nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Yale Security Fail: 'Unexpected load' caused systems to crash, whacked our Smart Living Home app

Silver badge
FAIL

The "Smart Home" crashed?

Why the surprise and outrage? When you shift everything into the cloud (extra "f" added for politeness) then it would be amazing if you don't have occasional outages like this. The real failure was not the "unexpected load" but simply the unanticipated absence of service in the app - but it's an app so that's normal too.

Welcome to the 21st century - there's more to come...

53
0
Silver badge

Re: The "Smart Home" crashed?

They designed it wrong, the app should work on the LAN with cloud for those who really must control things outside their house (if they enable the feature first).

So far I think only Ikea's done this.

Also, what does "unexpected load" mean? DDoS?

27
0
Silver badge

Re: The "Smart Home" crashed?

What could possibly go wrong.

13
0
Anonymous Coward

Re: The "Smart Home" crashed?

An "unexpected load" is when you put the tape in labelled jet set willy but end up with chuckie egg.

22
0

Re: The "Smart Home" crashed?

Danny Dunn saw this coming the year of my birth,

0
0
Bronze badge

Re: The "Smart Home" crashed?

Welcome to the 21st century - there's more to come...

===

or not, dependant on if its crashed or not ..............

1
1

Also, what does "unexpected load" mean? DDoS?

"unexpected load of shit"

It's just the end got cut off (when really someone should cut off their end).

0
0
Silver badge

Re: The "Smart Home" crashed?

Been saying - and doing - this for years, Dan. I've built a "LAN of things" for my off-grid homestead to automate what I can here - and it's never been on the internet at all. It controls things like the solar power system, the backup generators, heaters (plumbing/freezing), water collection and purification, general status reporting to database and CGIs for realtime status display and control, video cameras (nice game shots here in the wild) and whatever else I can do with some pi's, odroids, and ESPs.

(detailed on my sci/tech forums which I won't pimp here)

It's great and pretty reliable, but nothing is perfect, so of course, having watched the aliens on Star Trek take over the computers - only a plot device for them...there are manual backups. But saving having to go turn valves and unbolt access panels in nasty weather most of the time is valuable.

As far as I can see the only reason to put ANY of this on the internet is to slurp data in an even more blatant (but probably less effective?) way than the big outfits known for this. It can be pretty intimate - my barometers all show every time a door is opened or shut, water flow shows a flush...and so on.

So it's all for profit - and not yours. How many people really NEED to do anything with their home from away? How did they manage without it only a few years ago? People need to be asking themselves....

11
1
Silver badge

Re: The "Smart Home" crashed?

Just wait, it'll get worse:

"I'm afraid I can't do that, Dave."

2
0
Anonymous Coward

Re: The "Smart Home" crashed?

Just avoid any "Smart" Home system that has an AE35 unit for comms.

1
0
Silver badge

Re: The "Smart Home" crashed?

@ Dan 55

unexpected load - someone accidentally jizzed on their cloudy servers when doing some one handed web browsing?

0
0

Re: The "Smart Home" crashed?

"Just avoid any "Smart" Home system"

There, I've fixed it for you :-)

0
0
Silver badge
Trollface

Smart Living Home app

The snark writes itself.

13
0
Silver badge
Anonymous Coward

No monitoring fee

How long do you get service if there's no cost for it? (when it's working)

Is that viable?

Is it a ponzi scheme where your continued service depends on new marks splashing the cash for a connected alarm that's used to fund the service for existing customers?

13
0
Silver badge

Re: No monitoring fee

How long do you get service if there's no cost for it?

For the lifetime of the product. If you ensure the product dies when you take away the service, that need not be very long.

22
0
Silver badge

Let this be a lesson

for anyone even daring to think about using IoT for this sort of thing.

All it needs is a heavy footed JCB operator and you are locked out of your home possibly for days.

All your data could be gone forever.

As I've said before, in the main, IoT is an answer waiting for a sensible question.

25
0
Silver badge
Devil

Re: Let this be a lesson

...IoT is an answer waiting for a sensible question.

What is the best way to fill your life with utter crap?

17
0
Silver badge

Re: Let this be a lesson

"and you are locked out of your home possibly for days."

