back to article Smart bulbs turn dumb: Lights out for Philips as Hue API goes dark

Philips' Hue smart-home lighting has had an embarrassing outage with its API going offline for four hours on Thursday, preventing customers from accessing the system remotely. On the same day that the company launched its new service – where its lights will respond automatically to streaming music and games – the system died …

  1. DJV Silver badge

    Internet of Fail

    The IoF strikes again!

    1. Anonymous Coward
      Anonymous Coward

      Re: Internet of Fail

      IoF sure... But the best IoT-nickname-prize should go to Eugene Kaspersky who nailed it years ago with - 'Internet of Threats'...

      ---------------

      www.theregister.co.uk/2015/06/25/we_need_to_know_about_the_internet_of_things_say_us_senators/

  2. ashdav

    IoT

    They're just toys.

    Move along. Nothing to see here.

  3. Mark 85

    So the smart bulbs are really dim bulbs after all.

    1. Anonymous Coward
      Anonymous Coward

      More the people who buy anything that needs an external, uncontrolled party to make it all work..

      1. john.jones.name
        WTF?

        it went very wrong

        I use hue lightbulbs and frankly they have been pretty awesome

        thankfully if your on the same LAN segment or have a remote you can control them without the magical intermawebs

        to be honest with a architecture like this what could possibly go wrong

        https://twitter.com/internetofshit/status/986540999047630849

        so in truth they are useable without the internet connection and thats how all "IOT" things should work its the other end they screwed up...

        1. Anonymous Coward
          Anonymous Coward

          Re: it went very wrong

          Seconded. I love my hue bulbs.

          1. R 11

            Re: it went very wrong

            It's a bit strange that the author couldn't think of one reason to control hue remotely?

            How about you've been delayed getting home. You want the light on for your pet dog so they're not sitting in the dark for two hours? Or you've decided to stay at a "friend's" house overnight, but you want a light on for a couple of hours in the evening so it looks like your home is occupied? Or your parents called to say they're coming over, but they'll be at the house before you and you don't want them going into a dark house?

            There's three reasonable use cases that took me about thirty seconds to come up with. I'm sure others have plenty more.

            1. GSTZ

              Re: 3 stupid reasons for light control via the Internet

              Okay, also many grown-up people like to toy around with technology, a few decades ago model trains were quite popular. But anyone toying around with "smart home" stuff somewhat reasonably would find ways to set up some (maybe even random) lighting scheme without having to connect to the Internet. That would perfectly cover the first two "use cases". And the third case (parents coming to your home before you arrive) implies that you believe your parents are not able to find and operate the light switch on the wall. Assuming that you were clever enough to install standard wall switches too (if only as a fallback option in case your smartphone's battery is depleted), this would raise some questions ...

  4. SVV

    Smart lighting system fails

    A Philips spokesman later said, "Apologies to our user for any inconvemiemce suffered".

  5. vir

    What A Time To Be Alive

    At least local manual control was unaffected which is...a good thing I guess.

    Progress.

    1. AdamWill

      Re: What A Time To Be Alive

      yeah, in a funny way this is kind of a *good* news story: at least they didn't design it so stupidly that it sends all your local requests to the internet Just Cuz, thus leaking unnecessary information *and* ensuring local control would go down in a scenario like this.

      Low bar, I know! But I suspect at least some IoS products wouldn't clear it...

      1. Adrian 4

        Re: What A Time To Be Alive

        It's partially good design in having local control (does Nest have that ? I''m not sure). But it's bad (read : venal, customer always comes last) to tie the remote service into a single point of failure.

        Of course, most customers want it in a box and no thinking. I'm sure Philip's have done a reasonable job on that or they'd be on the remainder shelves already. And they're not : I tried to get one in the Maplin firesale but they all went before they'd dropped to retail price. So they're an attractive item, for whatever reason.

        A reasonably professional IoT device though would have :

        1. Default fully-local control (not set it up on the net then fallback to local. Full.)

        2. A provisioned service from the manufacturer, secure, reasonably reliable, easy to use. 'Free', paid, whatever as long as it's clear upfront. Points off for 'free for the first year'.

