encourages founders to own their vulnerabilities.
“It’s OK to admit when you’re wrong,” he said. “Now I can see it on [founders’] faces, I can see when they’re scared. And they’re not going to say they’re scared but I know it’s tough. This is one of the toughest things that you’re going to go through. Now I can be there emotionally for these founders and I can say ‘here’s how you do it, here’s how you talk to your team and here’s what you share.’ A lot of founders feel like they have to do this alone and that’s why you have to get comfortable with your vulnerability.”
After Handle shuttered, Carolan returned to Menlo full time and made the firm a boatload of money from Roku’s IPO and now Uber’s. Anyway, thought those were some nice anecdotes that should be shared since most of our feeds are dominated by Silicon Valley hustle porn.
Want more TechCrunch newsletters? Sign up here. Ok, on to other news…
IPO corner
Uber dropped its S-1: We’ve got the basic deets, a rundown on key stakeholders, the company’s plan to help drivers buy stock, a look at all the money it’s has made from global divestitures and a glimpse at the company’s R&D spending for self-driving cars.
Pinterest is an “undercorn”: The visual search engine set its IPO range at $15 to $17 per share earlier this week. That translates to a midrange valuation of $10.64 billion, nearly $2 billion less than the company’s most recent private market valuation of $12.3 billion, hence “undercorn.”
PagerDuty pops: The SaaS business’s shares began trading on the NYSE on Thursday, popping more than 60 percent on their debut.
Jumia makes history: Jumia became the first startup from Africa to list on a major global exchange this week when it debuted its shares on the NYSE under the ticker symbol “JMIA.”
Lyft declines: The Uber competitor finished out the week trading at less than $60 per share, significantly below its initial share price of $74. Ouch.
Funds on funds on funds
There were so many fund announcements this week; here’s a quick list.
Source Code Capital raises $570M
B Capital nets $406M
Defy.VC gets $262M
Slow Ventures grabs $220M
LiveOak Venture Partners secures $105M
Octopus Ventures nabs £83M
Extra Crunch
Lots of great new exclusive content for our Extra Crunch subscribers is on the site, including this deep dive into the challenges of transportation startup profits. Plus: When to ditch a nightmare customer, before they kill your startup; The right way to do AI in security; and The definitive Niantic reading guide.
Lawsuits
Sinema, that one MoviePass competitor, has run into its fair share of bumps in the road. TechCrunch’s Brian Heater hopped on the phone with the startup’s CEO this week to learn more about those bumps, why its terminating accounts en masse, a class-action lawsuit its battling and more.
Photo by Stephen McCarthy / RISE via Sportsfile
Startup capital
Grab plans to raise $2B more this year
Online fantasy sports service Dream11 surpasses $1B valuation
The SoftBank Vision Fund backs travel platform Klook
Klaviyo raises $150M Series B
Mos raises $4M for its college financial aid platform
Battlefield!
TechCrunch’s Startup Battlefield brings the world’s top early-stage startups together on one stage to compete for non-dilutive prize money, and the attention of media and investors worldwide. Here’s a quick update on some of our BF winners and finalists:
Bouy Labs, which builds IoT monitors for water use and response, was acquired by Resideo
Connect Med, a telemedicine platform focused on serving the sub-Saharan African market, has sold to Merck
Pi, a wireless charging startup, has rebranded to Spansive as it expands to new countries
Unbound brings the first ever high-fashion jewelry vibrator to market
#Equitypod
If you enjoy this newsletter, be sure to check out TechCrunch’s venture-focused podcast, Equity. In this week’s episode, available here, Crunchbase News editor-in-chief Alex Wilhelm, myself and Phil Libin, the founder of Evernote and AllTurtles, chat about the importance of IPOs. Plus, in a special Equity Shot, Alex and I unpack the Uber S-1.
source https://techcrunch.com/2019/04/13/startups-weekly-lessons-from-a-failed-founder/
0 notes
Text
Startups Weekly: Lessons from a failed founder
I sat down with Menlo Ventures partner Shawn Carolan this week to talk about his early investment in Uber. Menlo, if you remember, led Uber’s Series B and has made a hefty sum over the year selling shares in the ride-hailing company. I’ll have more on that later; for now, I want to share some of the insights Carolan had on his experience ditching venture capital to become a founder.
Around when Menlo made its first investment in Uber, Carolan began taking a step back from the firm and building Handle, a startup that built tools to help people be more productive. Despite years of hard work, Handle was ultimately a failure. Carolan said he shed a lot of tears over its demise, but used the experience to connect more intimately with founders and to offer them more candid, authentic advice.