Your point is solid generally, but when it comes to being locked out of your home for days, that won't happen as long as you have an outside window you can break.

5
0
Silver badge
Joke

Re: Let this be a lesson

...IoT is an answer waiting for a sensible question.

How about "how to transfer money from someone's pocket into the pocket of a slimy snake oil salesman's in the modern world?"

11
0
Bronze badge

Re: Let this be a lesson

I think ICOs still have that one...

0
0

Re: Let this be a lesson

IoT is an answer waiting for a sensible question.

How to get free rides on your local university campus' dockless bike ride-share system with bikes secured with BT LE and a crappy mobile app?

1
0
Silver badge

Re: Let this be a lesson

All it needs is a heavy footed JCB operator and you are locked out of your home possibly for days.

Well when I couldn't talk to the alarm over the interweb I just used the keypad.

Pain in the arse, YES, but not like not being able to do stuff.

2
0
Silver badge
Gimp

Re: Let this be a lesson

"for anyone even daring to think about using IoT for this sort of thing."

Depends on how you do your IoT. I am spending months deploying IoT at home, each step building on the last and tested. My "hub" is Home Assistant running on a Lenovo Thinkcentre (which is properly designed to live in harsh environments). It is backed up and is on a UPS and ethernet connected. I also have a standby VM, just in case. https with a Lets Encrypt cert. and HA Proxy on the front (pfSense router). I have multiple VLANs, host firewalls deployed etc. I maintain my home network to as near to PCI DSS as is possible (yes, really! I'm CREST accredited and do ISO 9001 and 27001 at work) One other design requirement is that everything fails safe and/or has a manual control where applicable.

This lot has to be signed off by wifey ...

6
1
Silver badge

Re: Let this be a lesson

Yeah, gerdesj - see my post above. Roll your own and it might be fine...otherwise you're the product; that's getting tired, but what else to call this crap?

The question of who should be liable for software failures occasionally comes up on Bruce Schneieir's security blog...

MS would have gone bankrupt long since even if it was a nickle per incident. Systems failure - the big things like airplanes have laws in place...Self driving cars are going to get interesting. IoT is yet another place the question is too open.

Seems like consumers should demand something other than a handwaving warranty that doesn't cover anything. I resist saying there should be a law, as that hardly ever ends well.

1
0

Re: Let this be a lesson

That's a lot of power being used there...

0
0
Anonymous Coward

Re: IoT is the answer

The question was "How do we fool people into giving us total control of their lives and then cutting them off from it?"

0
0
Silver badge

Re: Let this be a lesson

@gerdesj I find your exquisite rigour and attention to detail immensely, uh... entertaining, considering that in my experience Home Assistant on its own regularly and gleefully breaks absolutely everything seven ways to hell simply by applying its latest version (at least as far as z-wave devices are involved - I have no idea what _you_ have and whether that fares better or actually worse, considering the fundamental issue is not technical but one of HA dev attitude).

0
0

I am so confused...

Will someone remind me again why connecting your whole home to some nameless, faceless smartphone app is a good idea?

28
0
Anonymous Coward

connecting your whole home to some nameless, faceless smartphone app is a good idea?

AirBnB, innit. It's disruptive.

4
0

An unexpected load killed my keyboard...

...and my smart bidet died so I wasn't able to wipe my own ass all day.

12
0

This post has been deleted by its author

Silver badge

Re: An unexpected load killed my keyboard...

You should try a bidet with a spin cycle!

Wheee!

5
0
Bronze badge
FAIL

Unexpected load? Really?

This is EXACTLY the sort of business that should be on GCP or AWS. Properly configured, the worst a customer will see is a long response time. Even if they screw up & do a thundering herd, autoscaling will prevent actual outages. (And if they do a rolling deploy, they will realize the thundering herd LONG before it takes their systems down.) Straight up failure to apply basic SRE principles.

If it is DDOS, the route to mitigation is already quite well known. Again, straight up fail.

3
11
Anonymous Coward

Re: Unexpected load? Really?

I can think of a number of causes for “unexpected load” and only some of them relate to a lack of hardware or bandwidth capacity.

TSB could have released a similar statement earlier this year.