        3. The option to move the remote control from the manufacturers' service to another, whether your own or a 3rd party. Documented, secure, no opt-out cost. Possible even if the manufacturer's servers fall offline one day and never return.

        I don't honestly know whether Phipps or Nest offer that (I wanted a bargain offer to find out!) but anything less than that is just junk or, worse, a scam that deserves the full scorn of the anti-IoT peanut gallery.

        There have been a few people doing studies of IoT devices with an interest in security. They don't generally do a good job of also evaluating threat models, they're more interested in the publicity of 'I found a hole'. But it seems to me that such a review should also examine business models.

        Update : just saw MartinB105's post. Philips appear to be pretty close to the above. ++

  6. Anonymous Coward
    Anonymous Coward

    We can't really think of any good reasons why remote control of Hue lights would be useful.

    Annoying your cat while you are out?

    1. beep54

      Amusing, but I don't think I could annoy my cats in that way. They'd just leave if it bothered them.

    2. Adam 1

      Wait! If you're telling me that they have a laser pointer attachment, I'll become an IoT evangelist.

      1. I ain't Spartacus Gold badge
        Flame

        Hmmm. A laser pointer built into your home, that can be remotely controlled by the internet. What could possibly go wrong?

        My Eyes!!!!

  7. vtcodger Silver badge

    Perhaps a bit off topic, but why smart light bulbs instead of smart light fixtures that work with any old bulb? Not that either seems to me to have all that much utility.

    1. Anonymous Coward
      Facepalm

      Fixtures?

      Fixtures need to meet actual safety standards and be useful I assume.

      1. JohnFen

        Re: Fixtures?

        So do light bulbs. If your house burns down and the insurance people discover that you've been using light bulbs that lacked adequate certifications, guess who won't be getting an insurance payout?

    2. Borg.King

      Perhaps a bit off topic, but why smart light bulbs instead of smart light fixtures that work with any old bulb? Not that either seems to me to have all that much utility.

      Good idea mostly, except it's more work to take them with you when you move, and they're not readily installable by the average homeowner.

      I'd trust my mother to install a light bulb without electrocuting herself, but less so to change a light fitting.

      1. handleoclast

        I'd trust my mother to install a light bulb without electrocuting herself, but less so to change a light fitting.

        There's an easy mistake to make if you change a light fitting without knowing what you're doing. Explained in this examination of a failed light switch.

    3. Phil Kingston

      The ability to set specific colours, brightness, not just on/off

      1. Neil Barnes Silver badge

        The ability to set specific colours, brightness, not just on/off

        I just don't know how I've lived sixty years without that capability. And yet, in all that time, I can't *ever* recall a mechanical switch failing.

        </click>

        1. Anonymous Coward
          Anonymous Coward

          Old mechanical switches are unlikely to fail as such, but the contacts can get very worn and that can lead to arcing which could cause premature lightbulb failure.

        2. Adrian 4

          You can even do that with a gas or oil lamp. No need for pesky unreliable mains services.Get orff my lawn.

          Everyone has their own choice of a tradeoff between convenience, complexity and risk. You make yours and I'll make mine. Fwiw, that means mechanical switches for me too at the moment too, but there are some cases where I'd be glad of a different method provided it met various criteria.

          I'm getting bored with the anti-ioters. Nobody makes you use the things. Some of them (most of them ?) have flaws. So what ? Fix them, or ditch them, or push for something better and move on. But don't tell me what I should think. I can do that myself, thank you.

        3. sweh

          I'm only 50, and I've seen failed switches. Admittedly that's in America, where I find the whole electrical setup to be scarily bad, compared to what I grew up with in England :-)

      2. Suricou Raven

        You used to be able to do brightness control with a phase-chopper circuit, commonly known as a 'dimmer switch.'

        Then CFLs and LEDs came along. LEDs are dimmable too, but they require a completely different type of brightness control circuit that isn't compatible.