“People in the valley are always achievement-oriented; it’s always about the next thing and crushing it and whatever,” Carolan told TechCrunch. “When [Handle] shut down, I had this spreadsheet of all the people who I felt like I disappointed: Seed investors who invested in me, all the people at Menlo and my friends who had tweeted out early stuff. It was a long spreadsheet of like 60 people. And when I started a sabbatical, what I said was I’m going to go connect with everyone and apologize.”
Today, Carolan encourages founders to own their vulnerabilities.
“It’s OK to admit when you’re wrong,” he said. “Now I can see it on [founders’] faces, I can see when they’re scared. And they’re not going to say they’re scared but I know it’s tough. This is one of the toughest things that you’re going to go through. Now I can be there emotionally for these founders and I can say ‘here’s how you do it, here’s how you talk to your team and here’s what you share.’ A lot of founders feel like they have to do this alone and that’s why you have to get comfortable with your vulnerability.”
After Handle shuttered, Carolan returned to Menlo full time and made the firm a boatload of money from Roku’s IPO and now Uber’s. Anyway, thought those were some nice anecdotes that should be shared since most of our feeds are dominated by Silicon Valley hustle porn.
Want more TechCrunch newsletters? Sign up here. Ok, on to other news…
IPO corner
Uber dropped its S-1: We’ve got the basic deets, a rundown on key stakeholders, the company’s plan to help drivers buy stock, a look at all the money it’s has made from global divestitures and a glimpse at the company’s R&D spending for self-driving cars.
Pinterest is an “undercorn”: The visual search engine set its IPO range at $15 to $17 per share earlier this week. That translates to a midrange valuation of $10.64 billion, nearly $2 billion less than the company’s most recent private market valuation of $12.3 billion, hence “undercorn.”
PagerDuty pops: The SaaS business’s shares began trading on the NYSE on Thursday, popping more than 60 percent on their debut.
Jumia makes history: Jumia became the first startup from Africa to list on a major global exchange this week when it debuted its shares on the NYSE under the ticker symbol “JMIA.”
Lyft declines: The Uber competitor finished out the week trading at less than $60 per share, significantly below its initial share price of $74. Ouch.
Funds on funds on funds
There were so many fund announcements this week; here’s a quick list.
Source Code Capital raises $570M
B Capital nets $406M
Defy.VC gets $262M
Slow Ventures grabs $220M
LiveOak Venture Partners secures $105M
Octopus Ventures nabs £83M
Extra Crunch
Lots of great new exclusive content for our Extra Crunch subscribers is on the site, including this deep dive into the challenges of transportation startup profits. Plus: When to ditch a nightmare customer, before they kill your startup; The right way to do AI in security; and The definitive Niantic reading guide.
Lawsuits
Sinema, that one MoviePass competitor, has run into its fair share of bumps in the road. TechCrunch’s Brian Heater hopped on the phone with the startup’s CEO this week to learn more about those bumps, why its terminating accounts en masse, a class-action lawsuit its battling and more.
Photo by Stephen McCarthy / RISE via Sportsfile
Startup capital
Grab plans to raise $2B more this year
Online fantasy sports service Dream11 surpasses $1B valuation
The SoftBank Vision Fund backs travel platform Klook
Klaviyo raises $150M Series B
Mos raises $4M for its college financial aid platform
Battlefield!
TechCrunch’s Startup Battlefield brings the world’s top early-stage startups together on one stage to compete for non-dilutive prize money, and the attention of media and investors worldwide. Here’s a quick update on some of our BF winners and finalists:
Bouy Labs, which builds IoT monitors for water use and response, was acquired by Resideo
Connect Med, a telemedicine platform focused on serving the sub-Saharan African market, has sold to Merck
Pi, a wireless charging startup, has rebranded to Spansive as it expands to new countries
Unbound brings the first ever high-fashion jewelry vibrator to market
#Equitypod
If you enjoy this newsletter, be sure to check out TechCrunch’s venture-focused podcast, Equity. In this week’s episode, available here, Crunchbase News editor-in-chief Alex Wilhelm, myself and Phil Libin, the founder of Evernote and AllTurtles, chat about the importance of IPOs. Plus, in a special Equity Shot, Alex and I unpack the Uber S-1.
Via Kate Clark https://techcrunch.com
0 notes
Text
Original Post from InfoSecurity Magazine Author:
IoT Flaws Reveal Need to Work with Researchers
Two new vulnerabilities within IoT devices could have given cyber-criminals direct access to the personal data and home networks of consumers, according to McAfee Labs.
At the Mobile World Congress (MWC) in Barcelona, Spain, McAfee’s advanced threat research team revealed new vulnerabilities in both BoxLock and Mr. Coffee coffee makers, demonstrating the need for consumers to be aware of the cyber risks inherent in the connected devices they bring into their lives.