Or a less PR savvy “everything is f*****......”

The difference is one is a regulated bank and the other is some company that you have trusted with your physical property security with not much to back that up.

4
0
Silver badge

Re: Unexpected load? Really?

"Properly configured, the worst a customer will see is a long response time."

Properly configured a customer should not even need someone else's computer unless they need access to the system when they're our of range of their own WiFi. And, just in case the WiFi goes down, if they're at home they should be able to do whatever's needed through the control panel.

11
0
Silver badge

Re: Unexpected load? Really?

And, just in case the WiFi goes down, if they're at home they should be able to do whatever's needed through the control panel.

One power outage and the control panel is useless. What's wrong with just having a key lock? Or at least a physical key to unlock the wonderous computer controlled lock?

3
0
Silver badge
Paris Hilton

Re: Unexpected load? Really?

Its not fancy enough.

Thankfully I have experience enough with people telling me I am panaoid and things like Alexa can't be hacked (When really I see no point wasting money on it and would rather not spend an evening telling a stupid speaker to Meow).

1
0
Silver badge
Devil

Re: Unexpected load? Really?

"Or at least a physical key to unlock the wonderous computer controlled lock?"

I can only speculate, but I have a suspicion that it's a market-imposed constraint; playing the devil's advocate, I assume slapping a convenience electronic control module on top of a conventional key-based lock may simply not be a convincing value proposition for the average punter who looks at it and goes "I want an e-lock to ditch my keys, not to need to keep them on top of one more nuisance to configure and manage!"

PS - You don't actually need your keys - I haven't looked at this particular lock but I do have a Yale smartlock on my desk, and it should be unlockable via its keypad (or RF fob); also, it does not depend on the mains as it's battery powered (also operable with an external 9V battery if you let the internal ones go flat).

0
0
Silver badge

Re: Unexpected load? Really?

"also operable with an external 9V battery if you let the internal ones go flat"

So now, instead of keys, I carry a (hopefully working) 9V battery? No thank you. I'll stick with keys.

0
0
Silver badge

Re: Unexpected load? Really?

"What's wrong with just having a key lock?"

Yup. The first rule of automating anything is "always have a manual override."

0
0
Bronze badge
Trollface

Re: Unexpected load? Really?

Oh, come on! Everyone knows that manual override never works!

1
0
Silver badge

Re: Unexpected load? Really?

"So now, instead of keys, I carry a (hopefully working) 9V battery?"

Are you in the habit of not only not minding to change batteries in battery-operated gear (no more than maybe once or twice a year) but also of disregarding its warnings that it's going flat if you let it? If yes, then yeah absolutely, you more than deserve to have to carry a 9V battery around. For normal people, it's merely an extra safety feature that they never should come to need to use.

0
0
Silver badge

Re: Unexpected load? Really?

Regardless, I'll stick to keys. Fewer things to go wrong ... and a hell of a lot less expensive. Win-win.

2
0
Silver badge

Re: Unexpected load? Really?

That's ok, so do I - although ever since I started watching lock-picking stuff on Youtube I feel an irresistible urge to ROFL any time I look at a key. They are definitely far cheaper than any of these smart locks though...

1
0
Silver badge

Re: Unexpected load? Really?

No need to laugh at locks ... they exist to stop crimes of opportunity, and work quite nicely for that ... However, be aware that if a criminal chooses to bust into your home, a brick through the window next to your front door will work quite nicely, the lock isn't even going to slow them down.

2
0
Silver badge

Re: Unexpected load? Really?

Well, they'll also need a long ladder for that... :))) Blocks of flats do have _some_ advantages....

0
0
Silver badge

Re: Unexpected load? Really?

As a hobbyist lock-picker of many years, I know what you mean. However, the majority of electronic locks that I've had the opportunity to play with haven't posed any greater difficulties than the average consumer-level physical lock.

1
0
Joke

Rather "Dumb" Living Home App

"Unexpected Load"....Phooey!

I imagine the folks at Yale must have a lot of children too.

0
0
Anonymous Coward

"Unexpected Load"

I'm pretty sure that's how I was conceived.

(At least that's what I was told during a heated argument with my father when I was a teen )

1
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing