back to article Yale Security Fail: 'Unexpected load' caused systems to crash, whacked our Smart Living Home app

An unspecified and “unexpected load” on its infrastructure broke the Smart Living Home app for a day, an apologetic Yale Security UK confirmed to customers yesterday - however the smell of failure still lingers today. A broken front door Yale Weds: Just some system maintenance, nothing to worry about. Yale Thurs: Nobody's …

  1. Version 1.0 Silver badge
    FAIL

    The "Smart Home" crashed?

    Why the surprise and outrage? When you shift everything into the cloud (extra "f" added for politeness) then it would be amazing if you don't have occasional outages like this. The real failure was not the "unexpected load" but simply the unanticipated absence of service in the app - but it's an app so that's normal too.

    Welcome to the 21st century - there's more to come...

    1. Dan 55 Silver badge

      Re: The "Smart Home" crashed?

      They designed it wrong, the app should work on the LAN with cloud for those who really must control things outside their house (if they enable the feature first).

      So far I think only Ikea's done this.

      Also, what does "unexpected load" mean? DDoS?

      1. Anonymous Coward
        Anonymous Coward

        Re: The "Smart Home" crashed?

        An "unexpected load" is when you put the tape in labelled jet set willy but end up with chuckie egg.

      2. RegGuy1 Silver badge

        Also, what does "unexpected load" mean? DDoS?

        "unexpected load of shit"

        It's just the end got cut off (when really someone should cut off their end).

      3. DCFusor

        Re: The "Smart Home" crashed?

        Been saying - and doing - this for years, Dan. I've built a "LAN of things" for my off-grid homestead to automate what I can here - and it's never been on the internet at all. It controls things like the solar power system, the backup generators, heaters (plumbing/freezing), water collection and purification, general status reporting to database and CGIs for realtime status display and control, video cameras (nice game shots here in the wild) and whatever else I can do with some pi's, odroids, and ESPs.

        (detailed on my sci/tech forums which I won't pimp here)

        It's great and pretty reliable, but nothing is perfect, so of course, having watched the aliens on Star Trek take over the computers - only a plot device for them...there are manual backups. But saving having to go turn valves and unbolt access panels in nasty weather most of the time is valuable.

        As far as I can see the only reason to put ANY of this on the internet is to slurp data in an even more blatant (but probably less effective?) way than the big outfits known for this. It can be pretty intimate - my barometers all show every time a door is opened or shut, water flow shows a flush...and so on.

        So it's all for profit - and not yours. How many people really NEED to do anything with their home from away? How did they manage without it only a few years ago? People need to be asking themselves....

      4. tiggity Silver badge

        Re: The "Smart Home" crashed?

        @ Dan 55

        unexpected load - someone accidentally jizzed on their cloudy servers when doing some one handed web browsing?

    2. J. R. Hartley

      Re: The "Smart Home" crashed?

      What could possibly go wrong.

      1. Black Betty

        Re: The "Smart Home" crashed?

        Danny Dunn saw this coming the year of my birth,

        1. jake Silver badge

          Re: The "Smart Home" crashed?

          Just wait, it'll get worse:

          "I'm afraid I can't do that, Dave."

          1. Anonymous Coward
            Anonymous Coward

            Re: The "Smart Home" crashed?

            Just avoid any "Smart" Home system that has an AE35 unit for comms.

            1. what-where-when

              Re: The "Smart Home" crashed?

              "Just avoid any "Smart" Home system"

              There, I've fixed it for you :-)

    3. IceC0ld

      Re: The "Smart Home" crashed?

      Welcome to the 21st century - there's more to come...

      ===

      or not, dependant on if its crashed or not ..............

  2. Flakk
    Trollface

    Smart Living Home app

    The snark writes itself.

  3. Dan 55 Silver badge
  4. Anonymous Coward
    Anonymous Coward

    No monitoring fee

    How long do you get service if there's no cost for it? (when it's working)

    Is that viable?