BoxLock, a smart padlock designed to protect deliveries, reportedly had a vulnerability that enabled hackers to remotely unlock the device. Researchers revealed that they were able to open BoxLock using the built-in barcode scanner using Bluetooth Low Energy (BLE), a wireless technology used in many IoT and smart devices.
“I was amazed; the phone that I used to send the GATT command over had never connected to the BoxLock before and did not have the BoxLock application installed, yet it was able to unlock the BoxLock,” wrote Sam Quinn, security researcher, McAfee.
Researchers applauded the response they received from BoxLock. “Vulnerability disclosure can be a challenging issue for any company to deal with, but BoxLock was incredibly responsive, easy to work with and immediately recognized the value that McAfee ATR had provided.”
The second vulnerability revealed at MWC was within the Mr. Coffee coffee makers, which reportedly gave hackers a backdoor to access home networks. Researchers said that in the coffee makers with WeMo, they were able to make changes to the brewing schedule. The researchers were even able to write their own commands through a hole in the firmware, which was reportedly the result of coding issues.
“I had the ability to upload any template of my choice and have it pass all the WeMo’s verification steps necessary to be used by a scheduled rule. I appended a new template called ‘hack’ and added a block of code within the template to download and execute a shell script,” wrote Quinn.
“Now, I sat back and waited as the coffee maker (at my specified time delay) connected to my computer, downloaded my shell script and ran it. I verified that I had a reverse shell and that it ran as intended, perfectly. This vulnerability does require network access to the same network the coffee maker is on. Depending on the complexity of the user’s password, WiFi cracking can be a relatively simple task to accomplish with today’s computing power.”
Both vulnerabilities demonstrate that not all exploits are overly complicated or require an exceptional amount of effort to pull off. As a result, vendors and researchers need to be able to work together to mitigate the risks to consumers.
“Cyber-criminals are relentless, and as long as we continue to connect devices to the internet, they will continue to search for ways to exploit them,” said Raj Samani, McAfee fellow and chief scientist in a press release.
“Vulnerability disclosures can be frightening for both the consumers using connected devices and the organizations that create them; however, the process is an essential component of creating a safer future. Cybersecurity researchers, businesses and consumers working together to expose and eliminate these vulnerabilities keeps us all a step ahead of the bad guys.”
Go to Source Author: IoT Flaws Reveal Need to Work with Researchers Original Post from InfoSecurity Magazine Author: IoT Flaws Reveal Need to Work with Researchers Two new vulnerabilities within IoT devices could have given cyber-criminals direct access to the personal data and home networks of consumers, according to…
0 notes
Text
The Way the IoT Affirms the world's largest Businesses Climate and environment
Transport
The Internet of Things (IoT) has helped us to connect our society in so many approaches, bringing tremendous developments and convenience to our own lives, health and homes. But we're often guilty of carrying it for granted and failing to celebrate the various ways in that being joined supports some of the planet's largest apple tech support phone industries, such as agriculture, transport, manufacturing and even the cities where people live. With around half of the world's population today online and discovering an increasing number of businesses are turning into technician everyday, '' I thought it would be a perfect moment to highlight several of the essential changes IoT has generated the society what it is today. Including caring for the overall wellbeing of cattle, analysing grazing time, and even water consumption through sensor-fitted collars. These can even alert farmers whenever they feel motions associated with labour from pregnant cattle. Meanwhile, organisations like the Wildlife Conservation Society are monitoring endangered species likely to poaching activities throughout the usage of motion-sensing cameras.
Various organisations are already providing smarter solutions for protecting the entire world, as an example, San Franciscan startup, Rainforest Link, enhanced the security of forests vulnerable to deforestation for example Indonesia and the Amazon. This has been accomplished by transforming mobile telephones into semi listening apparatus attached to the trees, these are put to alert rangers should they feel the sound of a leash from over a kilometre away. Other cases can be understood through IBM's China Research Lab and London's Pigeon Air Patrol, which are climbing up the quality of the town's atmosphere through a forecasting system that promotes pollution levels in different neighborhoods.
Not only are you currently finding that IoT minimises their usable costs but additionally lets them telguard tech support attain superior results. As an instance, harmful pesticides and extreme climate which could have adverse effects on plants can be discovered ahead of time -- This way a plan of action might be put inplace.
In various ways, it feels as if the transport business has long used IoT, thanks to technologies like sensor streetlights, speed cameras, speed, and Sat Navs which have now been prevalent since 2013. It's no wonder the introduction of Oyster cards 2003 was a enormous success, after to be substituted by a contactless payment system which now accounts for more than a billion journeys. We saw London's iconic red buses go green at 2014 together with the debut of charging hybrids. Similarly, car manufacturers such as Mercedes, BMW, and Tesla all have plans to launch driverless cars at the near future, with forecasts that 10 million self-driving cars are going to be on the road by 2020.
