|
Did you receive this newsletter as a forward? Subscribe here
|
|
| A deep dive into Helium's hotspot and business plans |
| |
| By Stacey Higginbotham |
| Earlier this year, I plugged in a Helium hotspot and created a node on a distributed network designed for the internet of things. Three months later, I am prepared to share my experience with the hotspot, along with how my thinking around Low-Power Wide-Area Networks (LPWANs) has changed as a result of this experiment.
First up, let's talk about Helium's history and business model. The company was created in 2013 because its founders realized that the internet of things was promising, but also tough to implement. If you wanted to make connected sensors useful and ubiquitous you had to make connected sensors easy to install and cheap to operate. Which is why when Helium first launched it was building a proprietary radio protocol embedded in sensors. |
|
| — Helium currently has coverage in the US, but plans to expand later this year. |
|
| That didn't work. So Helium changed up the model. Amir Haleem, the company's co-founder and CEO, has long been a proponent of a decentralized internet, so he created a decentralized IoT networking protocol called LongFi and adopted cryptocurrency to make it worthwhile for people to become nodes on Helium's network.
Haleem's insight was that LPWANs for the internet of things needed to be plentiful and cheap. If you charge a lot of money to send relatively small amounts of data you'll only get high-end use cases, such as tracking diamond shipments or whatnot. And there are plenty of existing networks—including cellular—that meet that need. What the IoT needed was a way to send small amounts of data at low power for a penny or so per transaction.
That way if a company wanted to connect a smoke detector to the internet, it could afford to do so in a manner that wouldn't make the device cost-prohibitive, or require the manufacturer of the smoke detector to create a subscription plan simply to pay for data. The cellular industry is trying to build a low-cost network for IoT on traditional licensed spectrum called NB-IoT. Other companies, such as Sigfox and Senet, are also trying to build low-power IoT networks from scratch.
But Haleem's contention is that if the goal is to try to connect a bunch of data-sipping, low-cost devices to the network, the cost of building a centralized network is simply too high. Instead, the network must be decentralized and look more like a shared, user-created network.
And so both the Helium hotspot and Helium token network were born. Haleem hopes that users will install Helium's physical routers on their broadband networks to create an ad hoc IoT network that will transfer data over those users' home or office broadband connections. To incentivize users and create security, Helium created a blockchain called Helium Network Tokens that accrue to people who run a Helium hotspot.
Helium hotspot owners can earn tokens for providing a connection to passing devices as well as for simply existing as a node on the network. For now, Helium Tokens are exchanged for data credits, which allow your devices to surf on the Helium network. In early March, Helium announced that it would add LoRa support for its network, which was a big deal for the company, because at that moment the network became useful for hundreds of existing sensors and devices already in the world.
It also meant that more people would have an incentive to buy or build a hotspot for the Helium network, because there was now more demand for such a network. For me, it meant that suddenly my Hotspot would get more pings, earning me more tokens.
So now let's talk about the Helium hotspot experience.
The hotspot is a $350 device that plugs into an outlet and sits on your Wi-Fi network. When you open the box and plug the router in, you start by downloading the Helium app, which is available on iOS and Android. (I'm using Android). First up, you'll need to choose a set number of security words in case you need to access your account.
Because this is a secure network, only you have these security words, and only these words will unlock your account so that you can get tokens and adjust things. If you lose them, you will be forever locked out of your Helium hotspot and the tokens it generates. So write them down on the card they provide with the box and store them safely. All of which also means that once you own a Helium hotspot and link it to your account, you are its owner forever. That might change one day, but for now, there's no resale value in a Helium hotspot.
Once you have your words securely written down and stored, the process of getting the hotspot up and running takes about two minutes. Seriously, you just plug in some cables and let it go. It took mine about three days to finally authenticate to the network, but that's probably because I live in a remote area and am the only hotspot for miles. In nearby Seattle, however, there are quite a few.
