Shaping IoT: 2G refarming. What does it mean?

Cascajo Sastre María    30 March, 2016

2G is a 25 year-old technology – which in tech is a lot. Initially launched on the GSM standard in Finland by Radiolinja. Ever since it expanded to become the most widespread mobile technology being ubiquitous in certain territories. However, due to limitations, it is a legacy technology that Internet of Things is specifically meant to overcome. Is there a reason to rely on 2G at all? There is in fact. It is highly cost effective and technologically efficient for many current IoT and m2m applications.

Even though it is still of use for many applications and services, some telcos have been considering pulling the plug on 2G networks as soon as 2017, pushing users towards services on 3G and 4G networks to refocus resources on newer technologies. The process is called refarming and it means that mobile network operators would repurpose 2G (and even 3G) technology eventually to LTE, thus abandoning 2G traditional services. This is a logical step for handsets, but the big impact may come through m2m services that have been running for years. Machina Research in a recent report  expects 2G  and even 3G’s life span to end over the next ten years in most countries and warned that if particular technologies are abandoned, existing deployments in the field could be compromised, requiring an expensive refit or recall process. Also new deployments would need to be redesigned. Furthermore, uncertainty over which technologies will be available in the future may cause delays and potentially additional costs for companies looking to ensure that their chosen technology will be supported over the lifetime of the devices that they are considering rolling out.

2G Evolution

The IoT of the future is still largely still at the drawing board, being tested or pending deployment so an intermediate solution has to come along. In our whitepaper about LPWA and the response of Telcos to the IoT burst, one of the takeaways is an alternative that repurposes GSM infrastructure over the same physical layer. This renewed 2G is called GSM Evolution and the main technical features include:

  • improved coverage compared to GPRS (up to 20 dB)
  • less consumption (10 year battery life)
  • less device complexity
  • reuse of existing infrastructure with software upgrades of radio units
  • massive number of supported devices and full multiplexing of traffic

Expect dwindling 2G in urban areas

The truth is that developing new 2G GSM IoT and m2m applications on current infrastructures is low cost in term of hardware requirements, and current data services available are currently excellent. Many current IoT and m2m applications use 2G networks efficiently because they require less bytes to operate. In dense urban areas the refarming process is bound to happen sooner as the need for 3G and 4G service is greater and these applications might have service availability problems.

Operators are therefore forced to manage what is called the ‘sunset of 2G services’ and prevent new GSM-only applications from hitting the market. The golden question that must be answered in order to leave 2G out of the picture is: how can I convince vendors and clients to spend more on technology that an application might never use to its full capacity? The balance is therefore a choice between limited-in-time life span or longevity at a steeper cost is now the question.

Leave a Comment on Shaping IoT: 2G refarming. What does it mean?
Cascajo Sastre María
Cascajo Sastre María

Born in Valladolid but always lived in Irún. I have a degree in Journalism and two Masters: one in Journalism in Television and another in Marketing and Digital Advertising. I have touched different branches before taking root in Telefónica, where I work since 2015. Currently workig in the Mkt & Comms department of Telefónica IoT. My little pleasures of life: play music at full volume on the car and chocolate. My motto: "Maybe not every day is good, but there is always something good every day".

Mobile phone Surveillance: Who’s listening to your calls?

Florence Broderick    23 March, 2016

In the current digital world, espionage is much more common than we think. Revelations from Edward Snowden that the NSA hacked SIMs to spy on mobile conversations prove that physical proximity is no longer necessary for surveillance.

It is for this reason that mobile gadgets make ideal tools for surveillance. This is due to the many devices that tend to include microphones, cameras, GPS, WIFI or storage capacity. Hackers are easily able to keep watch on their victims by simply infecting a mobile phone or interfering with wireless communications – often without cutting-edge technology.

So while the benefits of increased online and mobile working are widely accepted – and these include ubiquitous access to information, flexibility and improved productivity – are companies aware of the risks and more importantly prepared to step up and manage them?