Although it's interesting to determine the how IoT has become so wide spread and had such a gigantic influence on various businesses and people's own lives, it's almost natural to neglect the risks and dangers that come with it or envisage a while when we handled without it. As a growing number of industries make use of the advantages offered by IoT, poorly secured devices pose an increasing risk. That is why we must bear in mind that all apparatus will need to be shielded with networks that are secure and the most recent applications. In the age of the net of things, this is likely to soon be significantly more significant than everbefore. Agriculture
Whilst The International Telecommunication Union forecast that rural regions and developing countries will evolve how they access power and also the internet as a result of smarter energy saving solutions.
0 notes
Link
A conversation with three storytellers who are working to innovate and disrupt film/tv/vr in new and unique ways in order to provide new avenues to success for future storytellers
Learn from the following panelists:
Devin Dixon is a technologist and a serial entrepreneur. In 8th grade, he taught himself how to program in C++, started his first business while in college, and majored with a computer science and business degree. With his experience being a founding member of several companies, he helps other Entrepreneurs achieve their goals. Today he is running BingeWave, which combine media and IoT to create a powerful ecosystem for underrepresented groups.
Valerie Lisayansky is the founder and managing partner of SWARM, an award winning digital agency. She has roughly a decade of experience in web & mobile creation and consulting. SWARM offers only the best in strategy, design and development, and coupled with their deep understanding of customer experience and growth. Every day their goal is to create digital products that outperform the competition, while pushing technology to its limits.
Brandon Henriquez is the Founder of Pretend Labs, a New York City based Virtual Reality Content Studio. Being one of the first individuals to develop for the Microsoft HoloLens after launch, Brandon has pushed the envelope to help grow and cultivate the Virtual Reality community through bi-weekly events showcasing the technology and how to utilize it. Brandon has held workshops for multiple companies illustrating how Virtual Reality solutions can affect the workplace in a whole new light, then working with said companies to develop applications that fit their industry specific needs. Since Pretend Labs founding in April 2017, Brandon has focused on developing and producing the wide array of formats involved in the Virtual Reality spectrum ranging from Augmented Reality, 360 Video production as well as a customized Mixed Reality solution. Pretend Labs has since been involved with organizations such as Support Creativity, Jump into the Light, Studio Anise and the New York Indie Film Festival hosting VR Experiences for the masses to enjoy.
Moderator: Daron Jenkins is a media entrepreneur, host of the "Drop the Mic" podcast and the founder of New York Film Loft Storyteller Lab, an incubator and community of creators and innovators from film, television, and VR/AR/360. He runs Original Television, which is a network for original independent shorts, web series, and indie features, and has his own PR media company SCENE!PR, where he and his team develop events, film & tv, social media, marketing, and design content. Daron is a former student of UCB Sketch & Improv and manages/produces for the NYC based indie band, Eleventh Ward. A comic book artist in his past life, he has a real passion for the startup world.
0 notes
Text
XBOX Offical Gamescom Conference - August 20, 2017
At 1:00PM MST, the official stream from Cologne, Germany came alive on my XBOX ONE (via Mixer) as myself and most of the gaming world sat in eager anticipation of what Microsoft had in store for us.
Here is a breakdown of what was presented:
The CGI world premiere trailer for Assassin’s Creed: Origins was presented in all its glory. This trailer provided a better insight of the game storyline and a better look into the gaming environment and landscape. The game will be released October 27, 2017 and will be one of the 4K enhanced titles for XBOX ONE X.
The trailer for Playersunknown Battleground was presented, followed by a breakdown of the game with one of the developers regarding gameplay and behind the scenes storyline.
The world premiere for Jurassic World Evolution where you get to build your own Jurassic world, coming Summer 2018.
Aaron Greenburg, developer, indicated that over 400 titles (and growing) will be available for backwards compatibility on the new XBOX ONE X including those from the XBOX ONE and XBOX 360.
And then the stream crashed for EVERYONE!!!! (oh no…)
The stream came back to a special exclusive game announcing — Recore: Definitive Edition, releasing August 29, 2017. If you are a Game Pass member, get it free.
It was announced if you were watching the stream on XBOX Mixer and were signed in, you could win a copy of the game.
Something big for the PC Gamers was the announcement of the Age of Empires, 20th Anniversary celebration tomorrow. There will be a live stream, live at this time tomorrow, wherein they will release exclusive information regarding the game.
Many games will be utilizing the cross platforming such as between Steam/Windows 10/XBOX Live.
Rise of Nations – real time strategy game, is being brought to Windows 10 and will unite Steam players and Windows 10 players.
This being the fifth holiday season with the Xbox One, it has been announced that beloved family titles from Disney and fan favorite Zoo Tycoon will land on XBOX Live OCT 31 in full enhanced 4K HDR.
