Things of Internet: How smart devices fail because of their Web dependence

Credit to Author: Alex Perekalin| Date: Mon, 03 Dec 2018 13:40:59 +0000

After a long day at work, you’re heading home. You open an app in your smartphone and tap a button on the screen. A dozen miles away, your apartment comes to life. Smart bulbs light up, the smart thermostat starts to heat the room, the smart kettle begins to boil the water for your evening tea. A smart home seems so convenient!

But every coin has two sides, and the flip side of this one is that smart homes rely on a lot of things to work. And because every single thing is subject to malfunction, the more third parties you use, the less reliability you get.

A freezing disconnect

A few days ago, Twitter saw a surge of complaints from owners of Netatmo thermostats who suddenly lost the ability to change the temperature in their houses. That was a result of some Netatmo servers going down, and the remaining servers not being able to handle all of the user requests.

Netatmo thermostats have a manual override mode for such situations, and it’s supposed to allow users to change the temperature manually, not using the app. But it seems that for some customers, it didn’t work, and so they were left in their freezing homes with pieces of brilliant but completely useless tech.

There’s another dimension to that problem: Dependence on third-party providers creates even more points of failure. For example, some smart devices are controlled with a very interesting service called IFTTT (If This Then That), which is hosted on the Amazon Web Services platform. When a glitch in Amazon’s infrastructure brought IFTTT servers down last year, users were left unable to turn on the lights or do anything else with their smart home appliances until the servers were back online.

Smart home’s end of life

An outage at the data center is not the only thing that can happen to a smart home. Once upon a time (before 2014, to be more precise), there was a small company called Revolv that produced smart hubs — those boxes that are supposed to be the center of your smart home and communicate with the app on your smartphone. The hub and the app use the server to speak to each other.

But, you know, businesses are sold and bought, and that’s what happened to Revolv — it was purchased by a bigger smart-home vendor called Nest (which Google had bought several months prior to the deal).

After the acquisition, Nest immediately stopped selling Revolv smart hubs, although the existing devices continued to work for a while. However, in 2016, Nest decided to rid itself of Revolv’s heritage completely, and it shut down the servers that were responsible for handling the Revolv infrastructure. After the shutdown, which happened in May 2016, Revolv smart hubs became absolutely useless. They couldn’t do anything. At all. And the app was no longer accessible. Back in 2014, a Revolv hub cost $300 — a nice price for what would effectively become a worthless plastic box in a couple of years.

GDPR-incompatible bulbs

The enactment of the GDPR (Global Data Protection Regulation — the EU’s law regulating data processing) had quite an impact on the Internet — for example, some US websites are inaccessible from European IP addresses because their owners chose to avoid handling European citizens’ data; if something went wrong, it would’ve cost those companies a fortune.

GDPR has affected real-life objects as well — the Internet and physical world are too entangled nowadays to avoid that. For example, in Europe, Xiaomi Yeelight smart bulbs, which allowed remote control using an app, lost all their functionality after a GDPR-compliant update for the app was issued. They became just normal bulbs that you could turn on using a light switch. Better than nothing, but probably not what people expected when they were buying those light bulbs.

Robovac spies

None of the aforementioned hiccups happened on the user side: Netatmo thermostats, Revolv hubs, and Yeelight bulbs would’ve been perfectly functional if not for something happening on the server side. And there’s actually a lot happening there. Vendors collect and process the data their apps and smart appliances gather. The data serve two clear purposes: to enable the smart appliances’ functions and to develop new features. They also help the vendor learn more about you. Oh, and some of them sell that data, too.

Our data being sold and bought is nothing new to anyone who hasn’t been living under a rock for the last decade. But sometimes we just don’t realize what information about us is collected and how. We all know that Google and Facebook collect data, but do all Nest users realize that Nest was purchased by Google and is now under Alphabet’s umbrella? That Google now owns information about the temperature in their house, for example?

And do owners of iRobot robotic vacuum cleaners know that iRobot and Google recently reached an agreement that, among other things, allows Google to peer into the home-mapping data gathered by the robovacs? Basically, Google now knows your home’s layout — in addition to the many other things it already knew about you.

It’s not only Google and Facebook that are obsessed with user data. Xiaomi is gathering floor plans with its Xiaomi Mi Robot vacuum cleaners as well. Did we mention that Xiaomi robovacs can only be operated using an app that works only if it’s connected to a server (for most users, that’s a server in China)?

Final blow

These problems may not seem big enough to outweigh the convenience of remotely controlling your home appliances. But there’s no shortage of serious incidents. This October, something happened with the app that controlled the Yale smart alarm system — and it wreaked all kinds of havoc in homes equipped with this alarm. People were forced to stay home because they couldn’t turn the alarm off. It took Yale engineers more than a day to fix the issue.

Earlier, a similar problem occurred with smart locks manufactured by Lockstate. A misdirected firmware update bricked locks. All of them.

Who on earth uses smart locks? Turns out, AirBNB hosts are big fans, so the glitch affected more than 200 AirBNB guests, who found themselves locked out of their rentals. Worse, the problem couldn’t be fixed quickly with a new remote firmware update — users had to either remove the locks and return them to the vendor for repair or wait for an engineer to come and replace them. Either solution took 2–3 weeks.

We call connected devices the Internet of Things, but we might just as well call them Things of Internet — they are absolutely dependent on being connected, and if something goes wrong with the connection, be it a server problem, connectivity issues, errors in apps or firmware, or something else, they are rendered mostly or even totally useless — and definitely not smart at all.

https://blog.kaspersky.com/feed/