When it comes to smart home technology, there is no shortage of products whose rationale is questionable, to put it mildly. I actually wrote an entire article tweeting web-controlled refrigerators and rice cookers:9 of the dumbest smart appliances I tweeted web-controlled refrigerators and rice cookers:9 of the dumbest smart appliances. your time and your money. But there are also types that should never see the light of day. Here are 9 of the worst. Read more about them in April this year. One of the devices I mentioned was the iKettle, from Smarter Labs.
iKettle 2.0 (comes with UK plug and requires US power converter) iKettle 2.0 (comes with UK plug and requires US power converter) Shop Now on Amazon
The iKettle is a WiFi enabled kettle. Yes, you read it right. Apparently, the task of heating water to its boiling point is something that can only be accomplished with WiFi integration.
Oh, and did I mention that it came with a huge, huge security flaw that had the potential to open up entire WiFi networks?
Yeah, it turns out the iKettle isn't too hot (sorry ) when it comes to security. With just a couple of steps, you can convince it to download the user's WiFi password. So how do you cut a kettle?
First, the attacker would need to identify a wireless network with an iKettle connected to it. They would then create their own wireless network using the same SSID.
When the iKettle switches to that network, the attacker can connect through port 23 using Telnet. What is Telnet and what are its uses? [MakeUseOf Explains] What is Telnet and what are its uses? [MakeUseOf Explains] Telnet is one of those technical terms you might hear occasionally, but not in an ad or feature list on any product you might buy. That's because it's a protocol, or a language... Read More This is a freely available tool that is similar to SSH and allows users to manage computers remotely.
The iKettle will ask the attacker for a six-digit access code. This can be brute force, but if the kettle was set up with an Android device, it has the default password of 000000 . Once authenticated, the attacker will instruct the kettle to make a list of its settings. At that point, it will spit out the entire cached WiFi password in plain text, allowing an attacker to gain access to the entire network.
A Smarter Labs spokesperson was keen to stress that a fix for this issue is not far away.
They also noted that the next iKettle will not be affected:
Users with an affected kettle can update using the iKettle app, available for iPhone and Android. In the meantime, it may be convenient to connect a second router to your home network with a different SSID and connect your kettle to that network. You can find a perfectly adequate router from Amazon for as little as $10.
This episode reminds us what smart home products are like that we use essentially computers , and how they face the same security issues as traditional computers. It's weird to imagine someone using Telnet to connect to a kettle, but apparently it's a thing.
As the smart home field inevitably matures, manufacturers will come under increasing pressure to consider the security of their devices. And when things go wrong (as they inevitably do), they can expect to have their feet on the hot coals.
Manufacturers will need to design their products to be easy to reset and update. They will need to take a proactive approach to their device security and work with security researchers. They will have to learn to manage disclosure. Full or Responsible Disclosure:How security vulnerabilities are disclosed. Full or Responsible Disclosure:How security vulnerabilities are disclosed. Security vulnerabilities in popular software packages are discovered all the time, but how are developers informed? And how do hackers learn about the vulnerabilities they can exploit? Read More Oracle wants you to stop sending them. Here's why he's crazy. Oracle wants you to stop sending them. This is why she is crazy. Oracle is in the water over a malicious blog post from security chief Mary. Davidson. This demonstration of how Oracle's security philosophy breaks away from the mainstream hasn't been received well in the security community... Read More
Manufacturers will need to consider how to ensure the safety of their devices, in the event of bankruptcy. More importantly, they will have to establish a consensus with their customers about how long they are expected to keep a particular product.
A friend of mine has a microwave that is literally old . It sounds like hyperbole, but it is not. He inherited it from his parents, who in turn bought it from a hypermarket that no longer exists in the 1980s. Let me put that in context:his microwave is older than me .
But here's the thing; is a perfectly adequate microwave . Nearly thirty years later, he can still turn frozen lasagna into a puddle of melted cheese, and he can still easily thaw frozen meat. There is literally no reason to replace it.
That's the thing about traditional appliances. They are not subject to the same cycle of planned obsolescence You Will Consume:The [Feature] Consumer Electronics Story You Will Consume:The [Feature] Consumer Electronics Story Every year, exhibitions around the world showcase new high-tech gadgets; Expensive toys that come with a lot of promises. Their goal is to make our lives easier, more fun, super connected, and of course they're a status... Read More There is no such thing as a "refrigerator refresh cycle." There is no such thing as a “two-year upgrade” in the world of home appliances.
One other thing:my friend's microwave was made in a country that no longer exists (the German Democratic Republic, aka East Germany), by a company that has similarly ceased to exist. But that didn't stop him from making microwaveable cheese nachos thirty years later.
It's a different matter for smart home technology. Your computerized kettle, or WiFi-enabled umbrella, most likely requires regular performance and security updates.
The problem is that the programmers are. expensive , and it is fundamentally unrealistic to expect software companies to keep their products around indefinitely. Finally, they have to let it slide, like Microsoft did with Windows XP. What Windows XPocalypse Means for You What Windows XPocalypse Means for You Microsoft is going to end support for Windows XP in April 2014. This has serious consequences for both of us. Businesses and consumers. Here's what you need to know if you're still running Windows XP. Read more in early 2014.
Then there's the little matter that tech companies tend to implode like the Death Star, leaving a plethora of promotional laptop stickers and now-unsupported codes in their wake. To give you just three (of many) examples, there's Silicon Graphics, Palm, and Commodore.
If you buy a product that inherently needs a lot of administration just to keep it safe and running smoothly, you risk the company sticking with it to support it. That's not always a safe bet.
Right now, the Internet of Things is a nascent idea, still half-formed. It's still very much an experiment, with dozens of unanswered questions.
Should manufacturers be responsible for the safety of the products they sell? If so, to what extent?
Should a company reasonably be expected to endorse an IoT or Smart Home product? If so, how long?
What happens if the manufacturer fails? Many startups have committed to releasing their code into the public domain, in case it fails. Should smart home manufacturers be forced to do the same?
Is there anything consumers can do to ensure their hardware is secure? So what?
These questions will be answered in time. But until they are, I suspect most consumers will be reluctant to embrace the world of the Internet of Things.
But what do you think? Leave me a comment below, and we'll chat..
