Amazon's Door Lock Is Amazon's Bid to Control Your Home

Interesting essay about Amazon's smart lock:

When you add Amazon Key to your door, something more sneaky also happens: Amazon takes over.

You can leave your keys at home and unlock your door with the Amazon Key app -- but it's really built for Amazon deliveries. To share online access with family and friends, I had to give them a special code to SMS (yes, text) to unlock the door. (Amazon offers other smartlocks that have physical keypads).

The Key-compatible locks are made by Yale and Kwikset, yet don't work with those brands' own apps. They also can't connect with a home-security system or smart-home gadgets that work with Apple and Google software.

And, of course, the lock can't be accessed by businesses other than Amazon. No Walmart, no UPS, no local dog-walking company.

Keeping tight control over Key might help Amazon guarantee security or a better experience. "Our focus with smart home is on making things simpler for customers ­-- things like providing easy control of connected devices with your voice using Alexa, simplifying tasks like reordering household goods and receiving packages," the Amazon spokeswoman said.

But Amazon is barely hiding its goal: It wants to be the operating system for your home. Amazon says Key will eventually work with dog walkers, maids and other service workers who bill through its marketplace. An Amazon home security service and grocery delivery from Whole Foods can't be far off.

This is happening all over. Everyone wants to control your life: Google, Apple, Amazon...everyone. It's what I've been calling the feudal Internet. I fear it's going to get a lot worse.

Posted on December 22, 2017 at 6:25 AM • 41 Comments

Comments

TordrDecember 22, 2017 6:40 AM

Bruce, please do not fear.
Fear is an feeling that leads to flight or fight responses these feelings are not useful on the internet. Use logic, analyse trust relationships and understand power/control relationships.
Security research need a new vocabulary to explain these things, feudal is a good metafor and a good start.

Who?December 22, 2017 8:19 AM

@ Tordr

I agree with Bruce. I too fear it will get a lot worse over time. The number of IoT devices can only grow because "they are cool," and will remain unsecure as no one will pay two thousand USD for a secured IoT device nor will take the time to learn how managing them.

Who?December 22, 2017 8:28 AM

I would add more. We can buy these cheap devices but they will never be ours. Selling these items is only half of the benefit[*] corporations like Amazon will get from us. They want more, they want our personal information to sell it to anyone wishing to pay to know about us, so even if these devices are managed there are parts of its software that will never be under our control.

[*] I choosed the word "benefit" consciously as Bruce is calling this problem the feudal Internet. Benefit comes from the latin terms "bene factum" (well done). This is exactly what big corporations think each time we buy the right to have one of their devices on our homes and networks.

Clive RobinsonDecember 22, 2017 8:37 AM

When it comes to these devices there is a usefull equation to remember

Gulible rating = money / sense

It's kind of a usefull thing to know which is why not just Amazon want to own you, your home, your family and just about everything else they can to marketers as "gold edged leads"...

TimHDecember 22, 2017 9:03 AM

Wait for a work-from-home professional job such as regiional sales and support staff having to have this fitted for random work-related deliveries. Sorry mate, you don't get the job. Wrong 3rd party door lock!

Remember when monster.com would host job application forms for big companies, and hide the fact that the resulting resumes were being retained?

Right now so many professional jobs require owncloud, google drive, webex and so on plugins on your computer... all learning about the user.

IggyDecember 22, 2017 9:27 AM

A new one is born every minute.

Were it easier for those who've lived and learned ahead of the newbies to penetrate their thick skulls before they are datable and employable, we might make some headway.

But no... humans persist in refusing to take the hint while it is usable.

Moves n countermovesDecember 22, 2017 9:47 AM

Someone will figure put a system to use 3 door locks on 1 door, where if any one door lock is unlocked, all the door bolt cages go backwards.

Douglas CoulterDecember 22, 2017 10:03 AM

Just wondering here - I have no strong conviction on this, but...

At some point, isn't this a case of diminishing returns, re spying on us all?
I can only spend the amount of money I can spend...there's a limit to the value of controlling even my entire income.

