03/12/2014

VDC Research is Attending EE Live! in San Jose

VDC Research will be attending the EE Live! conference and trade show (formerly known as the Design West Embedded Systems Conference) in San Jose, CA, April 1-3, 2014. Contact us to schedule a meeting!

While we are at the conference, we welcome the opportunity to meet with attending vendors to learn more about their embedded solutions and any show-related (or other recent) announcements. You can arrange a meeting time with VDC analysts by contacting us directly.

For Hardware-related meetings: Contact Chris Rommel, Executive Vice President, M2M Embedded Technology Practice, VDC Research Group at: crommel@vdcresearch.com or 508.653.9000 x123.

For Software-related meetings: Contact Steve Hoffenberg, Director, M2M Embedded Software & Tools, VDC Research Group at: shoffenberg@vdcresearch.com or 508.653.9000 x143.

Haven't decided yet if you're attending the event? Please check out the EE Live! website for more information on the conference program as well as information on all of the companies that will be exhibiting.

02/21/2014

Is this a run on static analysis?

The static analysis solutions market is one of the most dynamic segments VDC’s embedded software team currently tracks. While still a relatively young and evolving technology, static analysis has rapidly become a standard -- perhaps even necessary -- element of the software development lifecycle. Software is emerging as the primary agent for differentiation and resource investment for more companies as they try to speed the delivery of innovative new solutions. The development of increasingly complex software needed for these devices and systems is accelerating growth of code quality and security issues that static analysis is designed to address. In parallel, there is a growing awareness of the potentially catastrophic impact of software failure. As a result, we expect static analysis tools to generate revenue growth exceeding many other tooling segments.

“Strong forecasted growth and the presence of several profitable, small, and privately owned companies among market leaders make the segment (static analysis) ripe for mergers and acquisitions.”  - VDC Research, Stategic Insights 2013, The Global Market for Automated Testing and Verification Tools

Earlier this week Synopsys, a prominent supplier of electronic design automation and semiconductor IP solutions, announced it reached an agreement to purchase Coverity for approximately $375M (US).

The news is compelling for several reasons. Code analysis offerings of Coverity represent a logical expansion of the existing Synopsys portfolio into an adjacent technology area. The acquisition of Coverity would provide Synopsys with the leading vendor share position in the static analysis tool market, a segment expanding at a compound annual growth rate greater than 15%. Furthermore, the combined sales teams and existing customer bases should provide excellent opportunities for both Coverity and Synopsys to increase sales into new realms, primarily the semiconductor and ISV markets, respectively.

The Coverity acquisition by Synopsys should not be viewed in isolation. There was another acquisition of a leading code analysis supplier in January, when Rogue Wave Software purchased Klocwork. We see the opportunity for many of the same synergistic benefits to the Klocwork/Rogue Wave integration as in the Synopsys/Coverity combination. It will be interesting to see if these recent acquistions provide the necessary impetus for more potential suitors to buy one of the remaining independent static analysis tool suppliers.

01/28/2014

VDC Research is attending Embedded World 2014!

Contact us ASAP to schedule a meeting!

We will be making the trip across the Atlantic again this year to visit the largest embedded technology tradeshow of the year, embedded world in Nuremberg, Germany.  Last year, the conference boasted over 22,500 visitors and 865 exhibiting companies! 

While we are at the conference, we welcome the opportunity to meet with attending vendors to learn more about their embedded solutions and any show-related (or other recent) announcements.

You can arrange a meeting time with VDC by contacting us directly.

For Hardware or Software and Tools related meetings:

Contact André Girard, Senior Analyst, M2M Embedded Technology Practice, VDC Research Group at: agirard@vdcresearch.com or 508.653.9000 x153.

 

Haven't decided if you're attending embedded world yet?

Please check out the embedded world website for more information on the conference program as well as information on all of the companies that will be exhibiting. You can also click here to register.

We look forward to seeing you at the show!

01/27/2014

Is Embedded Android Ready for Prime Time?

Android for embedded systems is a relatively new concept. Beyond smart phones and tablets, few products on the market today run embedded Android. However, Android is poised to become a significant player in the embedded systems market.

