back to article Door keys are an option. It's just a matter of time

"In order for any internet of things hardware manufacturer to survive, we can't sell hundreds of thousands of units, we have to sell millions," says Jason Johnson, CEO of smart-lock manufacturer August. After years of talking about the "internet of things", this year CES decided 2015 was actually the year of the internet of …

  1. ma1010
    Facepalm

    Solution looking for a problem

    So many of these (id)IOT devices are a solution looking for a problem. For example, I bought a new garage door opener and was advised that I could also purchase an extra device to allow me to attach my garage door to my home network. Why? So I could open the garage door with my phone. I thought that's what the little button thingie was for. It is? Well, then, why would I want to expose my garage door controls and history (read: when I go to work and home) to hackers/thieves when I don't need to? Oh, just because it's COOL to be able to use my phone to open the garage door?

    No, thanks. I don't feel the slightest desire to connect my garage door, front door, light bulbs, refrigerator, bed or toilet to the Internet.

    1. Anonymous Coward
      Windows

      Re: Solution looking for a problem

      I certainly would not want MY toilet history splashed all over the web!

    2. Lee D Silver badge

      Re: Solution looking for a problem

      I'm a tinkerer, so I like joining things together but I only do it where I see a purpose.

      So my car has in-car GPS tracking. Sure, it can go on the Internet and provide me a live trace of my car's whereabouts but it doesn't, unless instructed. Having it online and able to a) text me if it moves and b) text me it's exact location is very handy, however.

      I just put access control on the side-gate to my house. My girlfriend wants to lock her bike away, not in full view, and we have a side-alley that's perfect. We don't want to leave it open, though, so - while balancing on her bike - she has to be able to cycle to the door, unlock it, go inside, lock up her bike, come back out and get into the house. The alley has a gate from and back of it (the back leads to our garden). I don't want the back gate being opened except from the garden. There's no need. So the easiest solution was to put on an RFID reader and a maglock. She can cycle up, doink her tag on the gate and get in without someone else doing the same. She doesn't have to faff with keys from a bike, or get off the bike only to then wheel it into the alley. And the bike is safe.

      Side-track? Well, while doing this, it was actually cheaper and easier to put in all the RFID and maglock than even a conventional decent gate-lock. And we know if the gate is opened as it beeps in the house. And, as massive online-orderers, we often have parcels delivered. Traditionally they are given to our neighbours but - honestly - we think that's annoying for both them and us. For large parcels we could now provide a code to get into the alley where parcels can be left and locked away. But for things like that, being able to REMOTELY open the gate is something I'm considering. The same GPS kit I use in the car has the ability to control relays by text message (for cutting off the fuel-pump if your car i stolen), and it's about £20 for the whole thing. Putting that it would let me know on my phone if someone's opened my home gate and allow me to open it for them. I often get delivery drivers phone when I'm at work and ask where the parcel can be put safely.

      Now, I have an analog CCTV system. I bought a cheapy DVR recorder for it. It can record 16 channels and has a 1Tb hard drive so it can store several MONTHS worth of CCTV. Better, however, is that it *can* be accessed remotely. I don't do it as a matter of course but - should my side-gate be opened with a code, or I get a phone call, I can see who they are and what they're delivering and that they've done it right and not walked off with my girlfriend's bike in the process.

      Feature-creep like this is inevitable as the hardware gets to the point where it's so cheap that you get the feature for free. I'm actually quite anti- living my life through cameras and smartphones. I've spent years of my working life trawling CCTV footage of one kid pushing another in a playground, and it's not at all fun. I quite like the last few schools I've worked for because they just don't have that level of CCTV nor need it. But, still, the ability to buy a cheap device and it have these features is great as a geek. I lock them down and don't just have them providing a way into my home network, but that's just a question of specific management of them.