I mean, once you know practically everything that's commercially interesting, well, then, you know it. It might be argued that say, Amazon wants to know what Google knows and so on - but with the rate of leaks of huge DB's - it would seem that even that is a fait accompli or will be pretty soon.

It would seem that even though tastes might change - the amount of new data that even exists about me becomes a trickle vs finding out all the baseline stuff. Like with any new product, it becomes a commodity, and after everyone has one, the growth market becomes a merely replacement one.
(See: color TVs, PCs and so forth - even autos if you go back far enough)

And re the above - they really could do a better job with what they have - a year or two ago I bought a video camera on sale (Amazon) - and for 6 months got targeted ads for...video cameras (and accessories for cameras I don't own as well). Hey, I got one, I didn't send it back, I even wrote a glowing review. Could it be that all that big data isn't even being used?

Is it simpler for some PHB to simply demand and collect more in some wrong headed belief that not enough is the current problem?

Just wondering about the economics, which pretty much always drive everything in the end.

Of course, the side issue is that yes, the government(s) always want everything and for other purposes, such as say getting a warning about the bringing out of guillotines and pitchforks in time to nip things in the bud before they become public enough to attract more support...maybe they provide the economics here, as they do for say, the credit reporting agencies who collect data the government isn't allowed to - but is allowed to buy from them. Hmmm (not to use someone else's handle...).

Petre PeterDecember 22, 2017 11:10 AM

@Tordr+1

Fear is a feeling that leads to flight or fight responses these feelings are not useful on the internet.

Remember! Beyond Fear, and forget about the feudal lords trying to sell you control of your memory as long as they have a copy of the remote. Fight doesn't work when i am not in control of my memory. Flight doesn't work either if the only place to run is to another feudal lord. The feeling of fear on the internet comes from the lack of real choice: get this product or die is not a choice but a threat and should be treated accordingly. I cannot share my info for the convenience of people who took an oath to make money from my.share without sharing in return; i cannot share my info for the security of people who have not taken an oath to protect anyone else other than themselves; i will share my info with people in the health care industry - it's where a Smarter Planet should start because that's where real trust can be found - trusting people & machines with my life while i am asleep. Real technology does that-it works while i am asleep. The rest of technology is assistive technology, and it's very difficult for me to admit that i actually trust assistive technology with with my life as well. This is because i am afraid of losing the meaning of the word balance.

AndersDecember 22, 2017 11:13 AM

You in the US are still lucky - your SSN is considered a secret and no public databases are linked via the SSN.

Things in Estonia are much, much worse. Every person has a mandatory ID code (isikukood) which is no secret and moreover, contains person's birth date. All the public databases (and also lot of business databases) are linked via this unique ID code.

Remember WW2 and Dutch disability register? It's initial purpose was good, to help the healthcare and disabled people. But when the Nazis invaded the Netherlands and took over the database they had ideal tool to kill all those disabled people that didn't match the "Arian ideal".

Linking all the databases via one ID is just asking for the troubles. Healthcare systems don't need to know my tax status, for instance, but currently here they are all linked together. Estonia is positioning itself as a leading digital country. My advice - learn from this horror and never follow the Estonian system.

Alyer BabtuDecember 22, 2017 11:26 AM

In the light of economics of security (e.g. see Ross Anderson’s courses), what would shift the incentives to end the objectionable exploitation by these big companies of data gathered from consumers ?

Also, the attempt to compete unnaturally by exclusion and creation of silos is reminiscent of the old railway proprietary gauges, which in the end was abandoned. This approach is effort wasted solving a subjective imaginary problem.

“Feudal” involved mutual faith and clearly defined obligation. These companies are not feudal but rather (sneakily) despotic.

Clive RobinsonDecember 22, 2017 11:37 AM

@ Doug,

I can only spend the amount of money I can spend...there's a limit to the value of controlling even my entire income.

Unfortunatly wrong...

There are two basic types of fraud against the individual in the US currently,

1, Identity Theft
2, Fake loan refinancing.

Neither will get you much held from the Police they will just send you to the banks, who will act with all the impartiality of a self intrested rapid dog...

