We live in an amazing era of technology. The Internet has opened doors that have been dreamed of for years. By adding computing technology to everyday devices, like televisions, thermostats, appliances, and others, we’ve been able to automate many aspects of our daily life. The ideal experience might look something like this 50s ‘futurist’ promotional film entitled “Design For Dreaming”.
The idea of technology being embedded in every object around you is called The Internet of Things, and is one of the fastest growing areas of emerging technology. These days, manufacturers are adding Internet connection to all types of devices around you. One of the most famous examples is the Nest Thermostat [LINK]. This thermostat allows the user to adjust the temperature throughout the day, and eventually learns the user’s patterns, thereafter adjusting the temperature without intervention.
But there’s a dark side to this kind of technology, one that is becoming more visible as the technology goes through growing pains. In this article, we will discuss some of the major issues with putting a computer in every device you own (or don’t really own, as the case may be). We focus on the domestic space, rather than the industrial space, which has its own challenges and benefits. We discuss both the value and problems with adding an internet connection to a device that previously never needed an internet connection, including the reliance on a company to provide updates, security and privacy concerns, and finally judging the value that these additions provide.
Updating over the Internet
One big advantage for companies with Internet of Things devices is that they have a connection to your device while it exists. This gives them the ability to send software updates, which can fix bugs, or add new features. On the surface it seems like a win-win with both manufacturers and consumers profiting from the technology. However, in practice, the ability to update opens the door to a host of issues. This past winter, the Nest thermostat had an outage, which ended up draining the battery of their device, meaning that it stopped working in the middle of winter, and the homes people were using the device in were no longer heated.
A glitch like this isn’t just inconvenient, it’s potentially life threatening, and could certainly cause damage to a home through frozen pipes that could burst, and other issues.
Almost every IoT device is vulnerable to this kind of issue. It appears that companies often use the ability to update as an excuse to fix device issues later on. Each time the device updates, it is unavailable for use during the update, and it opens the door for new unintentional bugs to be introduced.
In addition, many companies don’t offer any kind of basic functionality if the software causes a problem.
Or these smart light bulbs from GE, described by a user:
“It’s about a week or so after getting the bulbs, and after doing some troubleshooting (e.g. resetting the bulbs, trying different phones) both bulbs have stopped working. Neither are detected by the C by GE app, despite the bulbs still being detected over Bluetooth by the phone. The Google Play page for the app is full of complaints about the latest firmware bricking people’s bulbs so it’s clearly not an isolated problem.”
That something as simple as a light bulb could be rendered useless by a software update should give everyone pause. How can we trust something as complex as a thermostat, or refrigerator, or oven, or home security system or medication robot (!!!) when even a light bulb is a victim to these issues.
But software glitches aren’t even the biggest problem with updates. It’s the fact that manufacturers can remotely turn off your device whenever they decide to stop supporting them.
The two examples are for two very different products. One is a Wi-fi enabled SD card, which can send photographs directly to a user’s computer. The other is a smart home hub made by a company called Revolv.
Both are being discontinued. And unlike ‘dumb’ devices, that continue working no matter what happens to the company the built them, these devices have both gone dark, leaving everyone who spent money on them without features that they paid for (in the best case), or a completely useless bundle of circuits, a ‘brick’ as it is referred to colloquially.
The history of the Internet of Things is littered with stories like these, and it will keep happening. Because when you purchase a device that requires an internet connection, you aren’t buying a device, you are buying a service. The service is only as good as the will of the company to continue supporting it.
The reason is that these devices require servers that the company has to maintain in order for the device to function. These servers cost money, and if the number of active users can’t justify the cost of maintaining those servers, the company has a very good reason to stop the service, rendering the device unusable.
Complicating matters is that because this is an emerging technology, many of the companies producing these devices are startups. Unlike large companies, which have product lines to maintain, and expectations to meet, startups can take bigger chances to innovate. But they also have the downside of being extremely vulnerable to failure and acquisition. Sometimes, when a company is acquired, it is because the acquiring company wants to continue producing their product. Other times it is because the acquiring company wants to own a key piece of technology or a patent that they can use in their own products or just gain access to their customers. This can lead to fairly unpredictable results when buying an IoT device from a startup company.
