Opendata, web and dolomites

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - MENDER (Securing the worlds connected devices through open source and ease of use)

Teaser

\"The objective of Mender.io project is to secure the world’s connected devices, which is growing at a rapid pace. Mender.io specifically enables an easy-to-deploy software update mechanism for connected devices.The problem being addressed is that IoT devices deployed in the...

Summary

\"The objective of Mender.io project is to secure the world’s connected devices, which is growing at a rapid pace. Mender.io specifically enables an easy-to-deploy software update mechanism for connected devices.

The problem being addressed is that IoT devices deployed in the field will inevitably have software bugs and/or security vulnerabilities that will allow bad actors to leverage them in major cybersecurity attacks. This is a major ongoing issue, with the \"\"October 2016 Dyn Cyberattack\"\" as a clear example of the consequences of vulnerable IoT devices: the cyber attack was executed through a botnet enslaving insecure IoT devices which brought down large swaths of the Internet that day through a DDOS attack. Most major sites were down, including Amazon.com, GitHub, Comcast, The Wall Street Journal, and Netflix: https://en.wikipedia.org/wiki/2016_Dyn_cyberattack

Maintaining the security and privacy of businesses and consumers alike is one of the biggest challenges of the rapid digital transformation the world is undergoing. It also ensures that bad actors cannot leverage insecure IoT devices to attack any entity at-will.

Our overall objective is to ensure the security of the world’s connected devices and allow creators of smart IoT products to have a reliable, secure, and robust mechanism to update and patch their IoT devices.\"

Work performed

In our first year of Mender project, we have been able to successfully achieve our targeted objectives/milestones w.r.t Mender product feature development, commercialization of Mender and important partnership development to establish strong groundings in our target market.

In this period, we successfully developed, tested and deployed few important technical product features that we’re planning on offering in the enterprise version of Mender.

On product innovation and commercialization level, we learned extensively from our initial/basic product offerings and our open source community users. After a careful review of target market inclination, feedbacks and usage analytics, we updated our business plans whenever deemed necessary to stay on top of current market demands. Such pragmatic business innovation and commercialization planning enabled us to secure a few key partnerships.

As instructed by the commission, we also demonstrated our focus on ensuring our compliance with GDPR and other data privacy policies in allocated deliverables under “Ethics Requirements”. Given that the core focus of our Mender project is the security and robustness of connected devices, ensuring the data and information security of our users is of paramount importance for us.

In summary, our Mender product development is on track w.r.t developing all the planned features/modules within targeted timeline and entering market with business offerings that would address up to date market demands and establish a strong presence.

Final results

With the advent of IoT and the proliferation of connected embedded devices across a variety of industry verticals, one of the biggest challenges in developing competitive products is the ability to efficiently deliver remote software updates at scale, while using industry best practices in security and robustness.
Building a homegrown solution seems easy at first glance, but many custom solutions are built without security in mind. They also lack a robust update process where the devices are at risk of bricking if power failure or poor network connectivity occurs during an update. Many malicious attackers specifically scan for recently published security vulnerabilities with the intent of seeking outdated and vulnerable systems. Malware - such as Mirai, Hajime, BrickerBot, and Reaper - have successfully targeted insecure embedded systems. The number of compromised devices is in the millions and growing.
Research shows the probability of a vulnerability being exploited reaches over 90%. If the vulnerability is remediated within 5-10 days after discovery, that number drops to under 10%. This can have considerable impact on how OEMs deliver product features and bug fixes at cost effective measures.

Mender is on a mission to deliver the most widely adopted OTA update manager with security and robustness as its prime directive!

Website & more info

More info: https://mender.io.