The thing about mobile surveillance is that it is usually a targeted attack, with the objectives of the surveillance preselected. Top executives and politicians for instance are often targeted because they manage strategic plans that have great economic impact. Attacks of this kind tend to include social engineering strategies and are very often associated with advanced persistent threats. The simple truth is that a mobile ecosystem requires a permeable security perimeter through which legitimate communications can flow. However, criminal organisations can make use of these channels to steal information or boycott the corporate infrastructure. The implementation of enterprise mobile strategies involves a higher degree of vulnerability, which can and should be efficiently managed. Let’s look at some of the techniques used in cellphone surveillance:

How is voice communication intercepted? There are a number of methods in which voice communication could be intercepted. These include:

  • Interception of public mobile networks: 2G networks are not a secure communication channel. Hackers can make use of inhibition devices (such as Jammer) to force a downgrade from 3G or 4G networks to 2G, in order to listen through specialised devices.

  • Man in the middle: ARP (Address Resolution Protocol) spoofing can allow an attacker to intercept data frames on a network, modify or stop all traffic. It is also possible to intercept the communications by means of rogue hotspots or antennas. SSLStrip can then force a victim’s device into communicating with an adversary, replacing HTTPS protocols by plain-text over HTTP.

  • Risks in the Public Switched Telephone Network (PSTN): Communications are unencrypted – as in the case of voice and SMS text – while they go through the core operator infrastructure. Other risks are uncontrolled call forwarding and spoofing.

  • Malware installed on the device: Malware can intercept packages between the call application and the operating system, or even capture the voice directly accessing the microphone software controllers. What features should a secure call system fulfil? A secure call system works by making voice digitised, encrypted and transmitted in data packets through the mobile data network. The product should combine telephone and messaging protection, powered by security mechanisms and advanced point-to-point encryption technologies compatible with IP communication.

So what can companies and individuals to to secure calls? There are three main ways.

  • Secure the smartphone: There are two modalities of secure smartphones. Firstly, a device built from the ground up with specific hardware and a secured OS. Second, modality deals with popular devices that includes a pre-installed secured OS. In both cases secured OS’s consist of high-end mobile threat protection components, containerisation, encrypted storage, remote management and authentication system. These are usually the most expensive solutions and less flexible.

  • Secure add-ons: Physical components such as smartphone cases or SD memories, which address the voice encryption by means of an encryption processor included in the add-on itself. It wouldn’t matter if the device itself became infected since the information goes through the component encrypted.

  • Secure call apps: These apps allow users to make end-to-end encrypted phone calls from the most popular mobile OS’s. The user experience is similar to the pre-installed non-secure call application. Contacts and messages are encrypted and stored by the app itself.

What does an optimal solution look like? In a general corporate setting, hardware solutions can be difficult to deploy as they require a different smartphone model, a second smartphone or some kind of attached hardware. This may discourage users from making calls and may generate a fake sense of security in the security department. As a result, hardware solutions are not especially suitable for a general business. These solutions may be helpful for a limited group of senior managers or for the most security demanding environments such as the military, government, or companies that need the upmost protection level.

Edward Snowden brought to light the need to protect company communications, and to update security to the digital age – against malware, network attacks, exploits or any other type of attack that could impact businesses significantly. Secure call applications combined with an advanced threat protection are by far cheaper and more user friendly than a secure smartphone and can be managed through a mobile device management. Eliminating surveillance doesn’t have to be complex, and businesses need to bake security prevention into their company policy from the off.

*It may be of your interest:

Francisco Oteiza

Sinfonier Community and beyond!

Florence Broderick    18 March, 2016
When we show Sinfonier and I mention its benefits, people always do the simple same question: So, we can do anything with it? The simple answer is yes, if you know the sources you want to monitor, what you are looking for and if the necessary APIs are in place to use the existing modules offered by Sinfonier or to create the new modules you require.
This time, instead of showing a security example, I would like to propose in this technical community to monitor the sentiment in Twitter about and event that happened in December 1916 in Verdun in WWI where about 700.000 French and German soldiers died during a ten months battle.
To achieve this task I have followed the next steps:
  • ACCESS DATA: Twitter. I have created an account in this social media network which delivers real-time stream of semi-structured data (loosely formatted characters inside a field but with little structure within it). The information is delivered in a JSON format which is what I will need to process. For example, word to search in the tweets: Verdun.