It is possible that as the technology matures, companies will be able to improve on these issues, but currently, buying an IoT device means rolling the dice about whether or not it will work consistently, and be functional for the entire time you want to use it.
Unfortunately, in many cases, it also means opening your home to significant security threats.
Internet security has never been perfect and is a major challenge for any device. Even your laptop, which has hundreds of times more computing power than your smart-toaster, struggles to provide a secure connection to other devices. This happens because the Internet is a major channel for thieves attempting to gain access to personal information is often used for identity theft. Security professionals are in a constant battle with the hackers and thieves that are constantly trying to find new vulnerabilities into systems thought to be secure.
Unfortunately, it appears that most IoT systems missed the boat on security.
The major alarm bell was sounded earlier in the year when Shodan, a search engine for IoT devices, added a section for unsecured webcams.
Many manufacturers, including Nest have been pushing internet connected home security cameras as an innovation. Rather than record footage on physical media, users are able to monitor these feeds over the internet. However, because of the total lack of security on these devices, so can everyone else.
And because these devices are internet connected, they are vulnerable to viruses, often times targeted directly at specific devices. One of the more popular methods of attack is called a ‘botnet’, in which in attacker takes control of a large number of devices to all perform a single attack. Those infected often have no idea that a bot exists, and in many cases, they might have no idea that their device is involved in an attack.
In the past, these attacks have been focused on desktop or laptop systems. But now attackers have found that internet connected devices have much less security and oversight, making them easier to takeover, and much less likely that their control will be discovered until their attack is underway.
So it is clear that IoT devices are incredibly vulnerable to both intentional and unintentional security risks, which opens the user up to serious privacy violations, and potentially loss of their identity information.
That’s not to mention how government agencies like the NSA are looking at exploiting IoT devices.
Unfortunately, this is a common theme in all types of computing. For some reason though, IoT devices often have their security ignored in favor of all the new functionality they offer to their users.
So we must ask the question: Is it all worth it?
Value of the IoT
Like we saw at the beginning of the article, the automated home is a major dream of futurists. The possibility of having basic home maintenance tasks and chores completed automatically for us seems like an inevitability. And a lot of device makers are taking this route, making devices to allow users to turn lights on and off in their home without going to switches, help cook better meals, do your laundry, and smart refrigerators that attempt to become a central hub for the home.
Devices like these could potentially add a lot of value, but the issues we’ve already discussed in this post are still a concern. Will a software update brick your refrigerator, and ruin all your food? Will your oven require a software update on Thanksgiving, requiring you to wait before putting the turkey in?
There are tradeoffs with all kinds of technologies, and users might decide that the growing pains of IoT technologies are worth the value they provide.
But then there are other devices, which rather than thinking carefully about what value their device provides, appear to simply add an Internet connection to literally anything.
The Tumblr blog We Put a Chip In It displays some of the most egregious examples, including an internet connected wine bottle:
There is also the Twitter account Internet of Shit(@internetofshit), which is a strong critic of IoT devices and their issues.
Both accounts catalog the absurdity of many IoT devices as a way to cut through the hype that often permeates these types of devices.
The Internet of Things has a lot of potential to make users lives easier. But users of these devices have to be aware of how much they are giving up for a bit of extra convenience. They give up full ownership of their devices, potentially a lot of security and privacy, and the value the devices provide isn’t that high in many cases.
When considering purchasing an IoT device, after remarking at how cool it is, take a deep breath and do a reality check. Ask yourself how your life will be affected if this device stops working suddenly? Can you afford for it to not function for an hour? A day? Or longer? Is the company an established entity? Or a startup with a nice marketing video? Are you sure the company will be around to support this device in a year or two? Are they willing to release source code that will help other companies/communities to provide service in case they stop existing?
And then ask yourself what information about yourself might be given up if someone gains access to your device? Home security cameras are very popular now, but also often accessible to outside parties. If you buy a smart lock for your home, is it more secure than a traditional lock? Or less secure?
And finally, think carefully about the value of this device. Does it really add value to your life? Is it really necessary? Or is it more of a toy? Something fun to play with, but not adding real value.
The answers to these questions are important for everyone to consider. Companies have become very adept at creating videos that make their technology look essential, while hiding all of its flaws. We must become more discerning consumers and force manufacturers to consider the factors discussed in this article before blindly attempting to realize a future that might not really exist.