    4. Suricou Raven

      Installation issues. Few potential customers are willing to work on their own house electrical system, and paying an electrician to come and install it is expensive and inconvenient - that would greatly reduce the appeal of the product. Changing a light bulb is something that anyone can do, and feel comfortable in their ability to do.

      1. Martin-73 Silver badge

        electrician is expensive.... so are hue bulbs. 44 quid a pop for the oversized* gu10 ones

        *oversized to the point they don't actually fit most fire or IP rated downlighters.

    5. gnasher729 Silver badge

      Why smart bulbs? Even the cheapest Hue bulbs all support dimming. For that you need a dimmer switch, and bulbs that support dimming (LED dimmable lights are not that cheap). The next more expensive ones change the light temperature, and the expensive ones change their colour. Doing more than just on/off with smart fixtures would be difficult.

      And fixtures would need to be connected to the cabling in your home which is work for an electrician, while Hue bulbs are just screwed in.

    6. Gerhard Mack

      You can change the colour as well. My flatmate loaned me a pair of bulbs that I have set to mimic a sunrise in the morning. I find it much better than an audible alarm for waking up in the morning.

    7. Anonymous Coward
      Anonymous Coward

      "Perhaps a bit off topic, but why smart light bulbs instead of smart light fixtures that work with any old bulb?"

      Next you be suggesting that printer cartridges should work in any printer. Crazy thinking!

      1. I ain't Spartacus Gold badge

        What? Printers sometimes work? Lies! It's lies I tell you!

    8. sweh

      Expandability, flexibility, ease of installation.

      Maybe the bulb of tomorrow will have a built-in Alexa. Or infrared sensors so they form part of your alarm system. Or speakers. Or motion control (think Kinect on steroids). Or...?

    9. Anonymous Coward
      Anonymous Coward

      Although I do love my Hue bulbs, it would be great if I could upgrade all my non-hue rooms with a hue compatible switch ( with an optional trailing edge dimmer, why not ).

      Hue uses Zigbee, so could it be tricked into supporting the switches as though they are bulbs?

      Edit: it seems they are coming this year: https://huehomelighting.com/hue-compatible-light-switches-coming-this-year/

  8. Tired and grumpy

    And you would want to control the lighting in your house while not actually at home because...?

    Don't people actually have anything to do with their time these days?

    1. Grikath

      Usually to dissuade the local usual suspects from a quiet visit when they've a feeling you're away for an extended time.

      Plenty of homebuild solutions printed in the golden days of electronics mags...

      1. Claverhouse Silver badge

        Grikath

        Usually to dissuade the local usual suspects from a quiet visit when they've a feeling you're away for an extended time.

        Plenty of homebuild solutions printed in the golden days of electronics mags...

        And in 18th/19th century Britain, before a Tyrannical Government brought in Nanny State laws to stop the Right To Bear Spring-Guns there were other options...

      2. MonkeyCee

        Burglar prevention

        "Usually to dissuade the local usual suspects from a quiet visit when they've a feeling you're away for an extended time."

        So all the other clues about you being away will be there, but the lights are on, so they'll just jog on?

        If the car hasn't moved, bins not put out or any of the many other things that indicate someone is on holiday, then your typical half brained scrote will perform some cunning ruse to ascertain whether you're home, such as ringing your doorbell.

        Plus the fact that night time burglaries are very risky, since neighbors are ore likely to be home. Whereas rocking up in daytime with a moving van, wearing overalls (clipboard optional) means that even the cops will ignore you.

        My security measures are mainly not having anything worth nicking versus the hassle of getting in, combined with being on good terms with the local pot growers, who are around at all hours, and tend to keep an eye out for suspicious activity :)

    2. Anonymous Coward
      Anonymous Coward

      Don't people actually have anything to do with their time these days?

      Not if they're milennials, no.

  9. elvisimprsntr

    You are holding it wrong.

  10. Ken Hagan Gold badge

    Voice control should be local

    If you must have voice control, it really needs to be done in the device or at least within the LAN. Farming it off to the internet creates problems with both security and reliability. I presume I'm preaching to the converted here, but I wonder how long it will take for the wider world to realise this.

