Enlarge / The U.S. Cyber Trust Mark logos, which may or may not have an assigned order at the moment. Which one most says "secure" to you? (credit: Federal Communications Commission)

The goal of the new US Cyber Trust Mark , coming voluntarily to Internet of Things (IoT) devices by the end of 2024, is to keep people from having to do deep research before buying a thermostat, sprinkler controller, or baby monitor.

If you see a shield with a microchip in it that's a certain color, you'll know something by comparing it to other shields. What exactly that shield will mean is not yet decided. The related National Institute of Standards and Technology report suggests it will involve encrypted transmission and storage, software updates, and how much control a buyer has over passwords and data retention. But the only thing really new since the initiative's October 2022 announcement is the look of the label, a slightly more firm timeline, and more input and discussion meetings to follow.

At the moment, the Mark exists as a Notice of Proposed Rulemaking (NPRM) at the Federal Communications Commission. The FCC wants to hear from stakeholders about the scope of devices that can be labeled and which entity should oversee the program, verify the standards, and handle consumer education.

The #Internet_of_Things (IoT) has already made significant strides in revolutionizing the healthcare industry. From remote patient monitoring to smart devices and predictive analytics, IoT has transformed the way healthcare is delivered and experienced. As we look ahead, the future of IoT in healthcare holds even more exciting possibilities. Let's explore some of the trends and predictions that are set to shape the future of healthcare. The IoT in healthcare market is estimated to grow from USD 106.17 billion in 2022 to USD 329.68 billion by 2028 at a CAGR of 20.78% during the forecast period. Continued Growth of Wearable Devices: Wearable devices, such as fitness trackers and smartwatches, have gained popularity in recent years. In the future, we can expect even more advanced and specialized wearable devices tailored specifically for healthcare applications. These devices will not only monitor vital signs but also track specific health conditions, deliver personalized health recommendations, and enable real-time communication with healthcare providers. Wearable devices will become an integral part of preventive care, chronic disease management, and overall wellness. Expansion of Telemedicine and Remote Care: The COVID-19 pandemic has accelerated the adoption of telemedicine and remote care solutions. This trend is expected to continue in the future. IoT will play a crucial role in enabling remote consultations, virtual examinations, and remote patient monitoring. Advancements in IoT technology will further enhance the capabilities of telemedicine, including high-resolution video conferencing, real-time data transmission, and integration with IoT devices for accurate remote diagnostics. This expansion of telemedicine will improve access to healthcare, particularly for underserved populations and those in remote areas. AI and Machine Learning Integration: The combination of IoT and artificial intelligence (AI) will be a game-changer in healthcare. AI-powered algorithms will analyze vast amounts of patient data collected through IoT devices, electronic health records, and other sources. Machine learning models will identify patterns, detect anomalies, and provide valuable insights for clinical decision-making. AI-driven IoT applications will enable early disease detection, personalized treatment plans, and predictive analytics for improved patient outcomes. Enhanced Data Security and Privacy Measures: As IoT devices continue to generate and transmit sensitive patient data, ensuring robust data security and privacy measures will be paramount. Healthcare organizations will need to invest in advanced encryption techniques, secure communication protocols, and strict access controls. Additionally, compliance with data protection regulations, such as the General Data Protection Regulation (GDPR), will become even more critical. The future of IoT in healthcare will require a strong emphasis on safeguarding patient information. Interoperability and Standardization: One of the challenges in IoT implementation in healthcare is the lack of interoperability and standardization among devices and systems. In the future, efforts will be made to establish common protocols and standards that enable seamless integration and communication between various IoT devices and platforms. Interoperability will facilitate the exchange of data across different healthcare systems, leading to better coordination of care and improved patient outcomes. Focus on Preventive and Personalized Medicine: With the help of IoT, healthcare will increasingly shift towards a preventive and personalized approach. IoT devices will continuously monitor individuals' health data, providing real-time feedback and insights. Healthcare providers will leverage this data to develop personalized wellness plans, preventive strategies, and early intervention programs. The future of IoT in healthcare will empower individuals to take control of their health and well-being proactively. In conclusion, the future of IoT in healthcare holds immense potential for transformative advancements. From wearable devices to telemedicine, AI integration, data security, and preventive medicine, IoT will continue to reshape the healthcare landscape. As technology evolves and healthcare systems adapt, the benefits of IoT will extend to improved patient outcomes, increased access to care, and enhanced overall wellness. Embracing these trends and predictions will pave the way for a more patient-centric, efficient, and effective healthcare ecosystem in the future.

Enlarge / Some of the many Snap apps available in Ubuntu's Snap Store, the place where users can find apps and Linux enthusiasts can find deep-seated disagreement. (credit: Canonical )

Ubuntu Core has existed since 2014, providing a fully containerized, immutable Linux distribution aimed at Internet of Things (IoT) and edge computing applications.