Android is a subset of the Linux Embedded Operating System, and many engineers and developers have become accustomed to Linux in recent years. They trust the Linux kernel because it has no licensing fees, the source code is accessible, and it has a large community for developer support.

The lack of licensing fees is an attractive aspect of all Linux embedded services, however, many companies, including Google, have opted for a public license that is less burdensome, without responsibilities of contributing back to the open source community. VDC believes that this is a strong point in favor of Android. Engineers’ desire to avoid commercial licenses such as Apache and BSD is one of the main reasons why 27% of OEM embedded device engineers said their organizations were currently developing Android products (2013 VDC Research Survey).

VDC estimates that Android embedded devices will experience growth in annual unit shipments of 26% per year from 2012 through 2015. In order to accommodate this rapid growth, Android needs to capitalize on its application framework where it has plenty of talented developers. But if Android is to successfully break away from Google, it must have even stronger support from the developer community.

Through the evolution of embedded processor technologies, OEMs will continue to switch to the Android embedded OS because of its support for graphical user interfaces, integrated connectivity, and royalty-free licensing. However, there are concerns about the security of Android in embedded devices, given the proliferation of Android malware in the mobile phone market. Among the ways Android security concerns are being addressed are Security-Enhanced (SE) Android, which isolates applications and restricts their permissions, as well as the use of OS virtualization to run Android alongside another more secure OS on the same device.

For Android to flourish in the embedded market, it has the daunting task of competing with the historic leaders: Microsoft and Linux. Currently, Microsoft systems dominate embedded device classes. In 2011, VDC estimated that Microsoft ranked number 1 in commercial embedded OS market share; competing against Wind River, Mentor Graphics, MontaVista Software, QNX Software Systems, and now Android OS.

Microsoft has been a leader in the embedded devices and systems market for over 10 years. However, many OEMs are now looking beyond the Microsoft brand, and are beginning to recognize the benefits of Android as an embedded OS: open-source platforms, evolving technology base, source code access, and royalty free business model. Linux license restrictions have further sparked a transition to embedded Android which offers more public licenses. Throughout many embedded device classes (smart phones & tablets, medical devices, connected car systems, and military situational awareness systems), Android should see major growth in market share. The stability of the Android’s infrastructure and the expertise within its ecosystem will enable it to successfully penetrate the embedded systems market. Embedded Android is about to enter prime time.

by Conor Peal, Research Intern, M2M & Embedded Technology

12/19/2013

Target’s Data Breach: A Wake Up Call For Retail POS Systems Vendors and Customers

By now, everyone has seen the news that Target Stores suffered a massive credit and debit card data breach, as acknowledged by the retailer. The company says that more than 40 million card accounts may have been affected through card swipes at its brick-and-mortar stores between November 27 and December 15. [Target later revised the number of affected customers upward to 110 million.]

In a letter posted today to its customers, Target says that, “information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code).” Target hasn't stated whether the CVV data is CVV1 (which is stored on the magnetic stripe) or CVV2 (which is printed on the physical card). Some have speculated that the data (with CVV1) may have been intercepted in transit between the card swipe readers and the point-of-sale (POS) terminals, at which point it may not have been encrypted.

In VDC’s opinion, it is far too early to conduct a post-mortem on what went wrong and who’s to blame. It is not too early, however, to raise the alarm about the possibility of future breaches of this type. VDC estimates that worldwide POS device shipments in 2012 totaled 1.9 million units of terminals/workstations and 11.6 million units of transaction card readers (including magnetic stripe and contactless chip-and-pin). With a market that size, the retailer with the bull’s-eye logo surely won’t be the last target of POS hackers.

In addition, millions more small sled type card readers are being sold for direct attachment to mobile phones and tablets, which presents another security risk. The mobile devices to which those card readers attach have even less controlled security than dedicated POS terminals.