    Is it a ponzi scheme where your continued service depends on new marks splashing the cash for a connected alarm that's used to fund the service for existing customers?

    1. Warm Braw

      Re: No monitoring fee

      How long do you get service if there's no cost for it?

      For the lifetime of the product. If you ensure the product dies when you take away the service, that need not be very long.

  5. Steve Davies 3 Silver badge

    Let this be a lesson

    for anyone even daring to think about using IoT for this sort of thing.

    All it needs is a heavy footed JCB operator and you are locked out of your home possibly for days.

    All your data could be gone forever.

    As I've said before, in the main, IoT is an answer waiting for a sensible question.

    1. Robert Helpmann??
      Devil

      Re: Let this be a lesson

      ...IoT is an answer waiting for a sensible question.

      What is the best way to fill your life with utter crap?

    2. JohnFen

      Re: Let this be a lesson

      "and you are locked out of your home possibly for days."

      Your point is solid generally, but when it comes to being locked out of your home for days, that won't happen as long as you have an outside window you can break.

    3. lglethal Silver badge
      Joke

      Re: Let this be a lesson

      ...IoT is an answer waiting for a sensible question.

      How about "how to transfer money from someone's pocket into the pocket of a slimy snake oil salesman's in the modern world?"

      1. Claptrap314 Silver badge

        Re: Let this be a lesson

        I think ICOs still have that one...

    4. Waseem Alkurdi

      Re: Let this be a lesson

      IoT is an answer waiting for a sensible question.

      How to get free rides on your local university campus' dockless bike ride-share system with bikes secured with BT LE and a crappy mobile app?

    5. Dazed and Confused

      Re: Let this be a lesson

      All it needs is a heavy footed JCB operator and you are locked out of your home possibly for days.

      Well when I couldn't talk to the alarm over the interweb I just used the keypad.

      Pain in the arse, YES, but not like not being able to do stuff.

    6. Anonymous Coward
      Gimp

      Re: Let this be a lesson

      "for anyone even daring to think about using IoT for this sort of thing."

      Depends on how you do your IoT. I am spending months deploying IoT at home, each step building on the last and tested. My "hub" is Home Assistant running on a Lenovo Thinkcentre (which is properly designed to live in harsh environments). It is backed up and is on a UPS and ethernet connected. I also have a standby VM, just in case. https with a Lets Encrypt cert. and HA Proxy on the front (pfSense router). I have multiple VLANs, host firewalls deployed etc. I maintain my home network to as near to PCI DSS as is possible (yes, really! I'm CREST accredited and do ISO 9001 and 27001 at work) One other design requirement is that everything fails safe and/or has a manual control where applicable.

      This lot has to be signed off by wifey ...

      1. DCFusor

        Re: Let this be a lesson

        Yeah, gerdesj - see my post above. Roll your own and it might be fine...otherwise you're the product; that's getting tired, but what else to call this crap?

        The question of who should be liable for software failures occasionally comes up on Bruce Schneieir's security blog...

        MS would have gone bankrupt long since even if it was a nickle per incident. Systems failure - the big things like airplanes have laws in place...Self driving cars are going to get interesting. IoT is yet another place the question is too open.

        Seems like consumers should demand something other than a handwaving warranty that doesn't cover anything. I resist saying there should be a law, as that hardly ever ends well.

      2. elaar

        Re: Let this be a lesson

        That's a lot of power being used there...

      3. DropBear

        Re: Let this be a lesson

        @gerdesj I find your exquisite rigour and attention to detail immensely, uh... entertaining, considering that in my experience Home Assistant on its own regularly and gleefully breaks absolutely everything seven ways to hell simply by applying its latest version (at least as far as z-wave devices are involved - I have no idea what _you_ have and whether that fares better or actually worse, considering the fundamental issue is not technical but one of HA dev attitude).

    7. Anonymous Coward
      Anonymous Coward

      Re: IoT is the answer

      The question was "How do we fool people into giving us total control of their lives and then cutting them off from it?"

  6. mickaroo

    I am so confused...