  • PREPARE AND CLEANSE DATA: Filter. I just want to keep those tweets written in a specific language, in this case English. In the field “lang” belonging to each tweet, I search for those tweets written in “en”.
  • APPLY ADVANCED ANALYTICS: Now I add to my topology the module named “AlyClassApi” which sends the text, in English and mentioning the word Verdun, to a sentiment analysis cloud service called Aylien (after creating a free user account – 2000 queries per day) which will classify the text in the tweet according to some predefined categories.
  • As this module delivers a JSON array, I need to use the module called “EmitItemList” which will create simple JSONs for those elements present in the array (in this case the array is called categories).
  • Having simple JSONs, I use a second filter module in order keep those tweets that I presume they are mentioning the battle of Verdun, so I search for the categories having the words history, war and culture. The results are then analysed by a second Aylien sentiment module that simply categorises the filtered texts as “positive or negative” (another category that is not considered is the category called “neutral”).

  • OUTPUT RESULTS: The final tweets are sent to two MongoDBs (after creating a free user account) where I can finally read those tweets which have gone through all the steps. The final topology looks like the following diagram:

The logical results show that the battle of Verdun still suggests a negative sentiment and mainly those which have been categorised as positive, are those people who like to know about what happened during that time in the WWI.

If this example does not suit your needs, you can also try to find out if that brand you like, it is perceived positively or negatively (for example, those local popular chocolate drinks such as ColaCao in Spain, Poulain in France or Vanhouten in the Netherlands).
 
Or maybe to gain insights rapidly about what tourists think about your town/city recently visited, by simply changing the word to search in Twitter, using the word of your town/city and in the second filter to filter by tourism, culture and entertainment. This may assist some town/city councils to evaluate their activities promoting tourism.

 
Sebastian García de Saint-Léger
[email protected]
Thanks to Fran and Alberto.

[New report] Demographic Analysis of Google Play

Florence Broderick    17 March, 2016

Download the new report shows that Tacyt had dissected a total of 3,365,527 applications from the Google Play Store, of which only 2,438,864 remained available for download on the market.

The study conducted by ElevenPaths’ Analyst Team aims to study the population of developers and applications in the Google Play Store in early February 2016, to determine its size, structure, evolution and general characteristics from a quantitative point of view.

Tacyt has been used as a source of information. Tacyt is an innovative cyberintelligence tool that monitors, stores, analyses, correlates and classifies millions of mobile apps thanks to its big data technology, adding thousands of new applications every day.

Some details of the report:

  • According to the email address used by the developer in the Google Play Store (developerEmail), Tacyt has information on 678,328 different developers. About 44% of email addresses present in the Google Play Store belong to the “gmail.com” domain.
  • Google requires developers to sign all their applications prior to being published in the Google Play Store. This certificate is used to identify the author of the application. The total number of different certificates found by Tacyt has been 805,731. Even though the vast majority of certificates found are associated with a single email address, there are exceptions. Even one certificate related to more tan ten thousand different email addresses has been found.
  • Sharing the same certificate among several developers is not a recommended best practice from a security standpoint, since it could compromise the apps’ update process or the information they handle. Of the 805,731 certificates (certificateFingerprint) known by Tacyt, 761,389 are associated with a single developer email address (developerEmail). The rest is used by two or more different developer email addresses to sign their applications.
  • Even though the use of digital certificates for the signing of software should identify the individual or entity behind the software in an unambiguous manner, this report shows through the use of numbers that Google Play facilitates the abuse of this concept and this might lead to situations where suchidentification becomes compromised.