This Target breach will spark an immediate wave of retailers and POS systems vendors reevaluating their security protocols on every level. In the short term, this event likely will stall some of the business deals in process for the retail embedded systems vendors, while customers and vendors pay extra attention to credit card security, such as compliance with the PCI Data Security Standards, before proceeding further. In the long term, it will make clear the need for more end-to-end security in retail systems, and ultimately boost the business for many vendors in the embedded security ecosystem. Vendors will raise the profile of credit card security in their product offerings and their marketing. And retailers will increase their engagement with independent security consultants and/or vendor security services to protect their consumers’ data from compromise.

By Steve Hoffenberg, Director M2M Embedded Software & Tools, with Richa Gupta, Senior Analyst AutoID & Data Capture

12/12/2013

Cross-domain integration: the new look of engineering

The benefits of enhanced integration and collaboration between different engineering disciplines are undeniable. A cross-domain integration approach is becoming more important and beneficial as products become more complex. To ensure that products function properly, it is imperative that developers understand how the software, electrical, and mechanical components work together. Using cross-domain integration, product developers are more efficient while also addressing the concerns of both managers and end users, helping ensure that the product is the best it can be.

In VDC’s 2013 Software and System Development Survey, 45% of the respondents indicate the biggest advantage of cross-domain integration is an improved overall design, followed by improvement in the overall product management at 38%. Increased communication and collaboration among different engineering disciplines leads to organizations better connecting the separate silos of knowledge from each domain. This leads to better coordination of the software, electrical, and mechanical components, as well as a greater awareness of the impact changes in one domain will have in another. As a result, organizations are able to see improved product quality and less product failure. Another main advantage is improved traceability (35%), which is becoming more prominent as the number of process standards increases in industries such as automotive and medical.

Despite the benefits and increasing use of cross-domain integration, universal adoption is not right around the corner. Overcoming companies’ current organizational structures is extremely challenging. Many organizations have been working in separated engineering teams for years, with each team having formed distinct policies and procedures.  However, the possibility of greater engineering synergies and improved product quality is enough for most organizations to realize the potentials of cross-domain integration.

By Sarah Foreman

Research Assistant, M2M & Embedded Technology

12/10/2013

The AllJoyn Protocol: Does Its Openness Compromise Security?

On December 10, the Linux Foundation announced the formation of the AllSeen Alliance, an industry consortium that seeks to expand the Internet of Things in home and industry. Premier members include: Haier, LG Electronics, Panasonic, Qualcomm, Sharp, Silicon Image and TP-LINK, with more than a dozen additional community member companies.

The members plan to adopt an open-source peer-to-peer communications framework called AllJoyn, originally developed by Qualcomm Innovation Center and launched back in 2011. Qualcomm has now contributed AllJoyn to the Alliance. AllJoyn is hardware agnostic and can run on multiple popular OSs including Linux, Android, iOS, and various Windows desktop and embedded versions (despite the Alliance being announced by the Linux Foundation). You can find technical details of AllJoyn at www.alljoyn.org, so we won’t describe the protocol at length here.

AllJoyn enables devices to interact at the app-to-app level. The protocol handles much of the communication over ad hoc proximity networks, such as Bluetooth and Wi-Fi, with the ability to mix and match devices with different communications protocols, so that apps don’t have to deal with the lower level functions. Qualcomm’s early emphasis was to enable multi-player gaming across a variety of unlike devices, but the AllSeen Alliance seeks to foster adoption across a much broader range of devices in “the Internet of Everything.”

AllJoyn facilitates authentication and encrypted data transactions between devices. But how will AllJoyn prevent unintended devices from joining a group of devices given that the protocol was designed to make device discovery and connectivity as easy as possible?

In the case of Wi-Fi, assuming that the network is set up with proper Wi-Fi Protected Access (WPA), AllJoyn doesn’t make it any easier to gain access to the network without the security key, particularly if the network is set up to allow only whitelisted devices. For Bluetooth, a hacker within range (about 10 meters) conceivably could spoof the identity of a known device, to trick a user into accepting it into the network. In conventional Bluetooth communications, once devices are paired and connected, they could have free reign over numerous applications on each other. With AllJoyn, the protocol can be used to limit which apps can talk to each other on which device. In that sense, AllJoyn should actually increase the security of Bluetooth devices. When combined with encrypted communications, no security holes are obvious (although it’s best to assume that hackers will discover some).

