The Internet Of Things: A Solution Looking For A Problem

We’re hearing lots of noise about the so-called “Internet Of Things” across the web right now. If you haven’t come across the term, it describes a network of interconnected, intelligent devices which
intercommunicate and behave more intelligently than their “dumb” predecessors. One such example is the “smart appliance”; a device that perform the function of conventional household appliances like lighting, heating and security, but is often augmented by a microprocessor, sensors and IP networking capability, which facilitates remote monitoring and automation.

In many cases, these smart appliances integrate with smartphones using apps, allowing a user to remotely control and administer the time your lights or central heating come on, or monitor ingress and egress on your property from any location, even allowing you to issue temporary keys to your house that automatically expire when you want.

These things sound kind of useful, sort of. I could see the value in being able schedule my gas heating to come on half an hour before I get home using my phone.

However, I can easily live without my phone talking to my lights. Or my locks, or my boiler. I can already automate some of them using simple mechanical timers bought from a hardware shop, and they’ll work perfectly, without complaint for years without needing to manage them or patch firmware. They won’t make me less physically secure, they require physical access to my property to be interfered with, and their manufacturer won’t be able to suck up my consumer behaviour and preferences into their cloud and store it indefinitely. I’m just not feeling the necessity of these products.

This brings us to our next issue, which is privacy. A lot of these devices connect to the internet to dial home for software updates, but also to report usage data to the manufacturer. Nest, who make smart thermostats, smoke alarms and cameras, are owned by Google, who are very interested in your data as we know. What data do they collect? What do they do with it? How long do they store it for? Again, this doesn’t arise with a cheap Chinese-made timer you’d buy for a tenner.

As you can tell, I’m not sold on this Internet Of Things idea. I see it as more technological expansionism, more intrusion into your privacy, and more shit we don’t need.

The final problem as I see it is that software, as everyone knows, is notoriously unreliable. It crashes, it behaves unpredictably, and it has security flaws. When you deploy it in a networked environment, these problems only get worse. Sure, in this context it enables some potentially useful functions, but any useful software is complex, and testing it properly is hard. Covering all of the different possible usage scenarios, inputs and permutations of software state requires detailed planning, and competent testing, which often doesn’t happen in a commercial technology company rushing to get a new product to market.

Unfortunately, there have already been high profile failures in smart appliances. The Nest Thermostat, which claims to learn the home heating preferences of its owner and manage your heating system, suffered a recent software bug where the battery would drain prematurely, leaving owners waking up to freezing homes.

Another example is a manufacturer of IP cameras shipping all devices with no remote password authentication. As many owners are unaware of the need to enable it, this presents a vulnerability which has been exploited by a search engine which indexes thousands of such cameras

Bugs are not a new thing, and unless there is a miraculous breakthrough in how software is developed, this will continue to be the case. Traditional computing devices have had problems like malware and phishing for years, but it’s rare for these problems to threaten my physical security and well-being; the scope and gravity of the failures above is unique, the fact they are so basic and occurring so frequently is a concern, and I can envisage even worse scenarios.

What if a hacker is able to break into your smart lock system, and unlock your front door? What if a bug causes the locks to behave unpredictably? You probably wouldn’t find out until it’s too late. Similarly, with the Nest failure, an elderly person or someone with respiratory issues living in a cold location could come to serious harm if their heating system fails. A hacker could capture intimate images of you or someone you know via a vulnerable camera and do whatever nefarious things people do. It really is the stuff of nightmares.

The failures we’ve seen so far are likely due to naivete and hubris on the part of the manufacturers. The software is being developed as if it’s standard consumer software, which can be shipped with bugs and then patched later. This isn’t good enough. These gadgets are not iPads where a bug is an annoyance you can tolerate, they are “mission critical” to use a business buzzword, where system failure is potentially catastrophic for the owner.

Vendors of these devices are clearly not giving due respect to the expectations that need to be met, and are being met already by so called “dumb” devices. I put “dumb” in quotes because a thermostat that erroneously drains it’s battery and dies seems pretty dumb to me also.

My advice would be to avoid these devices until their manufacturers begin treating software security and reliability more seriously.