Skip to content
17feb opinion smart but not always secure hero
8 February 2017

Opinion: Smart, but not always secure

Every device has security vulnerabilities.

Don’t buy WiFi light bulbs. In fact, don’t buy any IoT (internet of things) devices. They may sound like useful gadgets to have in your home, and if I’m fair they can be, but they will annoy the heck out of you every single day.

For example, my light bulbs. I have a set of WiFi-enabled light bulbs in my lounge that connect to my home network via a receiver unit and a WiFi-connected light switch in the wall that controls the “normal” lights in my house. I have another set of bulbs (of a different brand) that connect via a different receiver unit.

First, their good points:

  • I can control my lights from anywhere with my phone.
  • They have rules for when they turn on and off based on time and conditions (such as sunset).
  • Two of the bulbs can change colours and be controlled by Siri voice commands.
  • The wall switch also has a “long press” feature for extra functionality (that means a long press can turn off another set of lights in the home).

And the bad things:

  • Connecting them to my network is a pain in the butt.
  • Making any change to my home network usually requires resetting all my WiFi devices.
  • Sometimes the lights “forget” the network.
  • Sometimes the lights “forget” or “ignore” rules they are meant to follow.
  • Local time and conditions are taken from overseas databases and aren’t always accurate.
  • Everyone in the house needs the app installed to control the lights.
  • Friends who visit can’t control the lights (without installing the apps to their phones).
  • Different brands use different apps.
  • The bulbs only fit certain light fittings (and none fit recessed lighting).
  • The receiver unit for one set of lightbulbs is a device that needs to be plugged physically into the router as well as power.
  • The other control units are large plugs that stick out from the wall and can’t be hidden as that makes it harder to pick up the WiFi signal.
  • If they ever burn out or break, they’re expensive to replace.

I recently changed internet providers, which meant I needed to change my router. Despite trying to keep the settings as much the same as possible, the lights refused to reconnect. This was compounded because I had to move my router, meaning signal strength dropped in some areas of my house and the lights’ receiver units couldn’t find the network any more. I had to factory reset all the devices and reinstall the app on my phone to get the lights in my house working again.

I tried using the lights with a third-party website called IFTTT (If This Then That), which creates “recipes” for various connected devices. For example, your lights turn on when your phone’s GPS says you’re close to home. But despite the potential extra functionality, it ultimately proved unreliable, so I gave up.

And it’s not just lights causing issues.

Last year, Mark Rittman of England gained internet fame as he tried for 11 hours to get his WiFi kettle to boil. The kettle refused to connect to his WiFi base station and then got “lost” on the network. (To be fair the issue was compounded by Rittman’s attempts to connect the kettle to his Amazon Echo so he could use voice commands.)

The type of problems Rittman had with his kettle are common for IoT devices: gremlins. For unknown reasons your device refuses to operate properly. Not connecting to the network is a common one. When gremlins strike there’s little the average user can do except restart the device and Google to see if anyone else has had the same problem.

It’s frustrating when a device doesn’t work for no reason. But what happens when your device works too well?

Amazon’s Echo (not yet available in New Zealand) is another good example. Using Echo’s Alexa voice service, you can control devices all over your home and also order products from Amazon. Sometimes it works too well, ordering products you weren’t expecting.

This year, a girl accidentally purchased a doll house by saying "can you play dollhouse with me and get me a dollhouse?" in front of the family’s Echo device. What’s more, in the live TV news article about it, a reporter said “I love the little girl, saying 'Alexa ordered me a dollhouse'”, which caused Echos all over San Diego to try and order dollhouses.

Our interconnected world has a lot of payoffs. When they work, IoT devices are really cool and can do some great stuff, but you gotta push through a lot of tech angst to get what you want.

I haven’t even talked about hackers yet.

Last year saw the largest Distributed Denial of Service (DDoS) attack on record. DDoS attacks use compromised systems (a “botnet”) to overwhelm a single web-based target. In this case, the attacks targeted Dyn, a large DNS provider, which took down Twitter and Spotify across the US. The attack was worrying not only for the size but because the botnet was mostly made of web-enabled IoT (internet of things) devices.

Which means your internet-connected coffee machine is a security hazard.

Every device has security vulnerabilities. Devices like computers and phones are being constantly updated to patch these holes. But your WiFi kettle may never get an update. This means it’s vulnerable to being taken over. Moreover, these devices can allow access to your home network and from there a nefarious person could cause you lots of trouble. For example, Android malware infected this smart TV causing it to lock up and become unusable.

By 2020, it is estimated by industry experts that there could be 10 times as many IoT devices than people on the planet. That number could inflate faster if initiatives to create smart cities take off in earnest.

When city infrastructure becomes “smart” the need for stronger security becomes paramount. This wouldn’t be a case of not being able to get a glass of water because your watercooler needed to upgrade its software. This would be a city gridlocked because all the traffic lights have been shut down.

by Hadyn Green

Member comments

Get access to comment