In addition, AllJoyn devices are able to communicate with each other in the absence of any Internet connection, which in certain scenarios will eliminate entire realms of security risk.

VDC expects that the AllSeen Alliance will succeed in gaining acceptance of AllJoyn for consumer electronics and home control applications. But the very names AllSeen and AllJoyn imply a degree of openness that won’t inspire confidence among industrial and critical infrastructure users. The convenience advantages of AllJoyn probably won’t outweigh security concerns for those users.

Secure Your Software Supply Chain

The rapid growth in software-driven content for embedded devices is not new - nor is the recognition that connectivity and the Internet of Things are fundamentally changing the ways that OEMs deliver value to end clients.

The ways in which OEMs are responding to these new content and feature creation requirements, however, are adding new layers of complexity to the SDLC - and vulnerabilities - to their products. While many engineering organizations are scaling internal software development efforts and receiving a increasing percentage of their code bases from third-party sources, they are often not placing proportional investments into their security and quality assurance processes and tools.

Code Sources

 

While there is no silver bullet to eliminate code defects and vulnerabilities, the best practices to develop high-integrity software are no secret either. Solutions like static analysis tools and premium requirements and variant management tools can help OEMs limit the introduction of some defects and identify many others in advance of product deployment. In an industry where connectivity and security risks are increasing dramatically with each product generation, engineering organizations must recalibrate their risk assessment calculus and prioritize software defect and security vulnerability mitigation.

Tomorrow, Wednesday December 11th, I will be digging more into these trends and challenges facing our industry during a webcast at 2pm ET, sponsored by Klocwork.

 

Register herehttp://bit.ly/1hZoaGs

 

 

11/29/2013

The Foibles of Fingerprints

When Apple announced the iPhone 5s in September 2013, much of the popular press hailed the device’s inclusion of fingerprint sensing (dubbed Touch ID) as a major breakthrough in mobile security. The more astute journalists pointed out that Motorola had brought to market fingerprint scanning in the Atrix 4G handset back in February 2011, more than two and a half years earlier. As an owner of the Atrix 4G since its early days, I can provide some insight into the real-world ups and downs of using a fingerprint scanner on a daily basis, although the proliferation of fingerprint devices presents greater security concerns.

In terms of usability, the fingerprint method clearly surpasses PIN or password or pattern input as a way to unlock a mobile handset, particularly when it’s a function that gets executed dozens of times a day. It’s one of the reasons that I have hung on to the Atrix 4G as one of my phones for this long.

FingerprintSensorMotorola Atrix 4G fingerprint sensor

A couple of scenarios confound the Atrix 4G’s fingerprint recognition. One is short term changes in fingertip skin, such as from recently wet hands that distort the skin (an extreme example being “prune finger” from shower or bath) or otherwise cause moisture-related problems for the capacitive finger sensor. (In this type of sensor, the fingerprint image is generated by electrical rather than optical differences between ridges and troughs.)

Another problem appears to be seasonal, in that skin condition varies enough from summer to winter here in New England that I have to recalibrate the handset with a fresh set of print samples a couple of times a year. A device with more sophisticated pattern recognition algorithms and more powerful processing might be able to account for such variability, and perhaps the iPhone 5s is better than the Atrix 4G in that regard.

No doubt law enforcement uses more elaborate techniques for matching prints, but as a consumer device, the Atrix 4G does remarkably well, correctly recognizing my print more than 95 percent of the time on the first swipe (i.e. fewer than 5 percent false negatives). The likelihood of false positives, that is someone else’s finger successfully unlocking the phone, is effectively zero.

Sure, a determined attacker could poach a fingerprint from somewhere else and dupe it onto the sensor, as was widely publicized when a group of hackers successfully accessed an iPhone 5s that way only a few days after the product’s release. However, the odds of that actually happening to a phone in the wild are slim, as long as the handset maker doesn’t build the housing out of a glossy plastic that’s a fingerprint magnet. The odds are probably higher that an attacker would pick up a user’s PIN or password just by watching over the shoulder.