» Download now the full report “Demographic Analysis of Google Play″

*You may also be interested on:

Further information
elevenpaths.com

The Internet of Learning

María Cascajo Sastre    16 March, 2016

Imagine a future where students have access to the best educational resources in the world from their classrooms or even from their homes, instructed by the best educators no matter where they are. It is not difficult to imagine because that is already happening.

Noam Chomsky, one of the most relevant experts in linguistics, says that “teaching should not be compared to filling a bottle with water but rather to helping a flower to grow in its own way”.

The term Digital Educational is an umbrella that includes different initiatives that follow the chomskian idea we just mentioned. One of the biggest, yet most imperceptible, revolutions of our time is the transformation of our educational systems. Dated knowledge transfer methods are proving to be obsolete or at least very limited in several aspects.

University of La Rioja Professor Raúl Santiago, a specialist in education, already described the problem in 2012 “it is very difficult to provide an alternative educational system for the future. 5-6 year-old children will probably study a college degree that does not exist yet; in fact their future job may not even exist either. In this age, everything we used to take for granted is being rethought”. According to Santiago, this affects the way educational centres (primary, middle and high schools, as well as universities) are organized and their ultimate purpose. Santiago is an editor at The Flipped Classroom, a website that advocates for educational transformation to meet the social and cultural demands of the twenty-first century.

The moment we first heard about digital natives seems far way. Many of the Millennials reading this may believe they are part of these digital natives when the actually are not. The truth is that current children and teenagers are the first purely native generation in terms of embracing technology. Many of these individuals will regard paper, drawing instruments, rulers, paper books and even hand writing not as primary tools but just another way of getting things done (and some of these elements will receive a marginal use at best in the future).

The Telefónica Foundation organizes the Disruptive Education School, in Spain and Latin America, focused on catalysing a paradigm change in education. Telefónica Educación Digital (previously Telefónica Learning Services or TLS) is focused on developing end-to-end projects in the areas of culture, corporate training and education to deliver turnkey solutions for governments, companies and educational centres that manage the educational resources. This allows using connected services such as augmented reality, online content, collaborative work, etc. Educational professionals (many of whom are currently involved in reinventing the concept of schools) and give them tools to focus on improving cognitive development and multiple intelligence of their students.

Technology leaders such as Samsung, Apple, Cisco, or Intel all have educational divisions in their companies, proving that educational disruption is here to stay and has great potential. The UK is once again driving technological advancement, legislating to include in the new national curriculum technology related competencies, such as use of sensors, data logging, basic knowledge in electronics as core skills to be acquired by children. Some companies in fact are manufacturing connected devices designed for educational purposes mainly (from Raspberry Po for programming to weather stations, robot or drone kits and multipurpose sensors).

We must also point out that educational centres are ideal spaces to implement m2m and IoT connected technology such as access control, implementing indoor geolocation, smart lighting and other less obvious uses, such as energy efficiency or to integrate Smart Metering and the Smart Grid.

When we talk about tangible benefits of technological disruption we measure them in terms of unspent euros, the level of automation achieved or the amount of saved resources. The Internet of Learning achieves much more because the benefits are all focused on our most valued assets: the future generations.

Leave a Comment on The Internet of Learning
María Cascajo Sastre
María Cascajo Sastre

Nacida en Valladolid pero de corazón irundarra. Licenciada en Periodismo y Marketing y Publicidad Digital. Actualmente trabajo en el departamento de Mkt&Comms de IoT/Big Data de Telefónica. Mis pequeños placeres de la vida: poner la música a tope en el coche y el chocolate. Mi lema: “Quizá todos los días no sean Buenos, pero siempre hay algo Bueno todos los días”.

Smart Parking, IoT valet parking for Smart Cities

María Cascajo Sastre    1 March, 2016

Parking is one of the most repetitive and time consuming activities we carry out in life. We spend on average up to 106 days in our life, finding parking spaces. Technology wears the red jacket to save our day again.