Halo 2 Wars has a new expansion coming with a new campaign and story. You will play as the banished and from a new perspective. New multiplayer maps and fire fight mode. This expansion drops August 26 in full 4K HDR.
A promo for Xbox Game Pass that came out in June, costs $11.99/month, and has access to over 100 games to download and play and add 7 new titles this month. Try it for free for 14 days.
http://www.xbox.com/en-CA/games/xbox-game-pass
Conversations with main developers on the Xbox One X, talking how gamers pick Xbox because of the access to the biggest franchises in gaming. Xbox One will be exclusive be Forza Motorsport 7, Sea of thieves. State of decay 2, among other in full 4K HD.
The 4K resolution and power of the Xbox One X, has enhanced by 40% power 60% memory.
100 titles are planned to be enhance for Xbox One X in full 4K HD, from all types including shooter to RPG.
Check out Major Nelson website for all things XBOX news: https://majornelson.com/page/2/
Official Gameplay trailer of Forza Motorsport 7:
Provided info on new cars. Is the first game built from bottom up for PC, with 700 available cars and dynamic weather. All designed to full 4K resolution.
This game will have an unlocked frame-rate.
Designed to bring PC and console players into one place and is capable to run on simple devices including ones such as the surface pro 4.
Standard and Deluxe edition available October 3, 2017 and Ultimate Edition available September 29, 2017
Xbox One x Exclusive Release Teaser Trailer (same one as e3)
The transition from Xbox One to Xbox One S to Xbox One X has been made easier. Settings can transfer through Xbox live account, and get all updates downloaded live now before the One X launches and then you don’t have to wait for it to download when the system is first installed and you can jump into the games right away. You can attach external from you Xbox One and plug right into the One X and no need to worry as all your games will work the same.
Some new features already been seen on the One that will be for enhances One X- when you boot there is a new home screen with enhanced speed and discovery (easy to find info and other players), streaming on Mixer by other players — bringing gamers together, personalization, content blocks to pin people and pin things that you want easy access to see, new guide for speed and layout.
Light mode will be added as the home screen is currently set to always be in dark mode.
Mixer is becoming an easier way to stream live to other players and will be enhanced to allow live game streaming.
State of Decay 2 teaser trailer
Gamers must play State of Decay 1 in order to understand the backstory and gameplay of this one. It is a ruin survival fantasy game that allows you to essentially build your own story. The game will reveal more secrets to the backstory and allow for further discovery. Releases in Spring 2018.
Official World of Tanks War Stories Trailer
Trailer for XBOX Design Lab
Now has several new options for customization.
https://xboxdesignlab.xbox.com/en-CA/?rtc=1
ID@XBOX Games Trailer
There was a discussion of the Id@Xbox program which is celebrating its 4th anniversary – 2500 dev kits every month, over 1500 games, over 2 million achievements. Has spawned indie developers such as Big Giant and AAA.
To get in on the developing fun, you can open Xbox to download the software, design your own game and then have it shipped to use on Xbox. It’s something that is open for anyone who wants to create their own game.
Some feature indie games that are coming out include Cup Head, Path of Exile and Raider of Broken Planet.
http://www.xbox.com/en-CA/Developers/id http://www.idatxbox.com/
Sea of thieves Trailer
The big development since E3 is that the game is being developed for cross-play between the Xbox One and Windows 10, allowing for more friends to be able to play together. Release date for both platforms is same day
Minecraft Console Exclusive World Premiere
Middle Earth Shadows of War Exclusive Trailer
There will be released exclusive bundles for this game that will be announced in the future.
There is an exclusive conference from the developer that will be live feed on Tuesday August 22, at 9:30 pm Germany Time that will provide more details and unique special announcements
Cuphead Trailer
The game is currently active in demo mode , wrapping up development soon. and will support mutli platform.
The game will be available September 29, 2017 on Xbox One, Steam and Windows 10.
Surviving Mars World Premiere
Coming 2018
AND THEN THE MOMENT WE ALL WERE WAITING FOR:
The World Premiere of the Xbox One X Project Scorpio Edition
Pre-Order is open NOW!
http://www.xbox.com/en-CA/xbox-one-x#buy
And if that wasn’t enough, Major Nelson himself unboxed a Xbos One X Scorpio Edition LIVE!!
As I am writing this, I have already placed my pre-order for the amazing device. IOt was already sold out at one place in my area so I was lucky that the other one had some left for pre-order. It won���t get here till November 14, 2017….but I’m willing to wait.
The limited edition version: Project Scorpio will sell out fast so pre-order your now.
The XBOX ONE X launches November 7, 2017!!
