Inspiring Young People into Cyber Security and STEM Careers

 

Our Lead Software Developer at Copper Horse, Mark Neve talks about inspiring young people to get into careers in Science, Technology, Engineering and Mathematics (STEM).

 

 

During the summer, I represented Copper Horse at a STEM careers day organised by the excellent people at Learning to work. The event was held in the grounds of the stunning Ditton Manor. The first set of students arrived promptly at 9am and had an hour to look around and talk to the companies present before leaving and being replaced with new students every hour, which worked well and kept us extremely busy all-day long.

 

I had the chance to talk to several students who were looking to move into careers in computers and cyber security. As I’ve spent most of my career as a software developer I was pleased to see that some wanted to move into programming, spurred on by using programming tools such as Scratch and Python.

 

The students and I often discussed online safety and I was surprised to see how few seemed to have been given instruction by their school about staying safe online. They hadn’t even been taught the basics around good password practice such as not using obvious words or methods for making passwords more difficult to guess.

 

 

I spoke to the students about security research and some work we had done, showing them some of the equipment we use. The stars of the show for Copper Horse were our Phantom Drone and our ever-popular mobile phone stands (you’ll have to meet us in person to get one). We had one visitor to the stand who loved the stands so much she took enough for her whole class! Some of the students took a real interest in our WiFi Pineapple hacking tool and hopefully I’ve inspired some future white hat hackers. It was particularly nice to see so many girls interested in STEM subjects and cyber security.

 

 

The biggest take away I had from this event was observing the number of students who really don’t know what career they’d like to pursue when they finish education. I spoke to very few students who had decided the exact path they wanted to follow. Hopefully I’ve been able to give them a few ideas.

 

I’d like to finish by thanking the people from Datchet Water Sailing Club who took pictures and generally helped me out during the day.

IoT Security Foundation partners with Copper Horse for IoT Security Training

 

It’s an exciting day. We’re pleased to announce that we’ll be providing training on security for the Internet of Things in conjunction with the IoT Security Foundation. Our first course will be run on the 4th and 5th of July in the home town of Copper Horse Solutions, Windsor in the UK. We firmly believe that things are not going to get better in the IoT space unless positive action is taken on a number of fronts. It is no use just breaking into a product and making a lot of noise about it in the press. That serves one purpose of course and there is a great market for companies to provide those sorts of testing services, but it is not generally constructive.

 

To properly secure internet of things products and services however, there must be security designed in by default. There must be a culture of security within the organisation and there must be a clear understanding of the threat landscape, security usability and what bad and good look like. It is not good enough to pass this off to an external company or a single security engineer – all people involved in creating a product should have security in mind.

 

We’re hoping to play a small part in helping to put companies on the right track when it comes to thinking about security. We have many years experience in dealing with security in the mobile industry from device hardware upwards through the software stack to the network side. We’re looking forward to creating an alumni of pioneers who will make the Internet of Things a more secure and safe place.

 

More details can be found on our training page and also directly on the IoT Security Foundation site.

 

Windsor Castle

The Internet of $1600 Mousetraps…

 

Has it really got this bad? We were a bit surprised as many were to see the “connected mouse trap” retailing at $1600 the other day. It seems that internet of things solutions are just going a bit crazy. I can’t see many companies being duped into purchasing such a system when the value proposition is so low.

Image from Media Post.

 

The system requires a hub which needs to be connected to somebody’s network – I guess either the company or mobile network and at the end of the day somebody will physically have to go and remove the dead mouse.

Copper Horse has been developing motion sensing over the past couple of years and we’re now well down the road with our second prototype. The product is called Extrasensory and we’re pretty pleased with it. We’re showing this off to various people at Mobile World Congress 2017. We have a number of our prototypes out there being tested. We have created a versatile product that can be used to detect different forms of motion on everything from doors to drawers, jewellery boxes to stairs and sheds – and yes even sat next to a mousetrap in a garage, to monitor when the trap is set off!