There are basically two trends in parking systems and a widespread standard is yet to be established:

  • Sensor-powered parking systems
  • Data-driven reservation systems

Let’s see an overview of both as well as pros and cons that decision makers need to evaluate when choosing between both systems

Sensor-powered systems take the burden away from drivers. They use robust sensors buried under parking spaces that need to be both resistant against mechanical impact and powerful enough to broadcast status information to outdoor beacons that collect nearby sensor data and relay it to a central system that manages space availability and informs drivers how to get to unoccupied spaces. The initial cost is higher as space needs to be literally dug-out of the ground to insert sensors. Once the beacons and sensors are in place the operational cost is low. It is easier to use for drivers, less distracting that depending on an app installed on our smartphone and is as durable as the life of the sensors and beacons.

[IN SPANISH]

Data-driven parking systems, allot and allocate parking spaces to users and are normally app and BigData driven. The user requests a parking space, gets one assigned, confirms being parked and is charged for the usage of the parking space within city parking regulations. It is easy to deploy, requires very little initial investment (app development, mapping of available parking spaces and signs that clearly delimit and identify each parking space to make it easy for drivers to find the space and for parking regulators to control that allocated spaces are used for the assigned time and not more. It requires constant connectivity as it is a reservation system that works ahead of using. It can be deployed not only within cities but also within companies with large premises that usually require an administration overhead to assign parking spaces to employees and visitors.

There is no clearly perfect solution as every solution offers different results in terms of initial cost, maintenance costs, operational glitches and considerations, etc. Cities have options and have to determine whether sensor-powered or data-driven models suit their long term plans better.

In both cases occupation levels can be controlled in real time and can easily enforce parking space policies for people with special mobility needs, or special type of vehicles (electric plug-in cars, shared vehicles, buses, etc.)

Santander and Málaga in Spain are two showcase cities for sensor-powered systems, whereas Madrid, Santiago and Oviedo, three other Spanish cities, have also been solid testing grounds for data-driven parking pilot projects.

More than just a private time saving feature

So why is it absolutely strategic for Smart Cities to streamline outdoor Parking? Shouldn’t that be a private issue that affects each and every citizen and not public authorities? It is strategic and by no means should it not be priority for Smart Cities. There are three powerful reasons:

  1. First and foremost the purpose of Smart City services is to improve citizens’ lives and this has a direct and measurable impact on their quality of life
  2. Efficient city traffic and cutting on extra unnecessary mileage has a positive impact on keeping city pollution within manageable limits and therefore helps cities maintain their emission levels within standards that are becoming tightly regulated and controlled
  3. Reducing commuting time has a huge impact on productivity and therefore helps local economy flourish. Drivers and commuters caught up in traffic jams are away from their work places and are tied up to consume and visit shops and businesses

[New trend report] Cyberextortion, a growing industry

Florence Broderick    26 February, 2016



Download the new report that discover there is an increasing tendency towards aggression in numerous cyber-attacks, notably those using some method of extortion in particular. ElevenPaths’ Analyst team discover how to protect from this growing industry.

Computer-related crime is becoming increasingly hostile. There is an increasing tendency towards aggression in many cyber-attacks, notably those using some sort of extortion method in particular. These attacks have some psychological impact with the aim of inducing fear and uncertainty in their victims. This aggressive environment is closer to organised crime than it is to a computer-related offence.

In this regard, Security Authorities and Bodies face certain challenges in the investigation stage when it comes to law enforcement. Many operations often end up thwarted because criminals resort to tools used for the anonymity and encryption of communications. The knowledge of security in operations is high and the easy access cyber-criminals have to products and services easily accessible online, both to anonymise their activity as well as their identity, tends to complicate forensic analyses.