Out of stock
XBOX Offical Gamescom Conference – August 20, 2017 was originally published on Game-Refraction
0 notes
Text
Out of this World Wearable Connections: An Interview with the women of Wearable Media
Clever Tech Digest sat down with the power house female trio of creative technologists and designers that make up Wearable Media!
Wearable Media strives to combine technology and fashion to help connect consumers to greater global concepts, or even celestial influences. Increasing environmental and social awareness through high fashion inspires the team's creations to push past the wearable tech market, and into Wearable Media.
Wearable Media is based at the Brooklyn Fashion + Design Accelerator, and showcased their tangible social media garments at SXSW this year.
For our readers just learning about Wearable Media, please describe your team's background, what Wearable Media is, and its original inspiration.
We are an international and bilingual(in both English and Chinese) dynamic team of three women who are passionate about integrating technology with textiles. Each of us came from a different division of design and share a common understanding of technology. Our collaborative spirit enables us to bring all of our skills in e-textile, smart clothing prototyping, smart clothing design, user experience design, branding, visual design, IoT development, and web development together for consumers and the wearable tech community.
You recently exhibited Wearable Media garments at SXSW, what new tech trends inspired you the most?
The power of using data for simple and widely distributed technology really impressed Wearable Media. While we were at SXSW, we were lucky enough to meet Rebecca Minkoff. She showcased her new line of handbags with QR code sewed into the bag. You might say this isn’t the newest technology. However, this simple technology gave Rebecca’s customers instant access to loyalty programs.
What guiding principles help your team develop desirable and meaningful Coded Couture instead of just another wearable gadget?
Compassion and curiosity. We know our audience and we understand their imaginative nature. Because our focus is design and storytelling, our creations automatically steer away from being “the next gadget.”
vimeo
vimeo
Wearable Media is working with Cyborg Futures to explore human senses and expand them into new territories. How do you plan to create new realms for expression and understanding through this collaboration?
Our collaboration with Cyborg Futures was a fascinating exploration in the field of Artificial Senses. The ideation process was to develop a method in which our senses can be artificially enhanced. Our team specifically focused on the high concept of light and the cosmos, and explored ways in how we can turn that idea into a working prototype. We looked at the translucency of skin, and what happens when light permeates the skin. We also researched data of solar flares from the Sun, and worked with NASA’s API to develop the project.
In many ways this project echoed our wearable garment, Ceres, where we were exploring the idea of turning the human form into celestial sensing bodies. With our collaboration, we delved deeper into materiality, and instead of focusing on interactions that happen on clothing and textiles, we were discovering how our bodies and skin can literally become reactive media.
What do you think it will take to push Coded Couture into the mainstream market?
Understanding the psychology behind why we would like to wear a certain data on our body will help Coded Couture become more relatable to the general public. The, designers could create successful garments infused with data. Setting up a production facility that could meet the demand of customizing garments with unique data is another challenge the industry must face to resonate with the mainstream market.
Paint me two pictures:
1. Your ideal vision for fusing the body with technology.
Technology that amplifies personal creativity is the dream. A sixteen-year-old girl is going to her high school prom. She is interested in creating something unique that reflects her creativity. She chooses to sew her own dress and embeds e-textiles into her garment. She walks into the prom and with her body movement, her dress lights up. Her friends cheer and scream and dance around her. At the end of night, when she is in her bed savoring her own creation with the help of technology, she thinks about her next interactive project - her own lab coat to protect herself in her science class experiments.
2. Your fears for a mechanically and digitally integrated human existence.
My biggest fear would be anxiety or depression caused by the digitally integrated human experience. With the usage of cell phones, we have become more connected and also separated from each other. We don’t have to feel like we are bonded to a physical place because we can access the world through our digital devices, devices that soon will be integrated into wearables like virtual reality. This could create disappointment in our physical reality when we cannot use our augmented digital abilities.
0 notes
Text
The Future of Web Design/Dev
A great podcast to checkout if you love web design or development is The Web Ahead hosted by genuine design nerd and sandbox evangelist, Jen Simmons. Jen's been hosting this podcast for years. Basically, it's an hour-or-so-long interview with people are who doing cool things online. And when I say cool things, I mean the people who invented Responsive Web Design, or who took the first newspaper website responsive. People who have tackled huge web challenges and triumphed. People who want to share tips, tricks, insights and ideas.
In April Jen sat down with friends Rachel Andrew, Eric Meyer and Jeffrey Zeldman to discuss what is next in the web. What really grabbed me about this show was the push for us all to go back to the sandbox: to try, to reach, to experiment, to play – to basically push ourselves outside the header, main column, sidebar nav structure and way beyond Bootstrap.
It used to be (and these were the days when I grew up in the web world) that there were no norms and we were all trying to figure it out. People were constantly pushing the boundaries, trying new things/new approaches, really just going for it in this new wild-west/underground frontier. Sure, a ton of it was super ugly, but that doesn't matter because it lead to what we all do today.