 

No subscription, your notifications service and a reasonable price

It is unacceptable to us that companies choose to rip off businesses and consumers with expensive products that don’t deliver. We are designing our product with a “no subscription” model in mind – you just buy it and use it. In the same way, you can connect to whatever service you choose, you’re not forced into someone else’s cloud service or app. If you want tweets or to use services like IFTTT, fine – you own it so why not?

 

We’re also trying to get the price to a reasonable point – we can’t make promises but we’d like to be around the £100 mark.

 

We do not want your data

The product works either outdoors or indoors and specifically respects user privacy. We firmly believe there are better ways to create IoT products than following the existing crowd of a hub / cloud / analytics solution. OK we’re making our life more difficult in the process, but what is important is that we’re not sacrificing the user. We’re not selling anyone’s data or tracking what people are doing. We’re the anti-pattern to companies that do that sort of thing.

 

Demo

We demoed Extrasensory to a great audience at the Innovation on the Fringe event in Barcelona this afternoon. To prove our point about mousetraps, unfortunately our valued team member Roland needed to demonstrate this in person!

Roland!

So if you want to use our product for monitoring things outside like farm gates or something inside like the drawer you keep your passports in, then have a look at www.extrasensory.co.uk and sign up for updates on what’s coming. Feel free to get in touch if you want a conversation with us and we’ll be at Mobile World Congress all week if you want to meet in person – just tweet @copperhorseuk.

 

 

How do you standardise the Internet of Tigers?

 

Copper Horse CEO, David Rogers discusses some of the challenges for development of the Internet of Things and how to enable participation in standardisation from all across the world. 

 

A couple of months ago, I was present at a meeting in Geneva where the “Internet of Tigers” was discussed. The topic was raised by an African country – tigers are of course resident in Asia, although some do live on reserves in Africa, such as at Tiger Canyons in the Karoo, South Africa. Tracking of endangered species is a critical need for the world and a number of those animals live in Africa including the Mountain Gorilla, the Black Rhino and lesser known but endangered animals such as the Ethiopian Wolf.

 

Tiger

Image: J. Patrick Fischer

 

Real-time tracking of wildlife is a use case that is great to describe the benefits of the future in terms of the Internet of Things (IoT) and also future networks. Wouldn’t it be great if instead of only being able to use a few people to keep tabs on endangered species, we could crowd-source twenty four hour monitoring from people across the continent and the world? Not just from tags on animals, but perhaps even from live streaming video services right across national parks, even from above? Advances in technology in the past twenty years have been such that this is a realistically achievable objective within the next ten. Such technologies could also detect and deter poachers and hunters from destroying the last of a dwindling number of “trophy creatures” on the African continent.

 

Tiger Canyons currently track their tigers using satellite technology but with more advanced network technology, the sensors could be richer, send much more data, have hugely better battery life and be less burdensome for the animal. All of this would be much cheaper for them too, provided that the network infrastructure is deployed to give the right coverage.

 

So how do we get there?

The context of the “Internet of Tigers” comment was an ITU-T meeting. The International Telecoms Union is a specialised agency of the United Nations and the T sector looks after Telecommunications standardisation. As a UN agency it also gives a relatively level playing field in terms of every country in the world being able to attend, some of whom are sponsored, developing countries. Part of the ITU’s work is to develop technical standards in order to protect and support everyone’s fundamental right to communicate. The problem is they’re not very good at it. The intent and mission are absolutely admirable but while ITU-T certainly produces a lot of documentation, the truth about ITU is that quantity does not equal quality. This is represented by the lack of implementation of many of the standards in the majority of the connected products on the market – the main reason for this that I hear from manufacturers is that the standards are often simply so bad that they cannot be implemented. The same can be said for testing against those standards.

 

 

Counterfeit Devices

Taking the problem of counterfeit, you wouldn’t think this would link to Tigers, but bear with me.

 

Counterfeit mobile devices are a big problem for African countries. The market penetration is very high relative to other markets around the world. The reasons are relatively straightforward – the basic economics of smartphones means they are very expensive for people living in some of the poorer countries, but they’re still desirable. If someone offers you a cheap, but very similarly functioning phone that broadly works and looks the same, you’re probably going to have it. You’re never going to be able to afford an iPhone so why not? Ordinary people can’t and won’t pay more. The same logic applies across the world when it comes to consumer demand for counterfeit products.

