A most provocative talk about Smart Homes and the dangers of the IoT (Internet of Things) kicked-off the first Hacker Connect in New York City last week. Molly Sauter, a PhD candidate and Vanier Scholar from Montreal’s McGill University, gave a presentation that scared the crap out of me when she dove into the dangers of today’s Smart Home.
Now I’ve been a fan and even early adopter of affordable Smart Home tech: in the late 1980s, I had a wireless alarm system from Radio Shack and switches that allowed me to turn on lights with a remote. But that stuff turned out to be terribly unreliable.
More than a year ago, we outfitted our home with Amazon’s Echo and Echo Dot and have been blissfully pleased. Great product, awesome interface and we’re now dabbling in more ways to make our home smarter. I even wrote about Amazon’s move into the Smart Home space after last year’s homebuilder convention, since it was being largely ignored there (“Digital Dawn: Amazon is creating the smart house for the rest of us”). Fast forward one year later, and Alexa was the star of the most recent CES (Consumer Electronics Show), and a plethora of products at this year’s International Builders Show touted ties to Alexa.
In fact, the popularity of Alexa is so pervasive – Amazon sold millions of units of its Echo and Echo Dot during the holiday– when Google introduced its competing product – Home – industry experts predicted that Google is simply too late to beat Amazon at this game (“Amazon’s Echo is building a coffin that’s custom-made for Google.”).
The Most Dangerous Game
Which brings me back to why Sauter’s shock-talk at Hacker Connect was so poignant. Most folks following the IoT have all heard about the dangers: How the October 21, 2016 DDoS attack using IoT devices and their default passwords took down Twitter, Netflix, CNN, PayPal, Spotify, Fox News, The Wall Street Journal, The New York Times and many more.
An inconvenience, yes; Life or death, no. But Sauter points out today’s Smart Homes have devices in our homes that could literally kill us. The example she gives is in a Samsung refrigerator that has a cool new feature: you can designate space inside that can be set as a refrigerator or a freezer. Sounds harmless and smart. “But it turns out that if a hacker could get control, it could be deadly and stupid to have in your home,” Sauter argues. Why? Science. There are some foods, when they freeze – then thaw – and then freeze again, can grow dangerous bacteria that will make you sick, and could potentially kill you. That’s not the kind of headline the Smart Home movement wants to see.
Limited Liability
“To make matters worse,” Sauter points out, “there is no product liability here: we have no laws that say if bad software code ends up being used to kill us, we can hold the product manufacturer or the software makers accountable.” That’s because we clicked on the “Terms of Use” and accepted them, which basically means we’re screwed and they’re not. This is another case where technology is clearly outpacing the regulations and laws needed to protect consumers and make sure the safeguards are in place, and that those who are responsible are held accountable.
Heck, the Nest thermostat, one of the most lauded new Smart Home devices, went kaput in January 2016 after a software upgrade. Sauter noted that the fix required people to REMOVE their Nest thermostat, attaching a USB cable and charging it for at least an hour. Google, which owns Nest, did not send any electricians to anybody’s home, because, after all, they accepted the “Terms of Use.”
A Buyer’s Nightmare
Finally, Sauter shared this: there’s a whole new way that the sale of a Smart Home could directly impact a real estate transaction and is being ignored today. Is there a document, at the closing, that formalizes that the Sellers are conveying all the Smart Devices in the home and all of their passwords to the Buyers? If not, what if the Sellers are pissed off at the Buyers and decide to wreck havoc by playing with their devices remotely: turning their thermostat down to 50 degrees, turning off the refrigerator, turning on and off all the lights. If you watch “Madame Secretary” on NBC, or caught the first episode of the second season of USA Network’s “Mr. Robot,” you’ll remember those disturbing scenes when someone hacks a Smart Home.
That also begs the question: Are agents making sure their Buyers change all the passwords on all of their devices when they buy a Smart Home? Are there instructions for each device that tells one how to do this?
Sauter was asked what she thought was the best answer to a customer that wanted to buy a Smart Home and she said, bluntly, “Don’t.” She even suggested that our collective ignorance could result in a market for a “Dumb Home,” which she suggested might even be more valuable than a Smart Home.
Let’s hope that instead, we figure out a way to fix these problems and make sure that having a Smart Home isn’t a deadly decision.