A much greater risk would be if hackers managed to distribute malware via an innocent looking app that uploads fingerprint data to a central server where it could be used for other nefarious purposes. Even if the fingerprint images stored on the handset (Data At Rest) are adequately encrypted, a smart enough attacker with the right level of access might be able to capture the raw data from the sensor as the finger is scanned (Data In Motion). Embedded devices of any kind that include fingerprint recognition need to be designed from the start to prevent such access. (Companies such as AuthenTec offer on-sensor encryption.) In addition to critical infrastructure like energy grid and transportation management, fingerprint sensors increasingly will appear in multi-factor authentication for broader embedded applications for financial transactions, building access, medical records, biotech laboratories, home security, and a range of consumer electronics products.

Theft of one person’s fingerprint would be an immense hassle for that individual but not a societal threat. A method of surreptitiously capturing prints from thousands or even millions of consumers could present a massive security nightmare, especially since those prints later could be employed on other devices for which a user has fingerprint access. All it would take to expose such a risk would be one consumer electronics manufacturer that shortcuts the design of one popular product to save a little on development time or BOM cost.

Users don’t have the option of resetting their compromised fingerprints as they do their passwords, and they don’t have the option of using different fingerprints to access different systems, at least not beyond the limit of two hands’ worth. Ironically, fingerprints may become less secure in the long run than other forms of authentication. In the meantime, I’m hanging onto my phone.

10/24/2013

Android to Transform Medical Device Market

In an increasingly mobile environment infused with continual technological innovation, OEMs are considering new platforms to develop embedded systems. While there are various platforms to choose from, Android has emerged as the foundation of many new embedded systems. It boasts natural advantages compared to other operating systems – iOS, Blackberry, and Windows to name a few – such as its robust open source user-interface, integrated connectivity, and royalty-free licensing, which can minimize cost and provide OEMs flexibility as they try to fit technology to specific industry needs.

Emerging tools in the medical space mark the potential innovation Android can bring to health care. New diagnostic methods and software systems in mHealth (mobile health) help medical care become more accessible to consumers. Android provides a flexible environment for developers and integrated connectivity between devices, making it a preferable tool in mHealth. Android-based applications can perform various functions, from simple tasks such as keeping track of medication schedules to more advanced measurement capabilities. Consumers can attach different add-ons to their Android devices and track vitals in real-time, from blood pressure and glucose level assessments to even ultrasound imaging.

OEMs can further streamline healthcare by creating embedded systems that perform multiple functions. Rather than switch between individual add-ons to test blood pressure and glucose level, doctors would be able to use a single device and even track results that can be shared to all of the user’s Android devices. Android systems provide great user interfaces and connectivity, two key parameters OEMs are considering in developing new medical devices. Although smartphones and tablets comprise of most of the current Android market share, medical devices exhibit the highest predicted growth at 71.7% annually.

While medical devices are a prime use-case for Android, the market is still in its infancy. OEMs remain reluctant to redesign systems to run Android (or any new OS) as it often requires considerable customization. Decisions by Google and other key market participants will also hold an influence and shape the growth of Android as a software solution.

Beyond the medical space, Android OS is expanding into other markets such as connected car systems and situational awareness systems. To better understand more specific drivers of Android adoption in the medical space and others, please read through the report's executive brief. The full report, Android in the Embedded Systems Market, discusses global market trends, device class forecasts, and important insights about ecosystem participants and end-users.

by Howard Wei

 

Recent Posts

VDC Research is Attending EE Live! in San Jose

Is this a run on static analysis?

VDC Research is attending Embedded World 2014!

Is Embedded Android Ready for Prime Time?

Target’s Data Breach: A Wake Up Call For Retail POS Systems Vendors and Customers

Cross-domain integration: the new look of engineering

The AllJoyn Protocol: Does Its Openness Compromise Security?

Secure Your Software Supply Chain

The Foibles of Fingerprints

Android to Transform Medical Device Market


Related Posts Plugin for WordPress, Blogger...