So far, I've earned 520 Helium tokens since joining the network on March 2, and I can send those to others using the system by using a QR code. I'm not super clear on this part, since I've been in quarantine that whole time and don't really have a device that needs data at the moment. I'll also note that if you don't want to buy a Helium hotspot, Helium is fine with that. The company is licensing its software so makers can put it on their own LoRa hotspots while still becoming part of the overall network and earning tokens.
To test my network, Helium sent me a LoRa GPS tracker. While they added it for me, it seems like a simple enough process to connect a device to the console. One way or another, I can now manage my devices and eventually transfer data credits so those devices can stay connected. Currently, data credits aren't needed during the beta process.
I can now track where my LoRa GPS tracker goes on a map or create notifications, as well as send the data from the GPS tracker to other cloud services. Someone who has more experience with backend device management applications would need to review the features of the platform, but I thought it was fairly easy to understand. Coverage isn't a problem for me on the island where I live, and I've picked up other hotspots during my brief journeys into Seattle for doctor's appointments.
I haven't embarked on my usual spring conference travels because of the quarantine, but Helium's coverage map, for now, seems to have most major U.S. cities covered. I am excited by the concept, and hopeful that the company can really bring an LPWAN to the mass market. And honestly, I'd be thrilled if my network were to be a part of that, tokens or not. |
|
|
|
|
| Guide to IoT development frameworks & best practices SPONSORED |
| |
|
IoT products have the potential to transform every aspect of your business. In this guide, discover everything you need to know to make your product vision a reality. You’ll find:
- Best practices
- IoT development paradigms & frameworks
- Potential use cases
Download now
|
|
|
|
|
| Let's talk about UL's device security rankings |
| |
| This week, GE Appliances became the first appliance company to achieve UL's gold-level certification under UL's new IoT security framework. While this is a good thing—and I'm not knocking GE Appliances for its efforts and attention to security—I thought it would be a good time to talk about exactly what UL's gold certification means for security.
UL launched its IoT device certification program last year, with five levels ranging from bronze to diamond depending on the strength of various security practices. I recently downloaded the full specifications to understand what made a device gold vs. diamond, and whether or not a gold-certified device was really secure. |
|
| — The different UL security certification levels. Image courtesy of UL. |
|
| Since GE Appliances is touting its gold-level certification for many of its connected appliances, and because that certification is in the middle of the overall certification pack, let's take a look at what that level means. On an overview page, UL says when gold-certified products store and transmit data they will use industry-supported encryption. Gold-certified devices also are "secure and ready for use without unnecessary intervention by the user," and if the device connects to an app, that app is monitored and maintained for security concerns. All of which sounds pretty good until you read about all of the certifications in detail.
Gold-certified devices, for example, don't have a hardware root of trust. That means there's no secure element on the device side to ensure it can't be co-opted to run malicious code. Gold certification doesn't require user data to be anonymized (only diamond-certified devices do that) nor does it ensure that when error messages or logs files are sent those files won't expose sensitive information. And they don't require notification if the company decides to change the privacy policies associated with data and the device.
Still, gold-certified devices are probably secure enough for most home appliances. Companies have to make trade-offs between security and convenience, and also between cost and convenience. Implementing the highest levels of security on a common device doesn't always make sense if the data it has isn't sensitive, or if it's not a device that can be controlled remotely to create physical damage.
However, in general, I'm frustrated that gold is the middle of the certification pack, leaving silver and bronze certifications as viable options. To achieve a bronze-level certification, a device basically has to avoid using a default password, allow a factory reset with the push of a button, and have an update policy. What it doesn't need to do is monitor the app or cloud for vulnerabilities. Nor does it need to anonymize or erase customer data on request, or to have a vulnerability management program.
I'm not sure I'd trust a bronze-certified device to count my eggs, much less do anything close to a real job in my smart home. And yet, I worry that a consumer might pick up a product, see that it has a bronze-level UL security certification, and think they were getting some kind of commitment to security that the device won't deliver.
Beau Woods, a cybersecurity expert and advocate with I Am The Cavalry, says that it's good to see companies like GE Appliance using the UL certification because it shows that they are thinking about security. But he does wish the lowest UL certification had more security elements to it.
"I think there are some good things in bronze, but I think there should be a lot more in bronze," he says. For example, he thinks having a vulnerability disclosure program is essential for any connected product, and to really do that well a company should have a software bill of materials so they know what's in their product that might be vulnerable.
But having a software bill of materials isn't mandated until a product tries for the two levels above gold. And even at the bronze level, it doesn't appear that a company has to have some way a security researcher could reach out to a vendor to let them know their software has a bug. Woods thinks that should be part of any security program.
I personally worry that someone might look at a gold certification and think it was the best option. Gold might be good for a washing machine or fridge, but it's not good enough for a consumer device that has sensitive data or a device connected to critical infrastructure systems or banking accounts. So I suppose my hope is that as UL rolls out these labels people will get more sophisticated about what certifications matter based on the device role and the data it has. |
|
|
|
|
| Unleash the value of your edge devices SPONSORED |
| |
|
Machine learning at the very edge will enable valuable use of the 99% of sensor data that is discarded today due to cost, bandwidth, or power constraints. TinyML technology is unlocking new possibilities using sensors, audio, and vision in machine monitoring, asset tracking, facility management, health, safety, and more. Watch this webinar to learn what TinyML is and how Edge Impulse is enabling developer and enterprise success.
Learn more and follow the latest on Twitter |
|
|
|
|
| Episode 268: Subscription news from Wink and Nest |
| |
| This week's show is all about subscriptions! First, Kevin and I share thoughts on Wink's decision to charge a subscription fee after giving customers a week's notice and threatening to shut down their devices if they don't convert. We also detail Nest's new subscription plan and stay on the Alphabet/Google topic by discussing the end of the Toronto smart city effort from Sidewalk Labs and a new Google Assistant skill. After that, we cover a new Teensy board with Ethernet, an acquisition in the smart apartment world, and get details on how reopening is going in Texas from the B8ta point of view. I also talk about my experience with the new, smaller Wi-Fi August lock. |
|
| — The brains of Johnson's smart home are packed away in custom-made benches. Image courtesy of Jason Johnson. |
|
| Our guest this week is Jason Johnson, the co-founder of August Home. He's not on the show to discuss the new lock but to talk about his new home and the systems he uses for automation. Like many of us, Johnson went the DIY route and says he spends about five or more hours a week tweaking his set-up. He explains why he chose the platforms he uses and how he has routines and automation set up. For those curious about what's governing the 138 nodes in his home, I encourage you to listen and find out. |
|
|
| This week on the IoT Podcast Hotline, we answer a listener question about how to build a smart home from scratch.