    1. Will Godfrey Silver badge
      Unhappy

      Re: Voice control should be local

      Don't hold your breath

      1. Stoneshop
        Holmes

        Re: Voice control should be local

        Don't hold your breath

        A prerequisite for using voice control, actually.

  11. Why Not?

    unfortunately users need the internet to decode your mutterings.

    The difficulty is that the bean counters don't need the internet to decode your mutterings.

  12. Borg.King

    We can't really think of any good reasons why remote control of Hue lights would be useful.

    It's really useful if you have a long overgrown pathway to your house, and you're coming home late. Turning on the outside lights so you can see the nefarious rascal about to jump you and make off with the remains of your kebab.

    Why they never realize that they can make off with your very expensive Hue lights instead is beyond me.

    1. JohnFen

      "Why they never realize that they can make off with your very expensive Hue lights instead is beyond me."

      I'm guessing that Hue lights have very little resale value.

    2. Pascal Monett Silver badge

      Re: "a long overgrown pathway to your house, and you're coming home late"

      There's already a solution to that, it's called a movement detector. Place it near your light looking down and the overgrowth will not keep it from detecting you and turning on the light.

      Why people absolutely have to go with the least secure bit of shiny instead of using proven tech that is safe is beyond me.

      1. Stoneshop
        Facepalm

        Re: "a long overgrown pathway to your house, and you're coming home late"

        There's already a solution to that, it's called a movement detector. Place it near your light looking down and the overgrowth will not keep it from detecting you and turning on the light.

        Or, if you're dealing with a pathway of which only a part is in the detector's field: a conventional RF remote control on your keyring, or if you want to get fancy, fitted to the garden gate.

        1. DiViDeD

          Re: "a long overgrown pathway to your house, and you're coming home late"

          .. or, as you can with most cars these days, park so the 'follow me home' lights illuminate the pathway (and learn to walk fast if you haven't figured out how to adjust the timing yet)

          On the Hue note, I have LED light fixtures manufactured by some 'Happy Electrics Corporation' in China. They have a short range remote (actually many of them, but each works on any light inside or out) which allows you to switch the lights on and off, dim them, and set them to any one of (so they claim!) 16 MEELLION colours, as well as a relatively efficient dimmer function and various hideous colour changing 'pulse' modes.

          Dirt cheap, and no infernalnet connection required.

          Of course, I can completely understand that being unable to switch your kitchen light on and change it from white to blue while you're on holiday in the Cocos islands could be a major problem for .. .. fucking NOBODY.

  13. JohnFen

    Naturally

    If you're relying on third party services for something to work, you need to expect that it will randomly fail to work. Oh, and it'll be hacked.

    This is the thing that makes the current view of IoT unbelievably stupid -- their reliance on third party services. It's not technically necessary, and give little benefit to the end user. It's only required to allow companies to engage in ever-more data mining.

    1. Phil Kingston

      Re: Naturally

      Third party? Are Philips farming out their voice-recognition?

      1. JohnFen

        Re: Naturally

        By "third party" I mean an entity outside of yourself and the device in question. Philips counts.

  14. Rustbucket

    They were initially in the dark as to the cause of the problem.

  15. MatsSvensson

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.

    1. Suricou Raven

      The bulb has only one channel of communication in the event of network failure by which it could show an error code. Blink codes. It'll be the old BIOS-beep thing all over again.

      One short, two long, one short, pause... Ok, that means... incorrect supply voltage? Oh, no, that's the reference book for the Amazon brand, this is a Phillips brand. Which means the code means... it's not on the chart! Or is this chart for the first revision? No, they changed the codes on bulbs after 2021, so... got it. One short, two long, one short, pause means "Unspecified error." Screw that, I'm getting an old-fashioned manual bulb.

      1. Dan 55 Silver badge

        How do debug your Philips lightbulbs

        Who on earth would think this is any way an improvement?

        1. DiViDeD

          Re: How to debug your lightbulbs

          Holy Flying Scotsmen, Batman! that is one of the weirdest articles I've ever read.

          - type in the serial numbers of your lightbulbs

          - remove all your dimmer switches

          - reset your configuration and start again

          - give the lightbulb full access to internet, sms, contacts, location and breakfast menu

          - sign out of your iCloud account

          - be careful not to delete all your contacts

          - sign back in to your iCloud account

          This is how a lightbulb install/debug/operation should go:

          screw bulb into fixture

          switch on (at wall or via remote)

          Of course, it means your lightbulb can't try to sell you shit, but sometimes you have to take the smooth with the even smoother.

  16. scrubber

    Nothing to see here...

    Joking aside, I'm sure these types of issues have all been worked out before any government would even consider mandating the installation of 'smart' meters in people's homes to control energy consumption, right?

    1. Fruit and Nutcase Silver badge
      Coat

      Re: Nothing to see here...

      @scrubber

      Sorry, there are two words in your statement that are mutually exclusive...

      "government" and "smart"

    2. This post has been deleted by its author

  17. MartinB105

    No problems here

    I have Hue bulbs throughout my entire house (around 20 in total) and I never noticed any problems.

    But then why would I need to control my lights from outside my home?

    Aside from that, the Hue Bridge runs a local web server that lets any web capable client application control the lights, and the documentation for the Hue web API is fully available to customers, and its not very difficult to understand.

    So literally anyone can develop software to control Hue bulbs using any web-capable technology of their choice, which means someone could easily make Hue bulbs work remotely without relying on the Philips online service.

    I have to give credit to Philips for being so open with the Hue system; I don't know many device manufacturers who make their systems as open as Hue is.

    An outage of a service that is little more than a bonus periphery feature of the system isn't going to change my opinion that Hue is a great system.

  18. bishbut13

    If anything is able to go wrong it will said by a wise man years ago and as been proved right every day ever since. Moaners please take note and think before complaining

  19. NanoMeter

    I'm a Light Bulb Luddite

    I prefer the unconnected light bulbs.

    1. Stoneshop
      Flame

      Re: I'm a Light Bulb Luddite

      I prefer the unconnected light bulbs.

      You mean candles?

  20. jelabarre59

    Simon hacked it

    Are they sure it wasn't Simon Phoenix hacking the system to use different key words?

  21. Adrian 4

    Insecure

    I've discovered a huge vulnerability in TV sets from almost every manufacturer. Apparently they use an unencrypted, openly known (and often documented) broadcast method to control them.

    You could be subject to sniffing attacks that determine your choice of TV viewing, traffic and content analysis that determines which of your family is near that TV, remote command attacks that could change channel and influence you politically or present a fake channel instead of one you thought you chose. Selection of paid content while you're not present. Denial of service.

    All this with just line-of-sight access to your window : no need to tap infrastructure, you can do it from a van in the road,. a handheld appliance from across the street, or a laser from the next block of flats.Cost of entry is low using arduino-level hardware. Cheap products have been on the market for years to facilitate some attacks. For extra fun and on-topicness, I can imagine a remote attack via a compromised light bulb. PoC needed.

    ps. I don't watch TV any more and never leave it in standby if my partner uses it. So I don't care. Perhaps you don't either. I made this post because you don't have to be on the internet to be a victim of remote control device takeover. Moaning about IoT failures like they're a new thing and the result of people using unnecessary technology is valid, but 50 years too late.

  22. Anonymous Coward
    Anonymous Coward

    The guy who is responsible for this

    is like, oh god, kill me now.

    Then, moments later

    No, Alexa, noooooooo

  23. Neoc

    Standards

    I am old enough to remember the Bad Old Days(tm) of networks (both corporate and home), when you had to check and double-check that the network card you were adding to your network would work with (a) the other network cards; and (b) your switch/router/whatever.

    Now, we have standards and unless you are very unlucky, WiFi and cabled PCs will quite happily interact with each other and your network equipment (security settings notwithstanding).

    That's what the IoT needs: an IoT "router" that sits on your network and interacts with your IoT shit and, WHEN ABSOLUTELY REQUIRED, talks to the internet. Of course, this would mean that IoT management needs to be standardised - which no company will want to do unless someone like the IEEE steps in.

    1. Anonymous Coward
      Anonymous Coward

      Re: Standards

      Hue uses an open standard - Zigbee.

  24. FuzzyWuzzys

    I'm guessing some bellend at Philips tech screwed up the AWS Route 53 config and broke all their customers toys!

    Sure I have remote controlled lights in a few rooms but they're Bluetooth controlled locally in the house, useful for when you and the Missus are cuddled up on the sofa and you don't want to get up they can be useful to turn down the lights. You get into bed and forgot to switch off the lights downstairs whip out the phone and switch them off remotely. Useful when you get early in the morning and my lights are timed come on so I don't trip arse over tit, over the fecking cat in the dark some mornings! However they're a simple convinience, not life and death and I could live without them if pushed, I managed for many years before. I most certainly have no interest in conntecting my house lights via a remote server hosted on AWS or Google Cloud.

  25. wobbly1

    A quick look at the early commercial IoT devices made it a no brainer to design and build my own. As person living with disabilities , it is easier for me to have one way traffic with the Internet. Data only comes from , never to the wider network. Even so, the overwhelming number of failures with a sh!t-ton of work around codes is with that minor part of the system. For example, I use an open weather API for some meteorological observations not possible from my 2nd floor flat. The api return is carefully evaluated for nasites before use I run servers here mostly on raspberry pi3,the price makes having a server per pi cheap and easy. , but for the heavy lifting and speedier communications a rock 64 SBC.

    Kit communicating with remote backends unnecessarily is the problem rather than the technology itself. Those dangers exist in all communications with the wider net. In the main this is to benefit of the producer , rather than the end user. Determining the lifestyle of an individual from their habits is an easy task for machine learning . Some monitoring systems for confused and frail rely on this to alert possible problems with an individual's health. The main use is to profile people advertisers are interested in. opting out is not an option if the device is calling home continuously.

  26. 0laf
    Big Brother

    If it gets to the point where I can't switch on a light in my house without a bloody internet connection I've gone very badly wrong indeed.

    Current IOT count in my house = 0

    Yes I told them to shove their smart meters too.

    1. Anonymous Coward
      Anonymous Coward

      They still work over wifi without the internet connection.

  27. Fatman
    FAIL

    Lost Internet connectivity....

    <quote> the one big factor preventing a broader update of smart home products is the concern that their connection to the larger internet opens the system up to potential hacking, or unexpected problems.</quote>

    NO SHIT, Sherlock!!!!

    1. I ain't Spartacus Gold badge

      Re: Lost Internet connectivity....

      It ain't just the hackers you need to worry about. If you go with Nest, then you've invited Google into your life. Now, to be fair to them, they may hoover up your data like nobody's business, but at least they mostly haven't given it away to everyone. Unlike Facebook, who seem to have all the data-security abilties of my Mum. Actually that might be unfair to Mum...

      Phillips probably aren't as interested in tracking your personal habits, but you have to worry if they plan to sell that data to someone who does.

  28. sweh
    Big Brother

    Google Cloud

    I've been messing around with a Hues Emulator; a python script that runs on a VM and pretends to have light bulbs attached. The Alexa device detects these and adds them. Now when I use voice control I see a connection from the Echo (oddly, not the one I'm speaking to but another one in another room!) to the emulator. So Alexa voice control appears to be local (once it's been sent to Amazon for processing, of course).

    For "out of home" connections, the Hue Bridge makes an outgoing persistent connection to a Hues website. My router conntrack is telling me it is currently connected to 104.155.18.91 - which is "....bc.googleusercontent.com" and has a certificate for ws.meethue.com (signed by some Philips intermediate) - I'm guessing a websockets layer.

    Given this is google cloud compute, it's likely Philips pushed bad code...

  29. Bradwalk

    I used smart light bulbs, but they disappointed me. Try LEDs light instead.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like