 

A number of countries including Kenya, Tanzania and Uganda have switched off these devices because they can cause havoc with network management; the radios are not calibrated properly and they simply can’t be identified – the counterfeiters don’t care as long as someone buys them. The components being used often contain harmful substances because they’re being manufactured and sold illicitly. There is however a real dilemma here. A friend from Ghana told me that the challenge for regulators is that counterfeit products still help to connect people and that improves their lives. On the flip side, the phones have avoided (high) import taxation and have security and quality risks. If those phones are turned off, where does that leave the user?

 

Solutions that won’t work for Africa

One particular work item in ITU-T looks at tackling the problem of counterfeit by attaching an IoT-enabled chip on every product, actually increasing the price of an authentic product. This shows how far detached these people are from reality and appears to be from authors who clearly couldn’t care less about what the situation is like on the ground in many African countries.

 

The proposed work item was thrown out of Study Group 11 of ITU-T only to reappear in Study Group 20. The exact same proposal was then accepted. The implications are massive: an increase in e-waste of 100% on all products (not just electronic) shipped worldwide. The increased cost to manufacturers will of course be passed down the supply chain, ultimately inflated at the point of sale to the consumer. The ultimate cost to the environment and to our world in consumption is absolutely not worth the limited gain. There are most certainly better ways. The worst part of all is that the proposed solution would not impact the supply of counterfeit products. The criminals who run such operations do not stand still. They utilise and challenge new technologies in a constant arms race. What is needed is pressure to deal with the source of these problems and prevent the export of counterfeits to African countries. Some of these issues suffer from the country-driven approach at the ITU – it is not acceptable to say that China is the source of over 60% of counterfeits (which is from an OECD report). It is deemed more appropriate to say that “there are a lot of counterfeits in the world”. This kind of diplomatic get-out does not actually help to fix the problem.

 

So going back to our Tigers, the authentic IoT tracking device would itself be required to have another IoT module to track the tracker, probably doubling its price! It is difficult to think of anything more half-baked or ludicrous. The proposed system also attempts to use a proprietary solution called the Handle System instead of the internet, thus potentially increasing the implementation cost by many times. How does this help developing countries tackle the problem of counterfeit exactly? The answer is it doesn’t and that the counterfeit problem appears to be a convenient excuse for a pet project that just won’t work. Ultimately, it seems that African countries are being failed by the UN when it comes to ITU standards that should help them.

 

Digging into the problems at ITU

At the end of October, the World Telecommunications Standardization Assembly (WTSA-16) takes place in Hammamet, Tunisia. The Resolutions agreed at that meeting will lay out the activities of the ITU-T for the next four years. It is important, because strategically, this is what the working groups of that organisation will be working on, nominally to produce standards that achieve some useful objectives.

 

The problem is in the production of those standards. In some of the working group meetings, there are less than five people, sometimes from the same country. There are lots of mailing lists with no discussions on, just communiques from the secretariat. There are few technical experts, but lots of people from government institutions with policy backgrounds. If it sounds dystopian, imagine being stuck there, wondering what to do in the two hour long lunch break, or having to wait in Geneva from Friday morning until the following Monday for your next meeting. There are gross inefficiencies in the way that the meetings are structured in comparison to other standards bodies.

 

The lack of openness at ITU means a severe shortage of peer-review from experts who could usefully contribute their knowledge. In the age of the internet, experts from all over the world should, and could, be able to read and contribute to developing standards. Why should a UN agency close its doors to the people of the world in this way? What is there to hide? Why is it that standards-making for developing countries is a privileged activity for the few who can gain fellowships from the UN to attend these meetings? Couldn’t all or at least most of the standards making be done by conference call and on mailing lists? Other bodies succeed very well in attracting members and giving value to them whilst still being open and transparent about their activities – from open mailing lists to allowing external contribution for free, with no barrier to entry.

 

So not only do I think that in particular African countries are unfairly penalised by such archaic practices, I think they are led down a path where they are constrained by those fellowships to the point where they could be potentially held hostage by the ITU secretariat to decisions that benefit the institution or particular directions of travel which may not be ultimately beneficial to that country or its people.

 

So if not ITU-T, then where?

Well here’s a thing – other standards bodies were working on IoT standards long before the Study Group  on the topic at ITU ever existed (it’s called Study Group 20 if you’re interested and was started in 2015). There are few gaps to fill that haven’t already been addressed or where work is already scoped and underway.

Because the Internet of Things is not one “thing”, it is impossible for any one standards body to declare ownership. To do so is arrogant and misses the point about IoT – it encompasses so many types of things and network types that it is not monolithic. The ZigBee Alliance and ZWave do their bit, the Industrial IoT Consortium are doing their bit, the IoT Security Foundation are working on their bit. There are emerging radio technologies that will be longer range but low in data transmission capability. The list is very long and like the IETF, many of them have been building towards an Internet of Things for many years.

 

This is also tied to the long-term vision of 5G; IoT is linked in the sense that network segmentation can allow for different types of equipment, connected heterogeneously via multiple types of radio bearer. 5G means that for example, a personal health monitor could communicate along with a high speed streaming video – the two have very different resilience and data usage requirements. They almost certainly have very different physical and radio properties. New technologies such as Mobile Edge Computing (MEC) and Network Function Virtualization (NFV) will all help to facilitate this new world.

 

Not surprisingly, many standardisation bodies have been working towards 5G for a long time now, so the ITU-T’s IMT2020 project is not contributing much in this regard either. Don’t get me wrong – I do think the ITU could have a role to play, I just think to do it, wholesale reform is necessary.

 

A shorter version of this article was published in Souhern African Wireless Communications’ September/October 2016 edition, downloadable from: http://kadiumpublishing.com/archive/2016/SAWC1610.pdf

Copper Horse CEO Appointed Visiting Professor

View from York St John University
View from York St John University

David Rogers, the Copper Horse CEO has been appointed a Visiting Professor in Cyber Security and Digital Forensics at York St John University. The full text of the university’s press release is below. David intends to work with the university on security aspects of the Internet of Things as well as to encourage social inclusion within technology and cyber security:

York St John University appoints security expert as Visiting Professor in Cyber Security and Digital Forensics

The Computer Science department is delighted to announce the appointment of David Rogers, CEO of Copper Horse Ltd, as visiting Professor in Cyber Security and Digital Forensics.

Professor Rogers is a world-leading mobile security expert and is an adviser to the Department of Culture, Media & Sport on issues of Cyber Security. David chairs the Device Security Group at the GSM Association and sits on the Executive Board of the Internet of Things Security Foundation. He also teaches Mobile Systems Security at the University of Oxford.

Justin McKeown, Head of Computer Science, said: “David has worked in the mobile industry in both security and engineering roles for more than 17 years. It’s fantastic to have someone of his professional calibre working with our students.

“Much of our research activity within the department focuses on the Internet of Things. David’s knowledge in this field is highly valuable and his input will bolster and enhance our activities in this area.”

Professor Rogers said: “I am honoured to be given the title of Visiting Professor at York St John. In the technology world we face many challenges in the future – these can only be addressed by trained individuals who will fill the national skills gap in cyber security and perform cutting edge research for the Internet of Things.

“York St John University is uniquely placed to take a leading role with their students because they put ethics and social inclusion at the heart of their work. I am proud to play a small part and to give something back to my native county, North Yorkshire.”

Computer Science is one of a series of new science subjects introduced at York St John University within the past four years. Since its introduction it has gone from strength to strength. In September this year new BSc programmes in Software Engineering and Games Development will be introduced.

Copper Horse wins Most Innovative Startup Award

 

We’re extremely pleased that Copper Horse was given the “Most Innovative Startup” Award at Smart IoT London event for the Motion Project (now called Extrasensory). The project is aimed at increasing situational awareness by detecting and alerting to motion where that data would normally be lost. This could be doors, drawers – pretty much anything that can move. We’re still in the early phases but we have functioning prototypes and are dealing with a huge amount of interest from potential investors.