Nowadays, as you all know, the web is staid. We've sunken into the comfy couch of the tried and true. We handle the remote adroitly as we buzz through frameworks and trusted patterns.
I'm all for trusted patterns. I'm all for a web experience that helps the user. But I also think we do need to be sandboxing a lot. Trying new things, new layouts, new approaches. This is what makes the web fun. How cool would it be, if when we create our sites, we also de facto create sandbox areas as well so that we can practice and innovate. Sandboxes can stay private. Who knows what ideas or new patterns might emerge? I'm excited about this.
Consider
More art direction for your site (Jen's been doing cool magazine type layout experimentations)
Less reliance on Bootstrap or Foundation (especially due to code bloat and design limitations)
Jen says that this design paradigm-shift we're sitting on could be bigger than RWD
How the web could influence graphic design instead of vice versa
How IoT fits into all of this (my note and what I keep thinking about)
Also Of Note
Grid is coming! Heck, grid is here. It's time to start thinking about how we can use it to improve the user experience and take advantage of its strengths. You can learn more about Grid on A Complete Guide to Grid by Chris House at CSS-Tricks. Grid is huge and it will be making RWD content come alive in a very big way.
Links
Predicting the Future with Rachel Andrew, Eric Meyer and Jeffrey Zeldman (direct link to listen or read transcript)
The Web Ahead (home page to podcast)
Labs - Jen Simmons's page of experimentations
A Complete Guide to Grid (CSS-Tricks, Chris House)
Jen Simmons
Rachel Andrews
Jeffrey Zeldman
Eric Meyer
0 notes
Text
Original Post from McAfee Author: Sam Quinn
IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster getting hacked and tweeting out your credit card number is, amazingly, no longer a joke.
With that in mind, I began to investigate the Mr. Coffee Coffee Maker with Wemo since we had previously bought one for our research lab (and we don’t have many coffee drinkers, so I didn’t feel bad about demolishing it!) My hope was to build on previous work done by my colleague Douglas McKee (@fulmetalpackets) and his Wemo Insight smart plug exploit. Finding the similar attack vector absent in this product, I explored a different avenue and was able to find another exploit. In this post I will explore my methodology and processes in detail.
All Wemo devices have two ways of communicating with the Wemo App, remotely via the internet or locally directly to the Wemo App. Remote connectivity is only present when the remote access setting is enabled, which it is by default. To allow the Wemo device to be controlled remotely, the Wemo checks Belkin’s servers periodically for updates. This way the Wemo doesn’t need to open any ports on your network. However, if you are trying to control your Wemo devices locally, or the remote access setting is disabled, the Wemo app connects directly to the Wemo. All my research is based on local device communication with the remote access setting turned off.
To gain insight on how the coffee maker communicates with its mobile application, I first set up a local network capture on my cellphone using an application called “SSL Capture.” SSL Capture allows the user to capture traffic from mobile applications. In this case, I selected the Wemo application. With the capture running, I went through the Wemo app and initiated several standard commands to generate network traffic. By doing this, I was able to view the communication between the coffee maker and the Wemo application. One of the unique characteristics about the app is that the user is able schedule the coffee maker to brew at a specified time. I made a few schedules and saved them.
I began analyzing the network traffic between the phone application and the Mr. Coffee machine. All transmissions between the two devices were issued in plaintext, meaning no encryption was used. I also noticed that the coffee maker and the mobile app were communicating over a protocol called UPNP (Universal Plug and Play), which has preset actions called “SOAP ACTIONS.” Digging deeper into the network capture from the device, I saw the SOAP action “SetRules.” This included XML content that pertained to the “brew schedule” I had set from the mobile application.
A Mr. Coffee “brew” being scheduled.
At this point I was able to see how the Wemo mobile application handled brewing schedules. Next, I wanted to see if the coffee maker performed any sort of validation of these schedules so I went back into the mobile application and disabled them all. I then copied the data and headers from the network capture and used the Linux Curl command to send the packet back to the coffee maker. I got the return header status of “200” which means “OK” in HTTP. This indicated there was no validation of the source of brewing schedules; I further verified with the mobile application and the newly scheduled brew appeared.
Curl command to send a “Brew” schedule to the Wemo Coffee maker.
Screenshot of the Curl command populating the Wemo app with a brew schedule
At this point I could change the coffee maker’s brew schedule without ever using the Wemo mobile application. To understand how the schedules were stored on the Wemo coffee maker, I decided to physically disassemble it and look at the electronics inside. Once disassembled, I saw there was a Wemo module connected to a larger PCB responsible for controlling the functions of the coffee maker. I then extracted the Wemo module from the coffee maker. This looked almost Identical to the Wemo module that was in the Wemo Insight device. I leveraged Doug’s blog on exploitation of the Wemo Insight to replicate the serial identification, firmware extraction, and root password change. After I obtained root access via the serial port on the Wemo device, I began to investigate the way in which the Wemo application is initiated from the underlying Linux Operating System. While looking through some of the most common Linux files and directories, I noticed something odd in the “crontab” file (used in Linux to execute and schedule commands).