The main findings of the report “Cyberextortion, a growing industry” are the following:

  • Extortion via DDoS attacks is being firmly established. The modus operandi of the DD4BC group could give rise to more attackers impersonating them without the need for a great infrastructure and extensive technical knowledge. On the other hand, possible money outflows with the aim of laundering returned to the source of the extortion are the online gaming and trading platforms.
  • Security breaches are assuming a way of extortion based on the sensitivity of filtered information. Currently, two ways are being opted to monetise the attacks, either to sell the database or to extort it directly to users. The payment method required is usually Bitcoin.
  • A growing trend is sexual extortion, also known as sextortion. The sharing of files using peer-to-peer networks remains the main platform for access to child abuse material and for its distribution in a non-commercial manner. In the same way, other anonymous networks and platforms such as Tor are considered as a threat in this area. However, what worries Security Authorities and Bodies the most is the live streaming of child abuse due to the difficulty to detect and investigate it since criminals tend not to store a copy of the material.
  • Since 2015, the threat of ransomware has increased by 165%. The most reported infection vector is e-mail with malicious attachments. However, a growth is expected, driven by an increased use of the cloud, POS and the Internet of Things.


» Download the full report “Cyberextortion, a growing industry”

*You may also be interested on:


Further information
elevenpaths.com



GSMA’S Mobile Connect available to 2 billion consumers globally

Florence Broderick    24 February, 2016

Mobile Connect Launched with 34 Operators in 21 Countries Around the World

Barcelona: The GSMA today announced that the GSMA Mobile Connect mobile-based authentication solution is now available to 2 billion consumers globally. Since the solution was introduced at Mobile World Congress 2014, 34 mobile network operators (MNOs) have launched the service in 21 countries, with plans for additional launches and trials to follow in 2016 and beyond. Operators offering services based on Mobile Connect include América Móvil, Axiata Group (Bangladesh, Indonesia, Sri Lanka), China Mobile, China Mobile Pakistan (Zong), China Telecom, China Unicom, DNA, Elisa, Globe Telecom, Indosat Ooredoo, Mobilink, Mobitel, Orange (Egypt, France, Morocco, Spain), Sunrise, Swisscom (Switzerland), Telefónica Group (Argentina, Mexico, Peru, Spain), Telenor Group (Bangladesh, Malaysia, Myanmar, Pakistan, Thailand), TeliaSonera (Finland), Telkomsel, Telstra, TIM and Turkcell (Turkey).

“Over the past two years, the industry has come together to simplify consumers’ lives by offering a single, trusted, mobile phone-based authentication solution that respects online privacy and helps to mitigate the vulnerability of online passwords,” said Mats Granryd, Director General, GSMA. “As Mobile Connect is rolled out globally, mobile operators are fulfilling an important role in the digital identity space, giving users control over their own data and enabling consumers, businesses and governments alike to interact and access online services in a convenient, private, and trusted environment.”

The GSMA’s Mobile Connect solution enables customers to create and manage a digital universal identity via a single log-in solution. The service securely authenticates users, enabling them to digitally confirm their identity and their credentials and grant safe online access to mobile and digital services such as e-commerce, banking, health and digital entertainment, and e-government, via their mobile phones. It works by employing the user’s unique mobile number, combined with a unique PIN for more secure use cases, to verify and grant online access anywhere they see the Mobile Connect logo. All operators and online service providers using Mobile Connect have signed up to the GSMA Mobile Connect privacy principles, which is a core pillar of Mobile Connect.

Additional Deployments and Evolution of Mobile Connect
The GSMA is working closely with operators globally to further extend the adoption of Mobile Connect; operators committed to deliver the service this year include Aircel, AIS Thailand, Bharti Airtel (India), Etisalat (Pakistan, United Arab Emirates), Idea Cellular Ltd, MTN, Ooredoo (Algeria, Myanmar), Orange (Jordan, Poland), SMART Axiata – Cambodia, Smart Communications, Inc., Tata Teleservices, Telefónica Group (Brazil, Colombia, Ecuador, Uruguay), Telenor (India), T-Mobile Poland and Vodafone (India, Spain). Mobile Connect has also been trialled in two EU Member States, Finland and Spain, to establish proof-of-concept for cross-border authentication of e-government services and online interactions between businesses, citizens and public authorities.