Whilst the first is clearly a crime that many can get their head around, the latter is harder.

Basically somebody gets your details and writes out a fake loan debt. They then add "the paper" in with other perhaps default debters paper work and pass it on at say 20% of the outstanding debt. You then get some homicidal leach threatening you to get the det plus fees and expenses and all at an interest rate a knee cap breaking loan shark would think excessive. They will harass you at work threaten your wife in front of the children even phone up your boss etc.

When you basicaly get it through their head you are not paying, they simply sell the paper on at a small loss to some other scum and will also kill your credit rating and any other mischief they can get away with.

Some one I know who used to be in law enforcment then debt collection in the US said realy the only way to deal with them is with a baseball bat...

If they are stupid they will get the police involved and then you've got them and can hit them with a counter court case. If they are sensible they will take a loss on the paper and walk away. If they are only mildly stupid and sell it on then the next one gets the same treatment and may be persuaded to give up the first person who has then definately commited a crime.

The one thing you must not do ever is pay the paper because thats when you will enter a world of pain over and over as you are seen as a soft touch and good for any old fraudulent claim...

People have been driven into bankruptcy, lost their holms and killed themselves over these bottom dredger criminals.

Anthony PiscitelliDecember 22, 2017 1:41 PM

Just the beginning .....how about buying groceries that are scanned and you are paying for them with your credit card that you use when you see your doc for your yearly check-up....which now opens the gateway to the Internet of You! You buy some junk food and beer -- this data is now shared with you HMO IoY who then lets your primary doc know that you are not following the diet he put you on....so when you see him next he threatens to have you dropped from the HMO or worse has your co-pay amped up! The beer and junk food is have left a trail directly back to you and your spending habits.... worse yet the data collected here is then sent to your local Police Dept who now puts you on the Possible DWI list so when you pass a patrol car which reads your plate number there is probable cause to pull you over for a breath-a-lizer ( just in case). Moral of the story pay cash at the local grocery store?

JuhaniDecember 22, 2017 3:05 PM

Feudal should mean losing some freedom.

Let's claim we have freedoms:
1) physical freedom (prisoner, N-Korea);
2) what you want to be;
3) meta freedom, wanting what you want to want (drug addict has none, Harry Frankfurt has described this freedom).

During feudal time the peasant lost (1).
Exactly what freedom will one lose with the Amazon door bell? I assume the person will lose something, but certainly not (1). My bet is (3), but I am not certain.

Impossibly StupidDecember 22, 2017 3:26 PM

@Douglas Coulter


At some point, isn't this a case of diminishing returns, re spying on us all?
I can only spend the amount of money I can spend...there's a limit to the value of controlling even my entire income.

Derivatives. The economics of your personal data are in how it can be sold to multiple businesses, not how much of your income can be extracted directly from you. It's all part of how the middle class has been assaulted. Since we no longer have the money, companies are going after other companies, which do have the money we used to be getting. So long as there is money to be squeezed from the system, someone is going to try to find a way to get at it. The companies are at war with each other, and we are being turned from targets into ammunition.

And re the above - they really could do a better job with what they have - a year or two ago I bought a video camera on sale (Amazon) - and for 6 months got targeted ads for...video cameras (and accessories for cameras I don't own as well). Hey, I got one, I didn't send it back, I even wrote a glowing review. Could it be that all that big data isn't even being used?

Ah, but you've got the economics backwards. What Amazon and Google and others profit from is selling your interest in products to advertisers. It doesn't matter if you already purchased a camera, because that's not what Google profits from telling advertisers. It should be clear that its in their best interest to suppress that information. Their use of "big data" is specifically about selling the ads to businesses, not about selling products to you.

@Alyer Babtu


In the light of economics of security (e.g. see Ross Anderson’s courses), what would shift the incentives to end the objectionable exploitation by these big companies of data gathered from consumers ?

Put less money in the hands of businesses (or any other form of inequity) and more in the hands of the people who will spend it. As the old saying goes, if you're not the customer, you're the product. Concentrated wealth naturally leads to systems where "because that's where the money is" results in the restructuring we're seeing today.