    Will someone remind me again why connecting your whole home to some nameless, faceless smartphone app is a good idea?

    1. Anonymous Coward
      Anonymous Coward

      connecting your whole home to some nameless, faceless smartphone app is a good idea?

      AirBnB, innit. It's disruptive.

  7. cNova

    An unexpected load killed my keyboard...

    ...and my smart bidet died so I wasn't able to wipe my own ass all day.

    1. This post has been deleted by its author

    2. Inventor of the Marmite Laser Silver badge

      Re: An unexpected load killed my keyboard...

      You should try a bidet with a spin cycle!

      Wheee!

  8. Claptrap314 Silver badge
    FAIL

    Unexpected load? Really?

    This is EXACTLY the sort of business that should be on GCP or AWS. Properly configured, the worst a customer will see is a long response time. Even if they screw up & do a thundering herd, autoscaling will prevent actual outages. (And if they do a rolling deploy, they will realize the thundering herd LONG before it takes their systems down.) Straight up failure to apply basic SRE principles.

    If it is DDOS, the route to mitigation is already quite well known. Again, straight up fail.

    1. Anonymous Coward
      Anonymous Coward

      Re: Unexpected load? Really?

      I can think of a number of causes for “unexpected load” and only some of them relate to a lack of hardware or bandwidth capacity.

      TSB could have released a similar statement earlier this year.

      Or a less PR savvy “everything is f*****......”

      The difference is one is a regulated bank and the other is some company that you have trusted with your physical property security with not much to back that up.

    2. Doctor Syntax Silver badge

      Re: Unexpected load? Really?

      "Properly configured, the worst a customer will see is a long response time."

      Properly configured a customer should not even need someone else's computer unless they need access to the system when they're our of range of their own WiFi. And, just in case the WiFi goes down, if they're at home they should be able to do whatever's needed through the control panel.

      1. Mark 85

        Re: Unexpected load? Really?

        And, just in case the WiFi goes down, if they're at home they should be able to do whatever's needed through the control panel.

        One power outage and the control panel is useless. What's wrong with just having a key lock? Or at least a physical key to unlock the wonderous computer controlled lock?

        1. Captain Scarlet Silver badge
          Paris Hilton

          Re: Unexpected load? Really?

          Its not fancy enough.

          Thankfully I have experience enough with people telling me I am panaoid and things like Alexa can't be hacked (When really I see no point wasting money on it and would rather not spend an evening telling a stupid speaker to Meow).

        2. DropBear
          Devil

          Re: Unexpected load? Really?

          "Or at least a physical key to unlock the wonderous computer controlled lock?"

          I can only speculate, but I have a suspicion that it's a market-imposed constraint; playing the devil's advocate, I assume slapping a convenience electronic control module on top of a conventional key-based lock may simply not be a convincing value proposition for the average punter who looks at it and goes "I want an e-lock to ditch my keys, not to need to keep them on top of one more nuisance to configure and manage!"

          PS - You don't actually need your keys - I haven't looked at this particular lock but I do have a Yale smartlock on my desk, and it should be unlockable via its keypad (or RF fob); also, it does not depend on the mains as it's battery powered (also operable with an external 9V battery if you let the internal ones go flat).

          1. jake Silver badge

            Re: Unexpected load? Really?

            "also operable with an external 9V battery if you let the internal ones go flat"

            So now, instead of keys, I carry a (hopefully working) 9V battery? No thank you. I'll stick with keys.

            1. DropBear

              Re: Unexpected load? Really?

              "So now, instead of keys, I carry a (hopefully working) 9V battery?"

              Are you in the habit of not only not minding to change batteries in battery-operated gear (no more than maybe once or twice a year) but also of disregarding its warnings that it's going flat if you let it? If yes, then yeah absolutely, you more than deserve to have to carry a 9V battery around. For normal people, it's merely an extra safety feature that they never should come to need to use.

              1. jake Silver badge

                Re: Unexpected load? Really?