That kind of system, based on Ubuntu distributor Canonical's own Snap package format, could be available for desktop users with the next Ubuntu Long Term Support release, according to an Ubuntu mobile engineer. Pointing to a comment in one of his prior posts , Ubuntu blogger Joey Sneddon suggests that an optional " All-Snap Ubuntu Desktop " will be available with Ubuntu 24.04 in April 2024.

It's important to note that a Snap-based Ubuntu would seemingly be an alternate option, not the primary desktop offered. DEB-based Ubuntu would almost certainly remain the mainstream release.

Enlarge / This guy? This guy can be tricked into offering remote control if you give it a long name. But he's too old for his maker to care much about that.

I once co-owned a coworking space. The space had doors with magnetic locks, unlocked by a powered relay. My partners and I realized that, if we could switch power to the system on and off, we could remotely control the door lock. One of us had a first-generation Wemo plug, so we hooked that up, and then the programmer among us set up a script that, passing Python commands over the local network, switched the door lock open and closed.

Sometimes it would occur to me that it was kind of weird that, without authentication, you could just shout Python commands at a Wemo and it would toggle. I'm having the same feeling today about a device that's one generation newer and yet also possesses fatal flaws.

IoT security research firm Sternum has discovered ( and disclosed ) a buffer overflow vulnerability in the Wemo Mini Smart Plug V2 . The firm's blog post is full of interesting details about how this device works (and doesn't), but a key takeaway is that you can predictably trigger a buffer overflow by passing the device a name longer than its 30-character limit—a limit enforced solely by Wemo's own apps—with third-party tools. Inside that overflow you could inject operable code. If your Wemo is connected to the wider Internet, it could be compromised remotely.

Enlarge / The Monitor-IO in its natural habitat, glowing green to let you know that everything is copacetic with the network to which it's connected. (credit: Jim Salter)

Monitor-IO was a gadget that did one thing: live near a router and tell you how its network is doing. It did this both with detailed reports you could access from the local network and with a screen that glowed one of three colors: green for good, purple for problems, and red for dead. It could replace, or at least augment, typing a bunch of IP addresses into a browser and waiting for them to time out.

We liked the device when we reviewed it in August 2018 , despite our broad understanding of it as a "butter-passing robot," a device that relays information you could otherwise find out on your own. It had, beyond color-coded awareness, "obvious technical chops and real, careful attention to detail" in how it measured and what it could report. However, we also noted that the $100 price made sense for a small business but "might be a bit steep" for a household on a tight budget.

Monitor-IO seems to have run out of people willing to pay for better network awareness. In an "End-of-service" notice posted on its site , the company cites "rising costs and supply chain issues," among other "numerous headwinds." Faced with no better option, Monitor-IO is shutting down its business and monitoring service on April 15, 2023. (Support will be offered through May 30, 2023.)

Enlarge (credit: Getty Images)

A market-leading garage door controller is so riddled with severe security and privacy vulnerabilities that the researcher who discovered them is advising anyone using one to immediately disconnect it until they are fixed.

Each $80 device used to open and close garage doors and control home security alarms and smart power plugs employs the same easy-to-find universal password to communicate with Nexx servers. The controllers also broadcast the unencrypted email address, device ID, first name, and last initial corresponding to each one, along with the message required to open or shut a door or turn on or off a smart plug or schedule such a command for a later time.

Immediately unplug all Nexx devices

The result: Anyone with a moderate technical background can search Nexx servers for a given email address, device ID, or name and then issue commands to the associated controller. (Nexx controllers for home security alarms are susceptible to a similar class of vulnerabilities.) Commands allow the opening of a door, turning off a device connected to a smart plug, or disarming an alarm. Worse still, over the past three months, personnel for Texas-based Nexx haven’t responded to multiple private messages warning of the vulnerabilities.

Enlarge / The Akuvox E11 (credit: Akuvox)

The Akuvox E11 is billed as a video door phone, but it’s actually much more than that. The network-connected device opens building doors, provides live video and microphone feeds, takes a picture and uploads it each time someone walks by, and logs each entry and exit in real time. The Censys device search engine shows that roughly 5,000 such devices are exposed to the Internet, but there are likely many more that Censys can’t see for various reasons.

It turns out that this omnipotent, all-knowing device is riddled with holes that provide multiple avenues for putting sensitive data and powerful capabilities into the hands of threat actors who take the time to analyze its inner workings. That’s precisely what researchers from security firm Claroty did. The findings are serious enough that anyone who uses one of these devices in a home or building should pause reading this article, disconnect their E11 from the Internet, and assess where to go from there.

The 13 vulnerabilities found by Claroty include a missing authentication for critical functions, missing or improper authorization, hard-coded keys that are encrypted using accessible rather than cryptographically hashed keys, and the exposure of sensitive information to unauthorized users. As bad as the vulnerabilities are, their threat is made worse by the failure of Akuvox —a China-based leading supplier of smart intercom and door entry systems—to respond to multiple messages from Claroty, the CERT coordination Center, and Cybersecurity and Infrastructure Security Agency over a span of six weeks. Claroty and CISA publicly published their findings on Thursday here and here .