 

We also plan to change the way that people think about IoT and to show that there is another way of doing things that doesn’t involved grabbing lots of user data and breaching privacy on a wholesale basis.

 

More details on the award and an interview with David Rogers are here.

 

David Rogers receiving the Most Innovative Startup Award for Extrasensory
David Rogers receiving the Most Innovative Startup Award for Extrasensory

 

 

 

Copper Horse at Smart IoT London – stand IL16

If you’re interested in our Motion Project or IoT security, come and meet us at the Smart IoT event at ExCel in London on the 12th and 13th of April 2016. We’ll have a stand in the InnOvaTe Launchpad, IL16.

logo_iot_new

Our CEO, David Rogers will be speaking in two sessions:

 

12th April:

Security of Things Theatre
What if we approached security in a different way for IoT? How can products and services be designed to both protect consumers whilst managing the risk of attack? This talk will discuss the problems of privacy and security in IoT and prevention strategies for avoiding becoming sitting ducks for attacks which pivot into corporate networks or cause catastrophic problems with physical, human consequences.

 

13th April:

InnOvaTe Launchpad
Mobile industry security expert David Rogers explains how the Copper Horse Motion Project takes a different approach to IoT. He shows how it is possible to respect user decisions and privacy whilst providing useful services and even open data.
View the full programme of speakers, it should be a great event and we look forward to seeing you there!

Exhibiting at Mobile World Congress 2016 – Stand 7C70e

20150228_134027

We are excited to announce that Copper Horse will be exhibiting at Mobile World Congress 2016 at the Grand FIRA in Barcelona 22-25 February 2016. Come and visit us in Hall 7 at Stand 7C70e. We will have some fun challenges on our stand including the chance to try your hand at lock picking. We will also be demonstrating the intelligent door, part of the Motion Project, allowing the monitoring of very distinct data points while allowing you full control of your privacy. Here at Copper Horse, we firmly believe that you are not the product.

 

You’ll find us at a number of events on-site including running the UKTI Cyber Security in the Mobile World sessions at lunchtimes on Monday 22nd (Connected Car Security)Tuesday 23rd (Future Network Security) and Wednesday 24th (Cyber Security in IoT) on stand 7C40 as well as speaking in the main conference on Thursday 25th. Monday the 22nd evening sees the “Dark and Stormy – The Cyber Happy Hour” from 17:15 onwards which will include drinks, food and some amazing Pecha Kucha talks. Our CEO, David Rogers will be MC’ing the event. We encourage you to come along to the cyber sessions as they’re all good learning opportunities as well as good for networking with other security professionals and experts. For all the UKTI events, just turn up to the UKTI stand 7C40 and try to get there early as the seats fill up fast.

 

We will also be hosting our invitation only, annual security dinner on the Sunday at a secret location in Barcelona.

 

Copper Horse is a UK based mobile systems security consultancy and solutions provider. The company provides world-leading security expertise on mobile and connected devices. The organisation is currently focused on advising clients on Internet of Things security threats, strategies and solutions as well as developing a security-focused IoT product through the company’s “Motion Project”. The company will focus on a consumer-focused IoT security strategy in 2016 with the theme of “You are not the product”.

 

If you’re interested in working with us, here are some of the services we provide:

 

• Security threat and risk analysis, strategies and solutions
• Internet of Things solutions development (security, software, hardware)
• Mobile handset security expertise (throughout the stack from hardware to browser)
• Incident handling and responsible disclosure expertise
• Smart Home security consultancy
• Connected Car security consultancy
• Small cells security
• Bespoke security and anti-fraud solutions development (including software and hardware)
• Standards consultancy
• Specialist investigations and product/market threat and risk analysis
• Technology horizon scanning

 

We look forward to meeting you in Barcelona!

 

 

Note: This blog was edited to add more details and events on the 10/02/16.

Security Threats to IoT

 

Our CEO, David Rogers recently presented at Bletchley Park on some of the security issues facing IoT as part of the NMI IoT Security Summit. If you’re interested in the future of IoT security, the future connected world, including connected living, smart cities and automotive feel free to get in contact and have a chat with us.