                Regardless, I'll stick to keys. Fewer things to go wrong ... and a hell of a lot less expensive. Win-win.

                1. DropBear

                  Re: Unexpected load? Really?

                  That's ok, so do I - although ever since I started watching lock-picking stuff on Youtube I feel an irresistible urge to ROFL any time I look at a key. They are definitely far cheaper than any of these smart locks though...

                  1. jake Silver badge

                    Re: Unexpected load? Really?

                    No need to laugh at locks ... they exist to stop crimes of opportunity, and work quite nicely for that ... However, be aware that if a criminal chooses to bust into your home, a brick through the window next to your front door will work quite nicely, the lock isn't even going to slow them down.

                    1. DropBear

                      Re: Unexpected load? Really?

                      Well, they'll also need a long ladder for that... :))) Blocks of flats do have _some_ advantages....

                  2. JohnFen

                    Re: Unexpected load? Really?

                    As a hobbyist lock-picker of many years, I know what you mean. However, the majority of electronic locks that I've had the opportunity to play with haven't posed any greater difficulties than the average consumer-level physical lock.

        3. JohnFen

          Re: Unexpected load? Really?

          "What's wrong with just having a key lock?"

          Yup. The first rule of automating anything is "always have a manual override."

          1. Claptrap314 Silver badge
            Trollface

            Re: Unexpected load? Really?

            Oh, come on! Everyone knows that manual override never works!

  9. Jay Lenovo
    Joke

    Rather "Dumb" Living Home App

    "Unexpected Load"....Phooey!

    I imagine the folks at Yale must have a lot of children too.

  10. Anonymous Coward
    Anonymous Coward

    "Unexpected Load"

    I'm pretty sure that's how I was conceived.

    (At least that's what I was told during a heated argument with my father when I was a teen )

  11. Anonymous Coward
    Anonymous Coward

    Android

    There's your problem right there.

    1. Anonymous Coward
      Anonymous Coward

      Re: Android

      Sadly Im only allowed 1 downvote

  12. Lomax
    Thumb Down

    IdIoTs.

  13. TwistedPsycho

    my husband and I just spent 20 minutes at 3am trying to disable the alarm

    Some people continue to surprise me.

    As a nice-to-have add on, completely love the idea of IoT running things; as a sole need-to-have, God help us!

    I admit to having a few rooms wired up with smart lights and Nest, but I made sure I still have an actual light switch on the wall as well as a thermostat!

    1. Mike Pellatt

      I admit to having a few rooms wired up with smart lights and Nest, but I made sure I still have an actual light switch on the wall as well as a thermostat!

      Abso-fucking-lutely. All my Fibaro dimmers are wired up to real switches as well. As making the summerhouse watertight, the garden looking decent, replacing safety-critical stuff (like the power socket wired with 1mm cable...) is more critical than whizzy smarthome stuff, getting all the Z-Wave stuff working to OpenHAB is a back-burner job.

      I do have buyers' regret over the Honeywell EvoHome, because of its reliance on Honeywell servers for the smarts and their non-publication of the API, but then that was bought when we were planning to holiday let the place.....

  14. Anonymous South African Coward Bronze badge

    Isn't Android 4.x now EOL? Why even try and code apps for that generation of droids? If the (l)user really want IoT Yale keys, then surely said (l)user will be happy to shell out £££ (or $$$) for a new Android device running 6.x (or higher) as part of the requirements.

    Three words : lowest common denominator.

    If, by using an old Android version they unwittingly causes grief for themselves, then it's their own fault for doing so.

  15. This post has been deleted by its author

  16. Jeffrey Nonken

    1) You guys are holding it wrong.

    2) Obviously you need to be running Jelly Bean for it to work. Anybody want to buy this Galaxy SIII for a low, low price of US$500?

    1. DropBear

      2) No. My SII is working perfectly fine.

  17. ObsidianAura

    I've had the problem today and yesterday on my iPhone, cant get the app to function

    I've had pretty terrible service from Yale all the way through from day one with the smart alarm system :(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon