Tag: OTA

OTA releases draft IoT Trust Framework spec

~ hucktech ~ Leave a comment

As found on Dark Reading, yesterday the IoT Working Group of the Online Trust Alliance (OTA) released a trust framework draft.

Internet of Things Lacks Safety Today, Opening Door to Major Threats Tomorrow, Warns OTA

BELLEVUE, Wash. – The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, today released its Internet of Things Trust Framework, the first global, multi-stakeholder effort to address IoT risks comprehensively. The framework presents guidelines for IoT manufacturers, developers and retailers to follow when designing, creating, adapting and marketing connected devices in two key categories: home automation and consumer health and fitness wearables. In the spirit of collaboration, OTA openly invites industry leaders to review the document and provide feedback. With members that include ADT, AVG Technologies, Microsoft, Symantec, Target, TRUSTe, Verisign and nearly 100 other subject matter experts, the OTA IoT Working Group was formed in January 2015. Through extensive research, this taskforce concluded that the safety and reliability of any IoT device, app or service depends equally on security and privacy, as well as a third, often overlooked component: sustainability.

IoT Trust Framework – Security, Privacy & Sustainability

The Internet of Things (IoT) moniker is being applied to 1000’s of devices, offering increased utility, functionality and other consumer and business benefits.  In the rapid race to bring products to market, many lack basic security protocols, privacy considerations and related safeguards.  Others have insecure processes and appear to be failing to consider fundamental privacy principles. While it is recognized there is no “perfect security” or “absolute privacy”, the lack of standards and controls increases the risk of exploits, data breaches and abusive data use policies to consumers and businesses worldwide.

https://otalliance.org/initiatives/internet-things
https://otalliance.org/news-events/press-releases/internet-things-lacks-safety-today-opening-door-major-threats-tomorrow

Click to access iot_trust_frameworkv1.pdf

http://www.darkreading.com/endpoint/iot-working-group-crafts-framework-for-security-privacy-/d/d-id/1321708

Google revises Nexus update policy

~ hucktech ~ Leave a comment

Last week, Adrian Ludwig (Lead Engineer for Android Security) and Venkat Rapaka (Director of Nexus Product Management) posted a blog entry on the Official Android blog, announcing a change to the Nexus update policy:

“Nexus devices have always been among the first Android devices to receive platform and security updates. From this week on, Nexus devices will receive regular OTA updates each month focused on security, in addition to the usual platform updates. The first security update of this kind began rolling out today, Wednesday August 5th, to Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player. This security update contains fixes for issues in bulletins provided to partners through July 2015, including fixes for the libStageFright issues. At the same time, the fixes will be released to the public via the Android Open Source Project. Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.”

Nexus aside, I hope other carriers also have clear policies about updates.

Read the full announcement here:
http://officialandroid.blogspot.com/2015/08/an-update-to-nexus-devices.html?m=1