It appeared the developers decided to take the easy route and used the Linux crontab file to schedule tasks instead of writing their own brew scheduling function. The crontab entry was the same as the scheduled brew I sent via the Wemo application (coffee-3) and executed as root. This was especially interesting; if I could add some sort of command to execute from the replayed UPNP packet, I could potentially execute my command as root over the network.
With the firmware dumped, I decided to look at the “rtng_run_rule” executable that was called in the crontab. The rtng_run_rule is a Lua script. As Lua is a scripting language, it was written in plaintext and not compiled like all the other Wemo executables. I followed the flow of execution until I noticed the rule passing parameters to a template for execution. At this point, I knew it would be useless trying to inject commands directly into the rule and instead looked at modifying the template performing the execution.
I went back to the Wemo mobile application network captures and started to dig around again. I found the application also sends the templates to the Wemo coffee maker. If I could figure out how to modify the template and still have the Wemo think it is valid, I could get arbitrary code execution.
Template with the correct syntax to pass Wemo’s verification
There were 3 templates sent over, “do,” “do_if,” and “do_unless.” Each of the templates were Lua scripts and encoded with base64. Based on this, I knew it would be trivial to insert my own code; the only remaining challenge would be the MD5 hash included at the top of the template. As it turned out, that was hardly an obstacle.
I created an MD5 hash of the base-64 decoded Lua script and the base64 encoded script separately, simply to see if one or the other matched the hash that was being sent; however, neither matched the MD5 being sent in the template. I began to think the developers used some sort of HMAC or clever way to hash the template, which would have made it much harder to upload a malicious template. Instead, I was astounded to find out that it was simply the base64 code prepended by the string “begin-base64 644 ” and appended with the string “====.”
At last I had the ability to upload any template of my choice and have it pass all the Wemo’s verification steps necessary to be used by a scheduled rule.
I appended a new template called “hack” and added a block of code within the template to download and execute a shell script.
Within that shell command, I instructed the Mr. Coffee Coffee Maker with Wemo to download a cross-complied version of Netcat so I can get a reverse shell, and also added an entry to “rc.local.” This was done so that if the coffee maker was power cycled, I would have persistent access to the device after reboot, via the Netcat reverse shell.
The final aspect of this exploit was to use what I learned earlier to schedule a brew with my new “hack” template executing my shell script. I took the schedule I was able to replay earlier and modified it to have the “hack” template execute 5 minutes from the time of sending. I did have to convert the time value required into the epoch time format.
Converting time to Epoch time.
Now, I sat back and waited as the coffee maker (at my specified time delay) connected to my computer, downloaded my shell script, and ran it. I verified that I had a reverse shell and that it ran as intended, perfectly.
This vulnerability does require network access to the same network the coffee maker is on. Depending on the complexity of the user’s password, WiFi cracking can be a relatively simple task to accomplish with today’s computing power. For example, we demonstrate a quick and easy brute force dictionary attack to crack a semi-complex WPA2 password (10 characters alpha-numeric) in the demo for the Wemo Insight smart plug. However, even a slightly more complex password, employing special characters, would exponentially increase the difficulty of a brute force attack. We contacted Belkin (who owns Wemo) on November 16th, 2018 and disclosed this issue to them. While the vendor did not respond to this report, we were pleasantly surprised to see that the latest firmware update has patched the issue. Despite a general lack of communication, we’re delighted to see the results of our research further securing home automation devices.
This vulnerability shows that not all exploits are overly complicated or require an exceptional amount of effort to pull off, if you know what to look for. This vulnerability exists solely because a few poor coding decisions were made in conjunction with a lack of input sanitation and validation. Even though this target does not contain sensitive data and is limited to your local network, it doesn’t mean malicious hackers are not targeting IOT devices like this. These devices may serve as a sought-after target as they are often overlooked from a security standpoint and can provide a simple and unmonitored foothold into your home or business network. It is very important for any consumer, when purchasing new IOT gadgets, to ask themself: “Does this really need to be connected to the internet?” In the case of a coffee maker, I’ll let you be the judge.
The post Your Smart Coffee Maker is Brewing Up Trouble appeared first on McAfee Blogs.
Go to Source Author: Sam Quinn Your Smart Coffee Maker is Brewing Up Trouble Original Post from McAfee Author: Sam Quinn IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples.
0 notes