Also, the attempt to compete unnaturally by exclusion and creation of silos is reminiscent of the old railway proprietary gauges, which in the end was abandoned. This approach is effort wasted solving a subjective imaginary problem.

Yeah, but big companies have the resources to be wasteful so long as they have a way to monopolize profits in the end. Economies of scale allow them to put in place "best practices" that are horrible for everyone but them. Just look at how net neutrality is playing out in the US to see another example of this.

Security SamDecember 22, 2017 4:26 PM

In our brave new digital world of mass confusion
Where our privacy has become just an illusion
We struggle to make sense out of our delusion
And end up at the mercy of constant data fusion.

Douglas CoulterDecember 22, 2017 4:45 PM

@Clive - if Amazon, Google, Facebook begin to engage in ID theft, of course we've all had it. Of course, the instant that happens the banks won't honor it anyway. It's a thing that has to be rare to work at all. As luck would have it, it's happened to me before I got a little smarter - and a lot better legal connections. Not a worry anymore. Living off the grid as I do - I now have no credit rating at all. None..zero, nada. Which as it turns out is far worse than having a bad one. No one but my bank - small enough that we all recognize each other on sight - would lend me a dime, other than my neighbors. It's just not an issue.
Yes, I'm aware of how bill collectors work, and how the law in the US is slanted in their favor - you're guilty until proved innocent, IF you don't know how to play the game. I've beat collections on unfair bills from Verizon, AT&T and Carilian (a huge medical effective monopoly) and once I learned how, with relative ease (it DOES help to be in the right...it's not that easy and scamming probably would not have flown). Like you, this ain't my first rodeo.

@Others
The point was, at some point, the mere fact that I can't spend more than X will mean no one is willing to buy info with such diluted actual value - especially when they can get it free from the hack of the week dump anyway. It's a rare week that goes by now without a multimillion person dump/leak. Yeah, I know that old saw "half my ad dollars are worthless, thing is, which half?" - but at some point it's going to be more than half, and in a shrinking pie world...I think after some shakeups, it's going to change a good bit. At some point, businesses strapped for cash will have to stop paying for data that just isn't worth anything much and can be had essentially free anyway.

These days all you have to do is scan Amazon S3 instances for huge unprotected databases of consumer info...I believe accenture and others have leaked full credentials and consumer info breakdown for 100's of millions in the last month alone...so says the news, anyway. Why pay?

We see the shrinking pie easily if we look. Is the total market increasing (inflation adjusted) or is it a fact that companies buy one another to get the customer list and make many more people "redundant" rather than try to increase the size of the pie via innovation? Why has everything in business been continuously consolidating during my entire 64 year life? From mom and pop to wallmart to amazon. From libraries and lectures to Google. From social events to Facebook. From the fast moving science of the middle of the last century to..nothing new really, just technology improvements. (A lot of scientists, myself included, think "dark this or that" is curve overfitting to a bad model, and people calling dark gravity dark matter clearly don't get science anyway).

hmmDecember 22, 2017 8:44 PM

"You in the US are still lucky - your SSN is considered a secret and no public databases are linked via the SSN."

... Where did you get that idea, lol?

Dennis MDecember 22, 2017 11:21 PM

This is net neutrality on steroids. Your house keys are now part of the information superhighway crossover. More evidence that NN is the joke that it is.

PhDecember 23, 2017 12:50 AM

Sure, let some profit driven company decide who gets access to your house.
How stupid can this get?
Don't answer that question, it is rhetorical.

AlejandroDecember 23, 2017 6:08 AM

Maybe a few of the commenters here will understand what I am about to say.

When I try to talk up electronic privacy and security, INVARIABLY, (from people who should really, really know better) the response is I am some kind of paranoid nut case.

And, even though they may, sort of, agree that there is too much surveillance, data collection and lack of security they simply dismiss it by saying, "they're all doing it and nothing can be done".

Meanwhile, getting your identity stolen, having to replace yet another credit that was hacked, or paying the ransom to get a device de-crypted is just another fact of electronic life.

They accept total domination and submission and I am the nut who won't.

How do you fight that?

CallMeLateForSupperDecember 23, 2017 9:09 AM

@Alejandro
"They accept total domination and submission and I am the nut who won't.
How do you fight that?"

Why would you try? In this specific case, there is no up-side to "fight and win", because what "they" believe and say affects only them, not you. (Unless you are the personality type that simply *has* to be right and acknowledged as beingright, which is pathological.)

Choose your battles. Know how to give the good fight. Know when to withdraw.

There can be only one.December 23, 2017 1:37 PM

"Why would you try?"

Because a herd marching into the abattoir doesn't end so well for the stragglers either?
We're all roped together.

What one unchecked idiot believes about deregulation can become a problem for all of us if other idiots fall for it. The internet is a marketplace of ideas but it's also a battleground of ideals - And they must fight to the proverbial death!

One stubborn alpha ram has to emerge with only a minor headache to lead the fertile women to sexy safety.

So before you stop arguing with that rando on the internet, remember our very society could be at stake...

Or steak.

Impossibly StupidDecember 23, 2017 3:25 PM

@Douglas Coulter

The point was, at some point, the mere fact that I can't spend more than X will mean no one is willing to buy info with such diluted actual value - especially when they can get it free from the hack of the week dump anyway.

No, you're still just not getting it. It's not your information that directly has value, it's access to you that is being sold. Just getting your email from a hack (or being sold out) has limited value, because you can easily change it or just filter out the spam. Where the real value comes from is your ongoing relationship with Amazon/Google/etc., such that they can guarantee their ad channel will reach you. It just doesn't much matter to them whether or not you're going to buy anything, because you are not their customer.

but at some point it's going to be more than half, and in a shrinking pie world...I think after some shakeups, it's going to change a good bit. At some point, businesses strapped for cash will have to stop paying for data that just isn't worth anything much and can be had essentially free anyway.

That's just not the nature of the economics. Even with diminishing returns, so long as competition exists, it can make sense to keep paying for access even if it means losing money. People are mostly familiar with the idea of selling a "loss leader", but there are also more interesting examples of the math working against rational participants, such as the dollar auction (which is essentially how Google makes so much money).

Why has everything in business been continuously consolidating during my entire 64 year life?

Like I said, because that's where the money is. When you eliminate the middle class, the only thing the big guys can do that still makes sense is to eat each other. You are just the utensil being used to do that.

@Alejandro

When I try to talk up electronic privacy and security

Well there's your problem! Privacy and security are a means to an end. The better approach is talk about the "ends" those people care about rather than the "means" you care about. For this particular issue, I would talk about how ugly my door would look if I had to put a lock on it for every online vendor I shop with, or how it makes more sense to wait until the next version comes out that works for everyone, or even how you don't shop online because you prefer to support the local economy that supports you. The reason people don't care much about privacy and security is that they just aren't thinking on the global scale that these multinational corporations operate, so you have to come at them from a direction their brains are better evolved to understand.

Clive RobinsonDecember 23, 2017 3:59 PM

@ Alejandro,

When I try to talk up electronic privacy and security, INVARIABLY, (from people who should really, really know better) the response is I am some kind of paranoid nut case.

Join the club, I used to get the same treatment here years ago, but apparently "not so much" these days...

The thing is there are two major issues you have to remember,

1, It's a target rich environment for crooks.

2, Few people actually lift their head far enough out of the grove their life has become to see what's coming in at 1 o'clock.

The problem with one avove is that in effect of the near 350million individuals in the US less than 1 in 300,000 get hit on any given day. Many of those are seen as soft targets by crooks so get multiple hits. So the average citizen will only have direct contact with about one person in their wider circle of aquaintences (~150 others) every six to ten years that gets attacked. Even then the person may never mention it as apparently few ever talk about getting "scammed" as they get judged. Thus for average US citizen "where's the problem"...

Even with compulsory reporting were a million or so records get taken that's still less than 0.286% of the population so only a 50:50 chance of somebody in your wider circle of known persons/acquaintances. And again even if you know the name you probably will not make the connection, and they probably won't talk again due to the Shaming process.