While initially focused on secure and convenient log-in to digital services, Mobile Connect is evolving to deliver secure authorisation of digital transactions and to add context and attributes about the user and the transaction to increase convenience, trust and security for users and online service providers, while respecting users’ privacy. This is currently being trialled in the UK by O2 and Vodafone.

Expanding Mobile Connect Services
Mobile Connect is now in commercial use by a wide range of digital service providers in the launch markets including BDTickets, Bloodlink, Cipika Play, CriticaLink, Dhaka Pixel Ltd., GoGhoom, Homeshopping.pk, LangitMusik, migme, Mudah, Rozee.pk, TakeMeTour.com (Thailand), Wavoo, WOW and Wunn Zin Bookstore. These companies comprise a range of vertical services such as commerce, finance and banking, government service access, health services, and media and entertainment.

Technology suppliers such as Apigee, Ericsson, Gemalto, Giesecke & Devrient, GMO GlobalSign Oy, MePIN/Meontrust, Morpho (Safran), Movenda, Nok Nok Labs Inc., Orange Business Services, Ping Identity and WSO2.Telco deliver the technology necessary to support Mobile Connect and to enable easy integration with the operators’ mobile networks so that users of any mobile network offering Mobile Connect can log in and authorised for any application.

» Download press release

*You may also be interested on:

For further information:
mobileconnect.elevenpaths.com

Telefónica and ElevenPaths extends its cybersecurity offering to the IoT environment

Florence Broderick    15 February, 2016

Telefónica and ElevenPaths present at MWC the first technology for detecting and analysing threats

Telefónica and ElevenPaths will present at Mobile World Congress, that begins on 22nd February in Barcelona , the first technology available on the market designed to counteract cyberattacks on the Internet of Things (IoT). Known as Faast, a renowned technology developed by the company, it specialises in detecting and analysing security threats to organisations based on persistent pentesting which now includes the detection of vulnerabilities in IoT.

Faast is not only the first technology solution of this type, but also provides companies and organisations with an integral cybersecurity solution that protects them from threats to traditional devices connected to their systems and also others pertaining to IoT such as web cams, printers, routers, video- conference systems or televisions also connected to the corporate network.

With the new features incorporated by Faast, companies can continually scan IoT devices connected to the organisation, thanks to the use of real attack techniques, making their networks more robust and in this way counteract future attacks. Once the devices have been identified, the technology detects the current vulnerabilities. Failures include insufficiencies in authentication or authorisation processes, insecure network services or lack of encryption when transmitting information. The user can manage these and other vulnerabilities pertaining to all IoT devices through Vamps, an online site.

“Traditional periodic security checks don’t make sense anymore because the changes in the infrastructure, the emergence of new vulnerabilities and different bugs are continuing”, says Chema Alonso, CEO of ElevenPaths. “The evolution of Vamps & Faast towards IoT will allow companies to rely on a persistent pentesting and vulnerability management system that will facilitate the quick discovery of new connected devices and possible bugs, thereby reducing the exposure time of these devices to these threats”.

The sheer size of the IoT phenomenon in a hyper-connected society is exposing companies to dangers unknown up to now, hence the importance of early detection of security attacks that threaten IoT devices. This is one of the conclusions of the report “Scope, scale and risk like never before: Securing the Internet of Things” recently published by ElevenPaths and the area of IoT of Telefónica to which other organisations and companies working in this arena have contributed such as SIGFOX and the IOT Foundation.

This new analysis capacity by Faast of IoT, completes the portfolio of different security solutions for IoT currently on offer by Telefónica, such as Trusted Public Key Infrastructure that facilitates the identification and authentication of IoT devices connected to the network; Security Monitoring, which detects unusual behaviour of IoT devices based on its network traffic; and CyberThreats, capable of detecting and identifying the modus vivandi of the cybercriminals, and the methods used in attacks against IoT infrastructures.

For further information:
www.elevenpaths.com