The IoT Podcast Hotline is brought to you by Schlage. With 100 years of experience in the security industry, turning innovative ideas into smart solutions is what we do best. See how staying at the forefront of IoT adds convenience and security to your life at Schlage.com. |
|
|
|
|
|
|
|
|
|
| News of the Week |
| |
AI could be the secret to better energy harvesting: For IoT to become truly ubiquitous we need to ditch both wires and batteries. Researchers at Newcastle University in the UK and the Uppsala University in Sweden have been working on using different dyes on photovoltaic cells to help them work more efficiently on indoor light. Which is great, but they are also using machine learning to help the device powered by the solar cell determine when it's likely to have more access to energy so it can change its behavior. Instead of a binary sleep-wake cycle, future devices could use machine learning to anticipate typical lighting patterns and schedule energy-intensive events like a software update for times when they may have ample light. Researchers are already using ML to make batteries more efficient, so the concept is already out there. Of course, I'm not sure I want my devices shutting down in the middle of the day for a software update, but we'll see. (IoTNow Transport)
How UPS is using the internet of things: Let's talk about sensors at scale! TechRepublic sent a reporter to talk to Mike Allen, a transportation technology manager at UPS, and Juan Perez, the company's CIO, and wrote a five-part series on how the logistics company is deploying sensors and changing its operations. More than 100,000 trucks are outfitted with sensors and GPS at UPS, leading to millions of messages a week, some 50-60 million of which are simply location data. The goal is to get sensors that measure the volume of packages each truck and electronic door locks for the trailers. I wish the series spent more time diving into how these sensors are powered, maintained, and their data ingested into buckets for real-time, short-term, and long-term use. But in another article in the series, we do get to read about drone delivery. (TechRepublic)
Wink's latest SNAFU: The Wink smart home platform abruptly went to a subscription model last week, giving users a week to pay a $4.99 subscription fee or see their devices stop working. Based on "feedback," Wink's management has now given users another week (until May 20) to decide whether or not to upgrade to a subscription fee. At the same time, I just received a notification from my connected garage door opener letting me know that it was no longer going to let me control my garage door using Wink. Indeed, I can still see my Chamberlain MyQ status in the Wink app, but I can no longer control it. I'm not sure if this is an effort by Chamberlain to stop supporting a failing platform, or if it's a cost-cutting measure of its own. Chamberlain has had its own issues in the past with charging users for accessing its device through other platforms. We'll keep an eye on this. — Stacey Higginbotham
Trend Micro anticipates the rise of OT-specific malware: Right now, much of the perceived risk in connected manufacturing environments is focused on malware infecting IT networks and, in the process, stealing data or causing other problems. But as the IT and OT worlds converge, Trend Micro anticipates more threats that are designed to take advantage of these proprietary OT networks. To mitigate the risks, it suggests putting more integrity checks in place on OT networks (in other words, not trusting information on these networks as much as before) and developing new detection tools designed to find malicious OT code. The other takeaway is that these formerly air-gapped networks might have a smaller or non-existent gap now thanks to industrial IoT. So the OT world needs to spend more time (and dollars) on security. (Trend Micro)
More money for machine learning at the edge: SiMa.ai is the latest chip startup to get funding for edge-based machine learning, raising $30 million in a round led by Dell Technologies Capital with help from Amplify Partners, Wing Venture Capital, and +ND Capital. The company is designing a more efficient chip to handle machine learning, but it sounds like it won't be ready for sampling until 2021. This is a huge and growing sector of the internet of things as companies recognize that bandwidth, privacy, and latency force more machine learning to happen close to the sensors as opposed to sending the data to the cloud for processing. I write about one of these startups twice a month, so I'm going to give this one a moment before getting too excited. (TechCrunch)
Open-source RISC-V chips are available for all: The CHIPS Alliance, which is an offshoot of the Linux Foundation trying to make open-source instruction sets and silicon designs available, has tweaked two RISC-V-based cores to make them more appropriate for use by companies seeking to use them for embedded and high-performance designs. The Alliance has validated the SweRV Core™ EH2 for high-performance jobs such as machine learning and the SweRV Core EL2 for low-power, embedded jobs. The validation included testing how the cores will work with various design and testing tools. (CHIPS Alliance)
A nice update on IoT in practice: Over at Network World, the editor has created an essay that covers some broad trends and topics as a way to showcases a dozen or so stories the publication has written about the use of IoT. Check it out for an easily digested overview and links to some case studies you may not have seen. (Network World)
More thoughts from me on privacy and CVOID-19 tracking: In this month's column at IEEE Spectrum I discuss how track-and-trace efforts can safeguard user privacy while still meeting public health goals. It's probably familiar to those who read the newsletter, but I'll leave it here for those who are into this topic. (IEEE Spectrum)
I reviewed the newest August smart lock with Wi-Fi: Click on through to see what I think. (StaceyonIoT)
Interested in sponsoring this newsletter and the IoT Podcast? Get more information and contact us here. |
|
|
|
|
|