uWatch embraces established IoT technology to developing secure applications

May 19, 2023 | Case Study, Internet of Things, IoT Case Study

The uWatch innovative 2nd generation Smart Cube achieves IASME IoT Cyber Assurance Level 2 certification.

uWatch Ltd designs, develops, & manufactures a sensor-rich physical IoT hub called the Cube. It is completely portable and available in battery, solar, USB or mains powered versions that don’t use Wi-Fi, inspiring the product strap line, “No Mains, No WiFi. No Problem”. The Cube is a pocket sized computer with a uWatch developed operating system and unique communications protocols, it has need to know and peace of mind applications with security built in.

“For crime prevention to work, you need to know that the crime is happening now, rather than having expensive high quality CCTV footage show you that you became yet another a victim of organised crime” commented uWatch Business Development manager, Craig Geerthsen.

uWatch’s generic alerting systems can employ remote sensors the size of a matchbox which have a clear line of sight with a range of 2 km, or several hundred metres through buildings and woodland. One Cube is capable of managing 20 remote sensors. Using an example of fuel or cargo theft, the Cube will alert the driver in their cab in under 10 seconds and in another 30 seconds, via the GSM network the Cube will alert the HGV operator’s HQ and the driver’s phone.

 

The uWatch story

In 1983, serial innovator and uWatch technical director, Norman Guiver put a barcode on a membership card and called it a Swipe card. It took IBM a further 7 years to make the magnetic strip reliable enough for modern day bank cards. In 1999, the company that Norman founded, Microcache Ltd was sold to a PLC with 83 employees selling £2m of cards a year to organisations like British Airways, P&O, and Windsor and Maidenhead council.

Norman initially co-founded uWatch in 2014 to target the pest control industry. The unique electronic trap used Bluetooth shock sensors and SMS to report when the trap had been activated. However, it was quickly realised that rats and thieves present the same technical challenge, “to get rid of them, you have to catch them in real time not just move them to the county next door” commented Norman.

After the range and penetration limitations of Bluetooth had been identified, in 2020 uWatch acquired government funding to work with University College London to integrate *LoRa, the next generation of remote sensor communications technology.

Had the company adopted the LoRaWAN quick route to market to replace Bluetooth, then a lot of the necessary system protocols and utilities would have already existed. However, the Cube would then have been subject to data transfer limitations and the inherent vulnerabilities that all IoT networks have which allow them to be jammed.

After 3 years of R&D, the uWatch implementation of LoRa is unaffected by *jammers. The system is capable of alerting an owner asleep in their bed at 3am of someone trying to steal their £95k Range Rover from their driveway, or indeed the GPS off the roof of their tractor half a mile away within 10 seconds.

 

*LoRa and LoRaWAN

LoRa, which stands for Long Range, is a wireless data communication technology. It describes the radio frequency for how data gets from point A to point B. LoRa is widely acknowledged for its ability to send small amounts of data over great distances.

LoRa Wan is the protocol that runs on top of the radio technology that lets the data conversation happen in a structured manner. It describes the system that dictates who can talk, when they talk and how they talk.

 

*What is a jammer?

A jammer is an illegal device that blocks wireless signals across all common radio wave frequencies. It functions by emitting an electromagnetic disturbance, sometimes called ‘noise’, on numerous frequency bands at an intensity that overwhelms the target receiver, making reception impossible. Portable devices confiscated by the Home Office were used to carry out crimes by jamming Wi-Fi, Ring Doorbell, GSM and vehicle trackers so the criminal’s activities were undetectable.

 

Certifying the Cube to IASME IoT Security Assurance level 2 and Secured by Design

The Cube has achieved the IASME IoT Cyber Assurance level 2 certification. This is an innovative cyber security advice and certification scheme for IoT devices that has been developed to be accessible to startups and smaller manufacturers, alongside bigger players.

The IASME certification has satisfied the strict Secure Connected Device accreditation criteria leading to Secured by Design certification. Secured by Design is the most well-known of the Police Crime Prevention Initiatives (Police CPI) portfolio. Secured by Design (SBD) operates an accreditation scheme on behalf of the UK Police Service to show that products or services have met recognised security standards.

 

IASME helped uWatch to improve their cyber security

The IASME IoT Cyber Assurance certification process helped uWatch to identify some security weaknesses in their back-end systems. Changes were made by the uWatch development team during the process to introduce a single higher level of administrative access, internal audit logs of access at these levels and most importantly, two factor authentication. Some documentary records were not being kept and others needed updating. The company’s system development and support processes were found to be comprehensive, not least because the Cube has very few ways in which attackers could physically extract data from it. The system’s software components, the Watch-It and WeWatch apps are primarily data collection or reporting devices with no facility to access the uWatch operational systems.

 

Advice to other IoT manufacturers

Obtaining IASME IoT Cyber Assurance certification for the Cube allowed uWatch to demonstrate the cyber security of their product to customers and to build trust in the uWatch brand. uWatch hope that other companies within the industry and beyond will take note of their achievement, try the IASME scheme and follow in their footsteps to produce safe IoT products for the UK market.

uWatch Technical Director, Norman Guiver says, “The IASME certification process was intense but we worked closely with Jason Cresswell of Cyber Security Consultants, 10 Steps Ltd who guided us seamlessly through it. Whilst he highlighted some areas where we needed to make improvements our development team addressed these changes during the process confirming how quickly we can respond”.

 

About the IASME IoT Cyber Assurance scheme

The IASME IoT Cyber Assurance scheme aligns with all 13 provisions of the worldwide standard in IoT cyber security, ETSI EN 303 645 and with the UK IoT security legislation. The scheme is accessible and affordable to all IoT device manufacturers, large and small, allowing manufacturers to get advice on how to improve the security of their products.

The Level 2 scheme includes a hands-on audit of the device and provides the assurance of third-party testing and independent certification. The audit is managed by an Assessor, skilled in IoT cyber security, from one of IASME’s network of Certification Bodies. The scope of the certification includes the IoT device and any associated hub, app and cloud service the device relies upon to operate.

IASME have been working in partnership with SBD to contribute to the Secure Connected Device accreditation. IASME’s IoT Cyber Assurance level 2 scheme certifies internet connected devices against the most important cyber security controls and makes up an essential part of the framework for the accreditation.