I bought a Philips Hue kit with three lights, and I have a couple of Amazon Echo Dots. I was all excited to get everything connected and working correctly. When it comes down to it, it’s a toy because it takes longer to turn lights on and off with voice commands than it does with a wall switch, although if you like to experiment with the color combinations that is kind of cool.
A few nights ago, about 2 AM, we had a brief power fluctuation. When that happens, the smart lights reset and turn on. The Echo restarts and seeks a wifi connection. So all hell is breaking loose at 2 AM when the lights come one and Alexa starts saying, “Cannot find network” because the Echo came up faster than my router.
Without all that smartness we would have just slept through it and reset the oven clock in the morning.
Man-in-the-middle attacks are one of the super-drawbacks of many of these devices, and many WiFi-enabled electronic consumer devices are vulnerable to it.
I was at a security conference a couple of weeks back and was talking to a guy who did network penetration testing - he hacked the network of a design firm using a wireless electric water kettle.
it works like this: the kettle was ‘wifi enabled’ meaning anyone in the office could point their web browser at it and do clever stuff such as switch it on, make it light up a different colour, etc.
The kettle is configured to join the company wireless network, so all an attacker needs to do is broadcast a strong wifi hotspot signal at the kettle, with the same name as the company’s wifi (but with no security requirements) - the kettle will connect to that instead, then the attacker can web into the kettle, go to the ‘configuration’ page and see the WPA password for the real network (because there’s a handy ‘show characters’ checkbox next to the password field).
This ^, and it’s just one example of the way these devices leave your home vulnerable.
Before I ended up out on disability, I worked for a security firm on their IoT security products. The vulnerabilities are there, have been there for a while, and the exploits will just continue. Throw in the facts that these devices are being made by a host of different manufacturers, that there is no agreement on any protocol for security, and that no one outside of the security field seems at all concerned about any of this, and the whole IoT is a real disaster waiting to happen.
But hey, you can open your garage door with your phone, and your refrigerator will tell you when you need milk!
My husband has been trying to talk me into a smartphone-enabled garage door opener, and I’m fighting him on it. I can’t convince him that it’s better and faster for me to just reach for the push-button in my car as I approach our end of the block. If I had to use the phone, I’d have to pull into the driveway first, stop the car, fumble for my phone, fumble for my reading glasses, and then search and swipe until I found the proper screen to do the task at hand. He’s in love with his phone and his apps and can’t see it my way.
I remember as a kid watching Bladerunner and thinking how the voice-activated photo analyzer managed to be slower and harder to use than just holding the photo and using a magnifying glass.
Todays cybersecurity needs might seem rather Orwellian to a person in the past.
In WWII, one big reason that the British were able to crack Enigma codes was that the Germans were doing things that most people nowadays know are bad security. They would use common words and references for letter sequences or they would use girlfriends or pets names as passwords. The Brits knew not to do that but it’s funny how no one back then really needed passwords as part of their daily life.
of course it could be just the cable company was dicking around with the signal running systems tests and updates … time warner warned me that their favorite time to do such things was from 11 pm to 5 a m … how we find out such things are happening is hen my aunts phone gives 50 push notices in succession and they all try to chime at once
Does this apply to smart meters for gas and electricity? We’ve just been told we need to have our old meters replaced and the default is a smart meter. It looks to me like the pros (slightly) outweigh the cons, given that they’re being rolled out nationwide and so the cost will be passed on to billpayers whether they have one or not. But it’s not straightforward to get unbiased information, as government/energy companies/comparison sites all have a vested interest in you getting one, and naysayers seem to be very much of the tinfoil hat brigade.
If it is possible to hack a smart meter, should I be worried? I would have thought the likelihood of someone attempting to do so is minimal. Could they in theory hack into my home wifi (and therefore computer, or even email) via this route?
Last night for about the umpteenth time “smart” devices were triggered by something playing on TV.
And this is [del]Google[/del] Alphabet.
The stupidity level these companies have regarding these devices make it abundantly clear that the bad stuff that can happen is far too great for any person to get into this now.
At this point you’re not even a beta tester. You’re an alpha tester.
I like my connected lights because my switches are frequently in awkward places. Yes, the voice activation takes a couple of seconds, but that is still much less than walking around the kitchen counter to turn on the sconces.
The lights don’t worry me much, security-wise, although I think I’ll put them on an isolated guest network. And I have a reasonable amount of trust in Amazon regarding the Echos. But I wouldn’t install a connected webcam in a million years, at least not an indoor one.
Anyone who wants a Tony Stark-style smart house needs to watch the 1977 film Demon Seed, in which a mad computer takes over the super-smart house and rapes Julie Christie in the process.
In the decades since of PopSci gushing over remote control everything, all I could see was the scenes where the computer is locking down the house so Christie can’t escape.
When I see the ad for the woman with thej fiddle walking in and saying OK Google, turn on the front hall light. I can’t help but wonder. How long did it take somebody to rewire the entire house, with all wiring passing through a couple of dozen wall switches converted to digital activation, , each of which has a unique name that can recognized by Google. And what else had to be re-done, that I haven’t even thought of.
Somehow, I can’t imagine that you take Alexa out of the box and plug her in, and she turns on the correct lights when you tell her to.
How can I get a piece of the retail action, when Alexa orders flowers, with no price haggling, and a pretentious shop can charge whatever I please and surcharge whatever they want for delivery and send them out whenever convenient.
Alexa is TV ad gullibility beyond Sham-Wow’s wildest dreams.
It takes the same time as replacing a single light switch plus three minutes. You could probably convert an entire house in less time than a single wire-pull would take. Certainly true if there’s any drywall work involved.
And you get plenty of utility without converting the whole house. The closet lights don’t need to be controlled.
Nope. There’s a few different technologies grouped under the name “smart meter”, but in every implementation I’m aware of, they communicate via radio back to the utility’s network, not touching any network of the customer’s at all. Though the communications are encrypted, it’s theoretically possible that your meter could be hacked. All that would happen to you in that case, though is that the hacker would have access to your power usage data, or, with some meters, might be able to turn your power off. The bigger risk is that hackers could potentially get into the utility’s network via smart meters, so utilities generally are pretty on top of security.
TL;DR: It’s possible someone could see how much energy you’re using by hacking a smart meter, but there’s no risk to your home network.
Exactly…my sister gave my wife and I Echo Dots for Christmas…my sister proceeded to tell my wife all the wonderful things it’d do, how the people who worked for her loved the ones she got them…I asked her if she had one in her house…uh. no, she explained, her husband (my BIL) refused as he thought they were a total invasion of privacy…
I told my wife there was no way we were going to hook those up…she said, well, I want to hook mine up, I explained there was no such thing…after having her read a few articles on the potential to be abused, she said, “You’re right…”
And now, they sit unopened in their boxes on the mantle above the fireplace…I was going to give them away, then I realized I didn’t know anyone who would want them…
Sorta. Santa Clara set up a free WiFi network via its smart meters. So while it’s literally true that your home network isn’t at risk, any devices that use the free WiFi are at as much risk as any other public network.
You are correct though that most smart meters use a radio system that has nothing to do with WiFi.
Possible mitigation techniques include avoiding the use of WIFI. Even though the Hue controller, for example, has built-in WIFI in its hardware, it doesn’t work. You can only connect it via Ethernet.