@ Bruce,

It might be time you wrote an Op-Ed on why people don't want to talk about having been electronicaly robbed, and why the publicly perceived problem is way way smaller than it actually is. Thus why large corporates etc get away with poor to nonexistent security from say Sony to Equifax as two points in time.

Security SamDecember 23, 2017 4:14 PM

Corporations are in charge of the nation
With their high tech gadgets of temptation
Hiring the politicians for their protection
As artful masters of distortion and deception.

Dusty FrogDecember 23, 2017 5:16 PM

I don't think feudal fragmentation is a problem for digital home. Sure, things are fragmented when new market starts, with multiple players trying to gain market share by pushing proprietary solutions in hope of locking consumers in. But as time goes on and products mature, market players wise up to the advantages of interoperability and standard are agreed on.

Phone chargers were proprietary, but now are standardized. Same is true for great many other products.

peteDecember 23, 2017 10:53 PM

I suggest a simple fix for Amazon Key - have it provide access to a lockbox outside your house. That way the only compromise is the other packages Amazon has left since you last emptied it

Coyne TibbetsDecember 23, 2017 10:55 PM

It will be interesting to see how it plays out when Apple bans Amazon's app from the Apple app store.

Coyne TibbetsDecember 23, 2017 11:37 PM

@Anders You in the US are still lucky - your SSN is considered a secret and no public databases are linked via the SSN.

Ho, ho, ho, hee, hee, hee, haw, haw, haw...!

(Ahem.) Our SSN basically has to be given for any important purpose: getting a loan, getting healthcare, getting utilities, getting a bank account, getting a credit card, getting insurance, buying a car, renting an apartment, paying taxes, going to college or school, and getting employment. That list is not complete but I'm going to stop adding things.

And, yes, use includes public databases: tax databases, Medicare, and of course the Social Security Administration; and then there's drivers licenses, other licenses, identification cards, voter rolls and passports.

I'm guessing that at least 50 organizations know my SSN right now, and it wouldn't surprise me if it was more than a hundred. Or even two hundred. As citizens go, I may be on the low side.

Effectively anything of any significance here is linked by SSN. For a "secret" it is sure open to everyone.

OldFishDecember 25, 2017 11:20 AM

I guess having a small shed with one or more of these goofy locks just for deliveries is a way to get some package security without sacrificing the whole house.

hmmDecember 25, 2017 5:16 PM

I will never understand people who would trust Amazon implicitly because they're big and that's the reason.

hmmDecember 25, 2017 6:40 PM

"I'm guessing that at least 50 organizations know my SSN right now,"

Ask anyone who ever enlisted, that # is everything, forever, everywhere.
Literally stamped in metal around your neck, sometimes even tattooed.

Reams of paperwork sent to your mailbox with it. We should be so lucky!
Once they know it, they have the keys to your life until you change it.
Ever met anyone who successfully got theirs changed? ME NEITHER.

Ask the CEO of lifelock. What did they get him, 12 times?
And he's running a company designed to prevent that!

It's a *show.

NickDecember 26, 2017 4:32 AM

"Free" is a powerful selling word. Gullible people will taken in (as always). They'll give control over their lives to Amazon, or Google, or Apple, or Microsoft, just to get something worth maybe $10 for "free".

There's a market niche here waiting to be occupied.
A few years ago I signed up with a company called Runbox (runbox.com) for paid email service. I'm happy to pay €15/year for email service that isn't controlled by Google or Yahoo or etc.
I cancelled because I didn't like their service, but the annual fee was not the problem. I would still be willing to pay even €20/year for an email service, functionally similar to what Yahoo offers for free, that keeps all information about me private.
(Yes, I know that I can rent a virtual server for about €50/year and load it with Linux and apache and exim and MySQL and Roundcube and run my own email server remotely, but I don't want the hassle of doing it myself, managing backups, upgrades, etc.)

CallMeLateForSupperDecember 27, 2017 9:30 AM

@hmm
"Ask anyone who ever enlisted, that # is everything, forever, everywhere.
Literally stamped in metal around your neck [...]"
I am an "annyone" and I did enlist in the military... a-wayyy back in 1967. At that time, at least USAF (perhaps other branches) issued serial numbers that it generated. Those numbers were neither SSAN nor derived from SSAN. They were of the form "AFdddddddd", where "d" were digits. EIGHT digits. The SSAN has nine digits, of course. Clothing was stamped with the first letter of one's surname plus the last four digits of one's s/n (the custom rubber stamp to do that was also issued).

Only later - sometimes between 1969-1970 - did USAF switch over to SSAN as serial number. I was still "in" at that time and I well remember what a PITA it was to "swallow" the old, issued s/n and instead recite/write my SSAN.

Near NanjingDecember 28, 2017 11:01 PM

One cannot blame large companies for trying to make money. Fighting like wolves, it's a Google eats Amazon world--that is, if you exclude China.

Services are beneficial, right? Here in China, life is easy once you join the crowd and have a dozen interconnected devices. The amount of thought required for living is wonderfully reduced. What a relief that is.

Speaking of which, in America you can also get the news from Amazon. Try the Washington Post. It is not that they hope to control your mind, to get you to like and dislike, to narrow your interests and unfriend others, or put people into little polarized camps that fight each other.

Google and Amazon help build real homes and diverse communities where you will feel that you belong. Your home is not for data vacuuming. Home is for family, and Amazon is like your big elder brother. You'll be wise to open your door wide.

hmmJanuary 2, 2018 7:00 PM

"At that time, at least USAF (perhaps other branches) issued serial numbers that it generated."

Yep, name rank and serial#. I didn't get in until way later. Everything you own, down to your underwear (yes literally) stenciled with your last 4 digits. What do credit companies and everyone else ask for verification? The last 4 digits.

Of course the full number was on the tags and every single paperwork chit.
It's weird, on one hand they pretended to take the secrecy seriously. Yeah right.

Erdem MemisyaziciJanuary 6, 2018 5:13 AM

Of course it will get worse Mr. Schneier.

Just join the consumer party, put everything you own online :)

We have many products we can buy today made with private design practices. Those products receive information from all around the world. We trust those products in cars, showers, hairbrushes (that's a thing), security cameras ...

For the sake of argument let’s go with cooking, are there any online (IoT) chef bots yet?

Moley Robotics is releasing something like that this year. I am sure many other cooking bots are on their way, and one in the future will be the IoT of cooking bots.

This has not been made yet as far as I can Google, but let us assume a hypothetical IoT cooking bot, with ingredients delivered automatically through the door, into the cooking bot, for your eating pleasure! :D

So let us explore, something you will eat, made by a device open to input from the planet. After all, who doesn't want dinner ready by the time you get home, and let us make it the dish that was most popular on your Facebook feed that day. Such WOW!

[Initiate Satan mode]:

Question:

Can one replace vinegar with Drain-O over the Internet, wait for contact with aluminum, fill the kitchen up with hydrogen gas, and blow up the kitchen using the temperature control on the unit?

A Few Further Questions on the Question:



  • Can one hack the ingredient delivery bot on the way?

  • Can one send their own delivery bot with ingredients? How will the chef bot know the difference between vinegar and Drain-O?
  • Are there any controls to prevent the house from burning down? Are those controlled by firmware? Can you flash the firmware? Anything to prevent explosions?
  • Symmetric encryption or asymmetric encryption? A moving counter? A required physical second factor?
  • Wireless enabled?
  • Those questions, and many more I did not think about on the fly here will mark the difference between whether your kitchen is going to burn down, or dinner is going to be ready that evening.

    That is only one scenario, by one guy, randomly browsing your blog online, spending less than 10 minutes on a comment.

    We did not think there was anything wrong with processors optimizing performance until recently ... after quite a while ... somebody pointed that out.

    What are the chances of my kitchen burning down from me driving down to the grocery store with my non-IoT car, picking up ingredients, and cooking the same meal? Considerably less I would say.

    But, to each their own.

    Leave a comment

    Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

    Photo of Bruce Schneier by Per Ervland.

    Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.