      However, a cheapy £20 in-car GPS has this stuff nowadays, including GPRS/3G live tracking, relay control, text-alert etc. A cheapy £75 DVR has it too, including free smartphone app. As we move forward, everything gets all these features "for free", and that's the real danger - you can't stop manufacturer's putting in a generic chip that does everything and offering its entire functionality up to the user even if they only bought it as a GPS-tracker. But how do you lock that down, manage it, audit its usage, etc.?

      That's the problem we face. Not "why would you do that" (the answer is, the second someone makes an electronic fridge control with those features for a couple of quid for each chip, every fridge in the world is going to start having the ABILITY at the very least), but "I have 20 devices that ALL do that by default and for free, how do I manage them?"

      Hell, Arduino-compatible boards are £3 each on Amazon. You can get a GSM shield for £20, a wireless one for £10, an Ethernet one for £8, and Bluetooth, RFID etc. for a pittance. That's geek-toys sold as commercial units. Imagine what prices the manufacturer's are being offered when they just want a circuit to do a particular job, and what other functionality those same chips offer? And do you think that just because they use a chip that has all those features, and even if they don't properly hook them up, that's it wouldn't be a security risk still?

      The IoT is something that has a natural progression to ubiquitous technology. And it's scary. Because if you're going to pay £1 for a chip that monitors the temperature in your fridge, but that comes with wireless access too, and LCD display drivers, and text-alert functionality (like commercial and medical fridges already do), all for the same price and package size - there's a point at which people will just slap it all on "just because" or forget to turn it off (or not turn it off in case they can licence you that functionality later!). Stopping that isn't going to be possible because of the business case. Managing it as a user is what's critical and needed.

      What we don't have is a way to manage the inevitable. We don't have a way to securely enable/disable functionality, enforce a household policy, make them all talk together, etc. That's what's needed. Pretending that your next tech purchase won't tie into the wireless isn't reflective of reality, however.

  2. Anonymous Coward
    Anonymous Coward

    S.T.A.L.K.E.R. - Shadow of IoT

    "Never mind Pearl Harbor - What about a Cyber Love Canal?"

    Originally in IEEE Security and Privacy, Issue No.02 - Mar.-Apr. (2015 vol.13) pp: 94-98

    A free preprint is apparently available here.

    We read:

    ... imagine a dark version of this world. Every object in the home—and every part of the home—is inhabited by essentially invisible computational boxes that can act on the physical environment. But rather than being helpful, these devices are evil, acting in bizarre, dangerous, or unexpected ways, either chaotically or coordinated in exactly the wrong way. We can’t simply turn these devices off because no one knows where the off switches are. What’s worse is that we don’t even know where the devices are! This vision of dark magic might inspire us to look to horror novels or science fiction for metaphors. However, real life has given us a better metaphor: environmental contamination. We’ve seen buildings contaminated by lead paint and asbestos and rendered uninhabitable by a chemical spill at a nearby dry cleaner, a research lab rendered uninhabitable by toxic mold, and superfund sites called “brownfields” that can’t be built on. In all these cases, technology (usually chemical) intended to make life better somehow backfired and turned suburban utopias into wastelands. ... A cyber Pearl Harbor—a coordinated large-scale attack on our current computational infrastructure—­ would indeed be a bad thing. However, we should also be worried about a “cyber Love Canal”—buildings and neighborhoods, not to mention segments of our cyberinfrastructure, rendered uninhabitable by widespread “infection” and loss of control of the IoT embedded therein. The way we build and deploy devices won’t work at the scale of the envisioned IoT and will backfire, like so many hidden chemical dumps. Continuing down this path will similarly lead to “cyber brownfields.”

    1. Captain DaFt

      Re: S.T.A.L.K.E.R. - Shadow of IoT

      "buildings and neighborhoods, not to mention segments of our cyberinfrastructure, rendered uninhabitable by widespread “infection” and loss of control of the IoT embedded therein."

      "Ah yes, lovely apartment, and the rent's dirt cheap!"

      "But?... "

      "Ah, yes, it does have a persistent cyber presence installed by a previous tenant that's infected the entire place, and no amount of cleaning seems able to exorcise it."

      "... "

      "But don't worry! It's a health app, and it will enforce you on a strict health and fitness regime. Uncomfortable at first, but soon you get resig.. er, used to it, and before you know it, you'll look great at your funeral!"

      "FUNERAL!?!?"

      Ah... It seems its data is a bit out of date, you know how the '25s were... So everyone living here either slowly wastes away, or commits suicide, but... LOOK at these drapes! And the Kitchen has no par! (Shame you'll never get to use it...)"

    2. Headley_Grange Silver badge

      Re: S.T.A.L.K.E.R. - Shadow of IoT

      I'm heading over to Kickstarter to fund research into an EMP device which I can focus to a city block or so. That way I'll be able to "sterilize" the "buildings and neighbourhoods ..... rendered uninhabitable by.... loss of control over the IoT" .

      It will, of course, run only on renewable energy. And I'll paint it green.

      It might also have other uses!

  3. Destroy All Monsters Silver badge
    Flame

    a company with millions of dollars in funding and seeking to protect its intellectual property

    "IP protection" for IoT shit is a no-no. I don't want crap black-box software hidden away in corners that I can't even reach and that have been transformed to festering boils of insecurity because of neglect by the company responsible. Open Source and standardize or just go die in a corner, crap peddler!

  4. Headley_Grange Silver badge

    Tell it to ...

    ...the keyless-entry Range Rover owners who have to resort to a Krooklock (with a shiny metal key) in order to get insurance in London.

    I'll be sticking with my trusty tumblers and a metal key I can hang round my neck, thanks.

    1. BristolBachelor Gold badge

      Re: Tell it to ...

      or the Nest "thermostat" owners who find themselves without heating and hot water for a week or 2 after the clocks change (but it was only in the UK, so not so urgent to fix it).

  5. This post has been deleted by its author

    1. Graham Marsden
      Boffin

      Shouldn't that be in the "Send Corrections" link above?

      1. This post has been deleted by its author

  6. Ole Juul

    This will end badly

    Unless they figure out how to get this internet of things working without electricity it's going to be a disaster eventually. Perhaps I'm the only one who foresees a future of increased power outages and battery shortages? Who knows what things will look like, but depending on continually increased complexity for our "things" is not sustainable. And I don't suppose anybody is working on a wind-up web server for light bulbs - I thought not. The physics of planetary survival is a looming threat.

  7. Patrick R
    Facepalm

    IoT

    It reminds me of this

    https://www.youtube.com/watch?v=_CQA3X-qNgA

  8. Anonymous Coward
    Anonymous Coward

    Industry pushing unwanted tat

    the biggest barrier to adoption for smart-tech is easily understandable and industry-wide policies

    No, the biggest barrier to adoption is that this flaky, costly, unreliable, privacy-busting tat doesn't solve any problem that most people have.

  9. Anonymous Coward
    Anonymous Coward

    He also highlights the fact that all houseowners at some point end up giving a copy of the key to the house to someone else. "And no one knows if they have made a copy."

    I've never given anybody a key to my house. If I did then it would be somebody that I trust completely. I would be safe in the knowledge that they can't make a copy because my keys can only be ordered from the manufacturer and cost more than any thief would want to spend on them.

    I find this preferable to the idea that anyone with an internet connection could find a way to unlock my house remotely.

    On the other hand, it's almost unheard of for thieves to use keys to break into a property. Brute force is the standard method.

  10. Anonymous Coward
    Anonymous Coward

    My insurance company insists that their customers have at least two locks on the front door - except for houses with double-glazed doors and euro locks (watch this video if you have that kind of lock <https://www.youtube.com/watch?v=FqhhXyROxQM> ).

    Even if I fitted an IoT lock, the other lock would still be a regular mechanical one, which completely defeats any benefit of having an IoT lock. There's no point in being able to remotely unlock one of two locks on the door.

  11. Anonymous Coward
    Anonymous Coward

    No thanks

    I don't need IoT on

    My front door lock

    My lightbulbs

    My toilet seat

    My apartment alarm system

    My showerhead

    My fridge and freezer

    My toaster

    My whatever...

    It sounds like a bloody nightmare.

    I am no neo-luddite, but this will be too much.

    1. Lee D Silver badge

      Re: No thanks

      Think feature-creep.

      There are already freezers used in medical cabinets that text when they go out of temperature ranges or lose power. This is a) useful, b) desirable, c) dirt-cheap. It's not hard to see the same benefits for a decent freezer at home. Hell, I've seen water-alarms under washing machines that text the owner and/or cut off the water at the mains to stop a flood.

      The problem is that to get that, you're giving your freezer access to GPRS/GSM networks.

      You can get a GSM-controlled, GPRS-reporting, GPS tracker for a car, with controllable relays to cut off the engine and/or sense that the horn has gone off and text you about it. For £20. On Amazon. Today. Give it a few years and that tech is so cheap that everyone puts it in things to sell to you. And it's hard to argue against a freezer that can text you to tell you that all your frozen meat is about to go off.

      From that point on, everything else is commodity hardware and feature creep.

      1. Headley_Grange Silver badge

        Feature Creep

        I'm fighting a losing battle with the more useful purchased apps on my phone as developers stop supporting the app I've paid for and try to get me to use a "better" version for which they charge a monthly fee. The "better" isn't worth having from my point of view (I don't want anything in the cloud - ever) so I live with the old app until eventually an OS update finally kills the product I paid for.

        If I can make the fridge/camera/boiler/hair straighteners stop working at the flick of a kill switch then I've got a revenue model for white goods and tech stuff. Your fridge will be leased on the basis that you'll get "value" from it telling you that stuff is out of date and you'll have to root it if you don't want it shouting at you every ten minutes to tell you that Tesco has Ben and Gerry's on sale.

        You read it here first.

  12. Anonymous Coward
    Anonymous Coward

    What about lightning strikes?

    Years ago I bought an electronic lock. It worked great until there was a nearby lightning strike. I had to reprogram it to get it to work. I went back to an old fashioned lock after that.

  13. Oldfogey

    Won't somebody think of the non-geeks?

    I have a friend with Down's Syndrome, who nevertheless makes quite a bit of use of computers (even though se can neither read or write).

    Recently she was visiting relatives who had an iPad, took to it, and was bought one.

    In order toget the apps she needed (games, iPlayer etc.) it was programmed with the same Apple Id as her relative.

    All was well until the relative found that documents she had created on her ipad were vanishing. And this is where the low level of understanding behind computing is causing problems.

    You write your document on the ipad. It is automatically (and by default) synchronised with the cloud. Your Downs relative starts up their ipad later, and, being the same account, it synchonises and downloads the document. Relative looks at this, doesn't know what it is, so deletes it. The deletion is then (automatically) done on the cloud, and this is finally synchonised the the original ipad.

    The reason that this happens is that the users had no idea that the cloud synchronisation was happening - it was built in - and no idea how to get out of the situation.

    Now one can see how easily things can go wrong with iot leaving open security holes, default passwords, whatever, that the users will know nothing about. How many people have a password on their smartphone? How many would put a password on their door opening app?

  14. MasterofDisaster

    Industrial IoT leads, not consumer

    I'm also at IoT World, and to correct the mis-perception of this article there is a lot going on in "industrial IoT" that is real-world and meaningful. Easy to point to the consumer side and say it is not ready, but a lot of enterprise needs are being met better through industrial IoT, and there are real-life examples. Shouldn't El Reg focus more on that, than the less-developed consumer side?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like