Comments

TatütataFebruary 9, 2018 8:21 AM

The German satirical show "Extra 3" did a sketch called "Familie: Leben mit Sprachassistenten" about a family living the connected life.

As the boxes begin to make observations and suggestions on the sex life of mom and dad, or call the police when the daughter is caught with a join, things become worrisome.

Quickly the members of the family try to regain control, like Dave and HAL9000. But Siree, Alexa, Cortina, Gurgle assistant, Singsong Bixby, and the IoT can opener conspire and regain control in the end.

IonFebruary 9, 2018 8:25 AM

Because my third party xmas lights don't play well with Alexa it's proof that 1. Alexa is not working 2. The sky is falling and going to the outhouse in the woods was the better way to do things.

VinnyGFebruary 9, 2018 8:59 AM

First, kudos to Kasmir Hill. The article is excellently written - one of the best I've read on the web. Horrifying, and yet amusing, in a sardonic "The Truman Show" sort of way... My only nit is that I would like to have seen a little bit more information on the type and strength on encryption used (not attempts to break it,) but even that might have lessened the impact on their target audience. Several of the complaints were about the failure of the IoT components to play together nicely - from a privacy point of view, I see that as a feature, not a bug. Unfortunately, that issue will probably be resolved before much longer. Then all of the data will be in one place, encrypted with a single "ash nazg" key, potentially available to any government or private sector predator who wishes to make use of it.

TatütataFebruary 9, 2018 9:18 AM

Interesting article. These devices are pretty much what I expected.

25 million smart speakers were sold last year alone

I have yet to see one of them dissected, but I haven't looked for this either. I would be curious how much computing oomph is included in the devices.

There is obviously a serious amount of accumulated computing power. That's something which could be harnessed for stuff like currency mining... Could that be an explanation for the idle traffic? Measuring the current drawn from the power adapter could be interesting.

Other "connected family" videos:


Überwachung durch smarte Elektrogeräte (Surveillance through connected devices)

Leben im Smart Home und Internet der Dinge (Living in a smart home with IoT)

Immer erreichbar (always reachable)

Leben ohne Smartphone (Living without a smart phone)

David WilsonFebruary 9, 2018 10:24 AM

“It deletes the video after two days,”

Heh, never believe something that says, "oh we'll eventually delete all this."

PeteFebruary 9, 2018 10:26 AM

Any device that must contact the internet to perform basic functions that have ZERO to do with being connected to the internet are of no interest.

I need to make a little "home-safe" device that firewalls all external access for unknown devices and shows weekly reports on the attempts to get out. Over time, those attempts would make a nice little DB so that fine grained control over what each of these IoT thingies are allowed to do can be setup. Worth $500 + a $50/yr subscription to anyone?

CallMeLateForSupperFebruary 9, 2018 11:14 AM

"The Internet of Shit Twitter account is right. Smart homes are dumb."

Yes, Grasshopper. Now that the scales have fallen from your eyes, disconnect.

The very next words, though, are very disturbing... and telling:

"But the truth is that my house will remain smart, just like yours may be. Almost every TV on the market now is connected—because otherwise how do you Netflix and chill?—[...]"

Um... DVD?

I do like this:

"If homes become sentient, and it becomes the norm that activity in them is captured, measured, and used to profile us, all of the anxiety you currently feel about being tracked online is going to move into your living room."

Somebody... run it on a billboard in Times Square for a few years.

Petre PeterFebruary 9, 2018 11:23 AM

I had to download 14 different apps to my phone to control everything which meant creating a account for each hone of those apps.

Remember! The Hidden Battles to Collect Your Data and Control Your World

There seems to be no choice here since living in the forests is not really an option if my concern is control - the elements control the forests not quite sure who controls the home. Is it still my home if I am not in control of its devices who ask for Power promising me control?

TatütataFebruary 9, 2018 11:25 AM

I need to make a little "home-safe" device that firewalls all external access for unknown devices and shows weekly reports on the attempts to get out. Over time, those attempts would make a nice little DB so that fine grained control over what each of these IoT thingies are allowed to do can be setup.

Just RTFM for your firewall/router. That's what they're made for. Many of them offer precisely what you describe, with access control and filtering based on IP and/or MAC address, and will syslog stray packets either on board, or to a daemon running somewhere on your LAN.

Worth $500 + a $50/yr subscription to anyone?

Not really, see above.

And LAN based WAN control isn't even sufficient. These devices needn't communicate only through your LAN/WAN setup, they can just as well intermittently transmit on a different channel to that van parked in the street, with the vast majority of users never noticing anything.

Speaking of money, if one of these guys steal 10W from your outlet to do their own "stuff", that would still amount to only ~25€/y of juice at the not unheard-of exorbitant rate of 0,30€/kwh. Not many people would notice either.

JimFebruary 9, 2018 12:26 PM

Some thoughts:

It is astounding that the industry has convinced so many people to include these vulnerabilities to privacy in their lives.
--> "Getting a smart home means that everyone who lives or comes inside it is part of your personal panopticon."

It's a whole lot more trouble to get all of those "smarts" to work correctly than to simply turn things on and off the old-fashioned way.
--> "Sometimes we would keep rephrasing the question until she got it, but more often, one of us would just get up, walk to the kitchen and press the button on the coffeemaker rather than doing it the 'smart' way."

If your point in having "smart" stuff is to save power, realize that all of the "smarts" consume a lot of power.

Anyone listening in will be able to tell if you are out of town - in case they want to rob your house.
-->"The funniest 'conversation' that happened over the two months was a week in January when Kashmir was out of town. I could tell the house was empty because the amount of data being sent out slowed"

The manufacturer of the coffee machine couldn't answer basic questions about the "smarts" in their coffee maker - they had to check with the third-party company that put the smarts in the coffee maker. Yet more levels of bureaucracy to keep the consumer from being able to figure out the whole thing. Less control over your own life.

(required)February 9, 2018 12:27 PM

"By letting private companies and other interested parties bid on your waste profile, smart pipe is available at no cost to users."

Pretty spot on.

Clive RobinsonFebruary 9, 2018 12:42 PM

Any one else notice how easy it was to spot the family were away?

I have no Smart devices in my home and do not have the Internet anyway. The other day whilst travelling through a London Terminus I was accosted by a twenty something about having a Smart Meter installed. Rather than give my normal look that frightens even rabid dogs, I thought "I'll have fun with this one".

To cut a long story short the twenty something could not get over the fact that I appeared to be a Digital Ludite with no Tech in the place but knew all the technical jargon without any issue. It appeared to cause the twenty something some degree of cognative dissonance that a walking talking breathing individual would not be totaly and utterly captivated about the idea of knowing to the nearest mW/S what each electrical device in my home used and why I would not instantly want it sent to my phone as a three dee graph (waterfall graph to us technical Ludites).

So I decided to help the twenty something get over the cognitive dissonance, and told them in minute detail just what a Smart Meter could say about you, your activities and the likely hood they would be burgled, have your car stolen or even be mugged outside your front door.

As I got into the details the twenty something developed that thousand mile stare that small furry creatures get in the road at night moments before they become a retred on an eighteen wheelers front tyre.

Mission acomplished I went chearfully on my way, as for the twenty something, I suspect chearfull was not even on let alone close to the top of their emotions list...

K.S.February 9, 2018 1:24 PM

"But the truth is that my house will remain smart, just like yours may be. Almost every TV on the market now is connected—because otherwise how do you Netflix and chill?"

This is fallout from app-ization of the web. Over time people fail to understand that you can connect with a client of your choosing and don't have to use ones forced on you by connected appliances, like smart TVs.

As to direct answer - never connect your TV to the internet, instead use HDMI cable and connect it to a general computing device, like a computer that you control.

AnonFebruary 9, 2018 8:20 PM

I'm sure my electricity provider broke the law in making it appear that I *must* have a Smart Meter installed.

When I started explaining the problems with "smart meters" and how it is one great big con, I thought I was going to find I had been disconnected.

They didn't like it when I pointed out that the smart meter would not only exceed the standby current of my portable radio many times (in terms of power use), but contribute to increased power usage to the tune of mega-watts on a country-wide scale, and how it is hardly good for reducing energy consumption.

This obsession with "collect it all" data by these companies is nothing short of a psychiatric disorder.

"Just because you can, doesn't mean you should."

Clive RobinsonFebruary 10, 2018 3:54 AM

@ Anon,

I'm sure my electricity provider broke the law in making it appear that I *must* have a Smart Meter installed.

It depends on which jurisdiction you live in.

Put simply one of the more expensive parts of an energy providers operational costs is "billing". Traditionaly a "meter reader" would come to your home and look under the stairs into the utility cupboard with a flash light / tourch and note the reading in a little book. This book would then get read by somebody else and entered into a manual accounting system out of which a bill would at some point be sent to you. Then you would go to their shop or local Post Office and push cash across the counter, and get given a recipt...

A manually intensive proces that over the last 40years or so has been automated and people laid off and replaced by computers of some form.

The "meter reader" was the last part of the process not to be automated.

When "smart meters" were first talked about the utility companies moaned about the 300-500 $/£/€ cost per house, and baulked at getting involved. The smart meter manufactures, talked up "the green aspect" to Politico's many of whom had a CO2 problem. Thus Smart Meters became the "punitive charging" method of choice to deter energy usage, thus "carbon footprint".

The utilities and their shareholders hate the political CO2 issue because it means reducing the amount of product they sell thus their potential profits in several ways.

What sold it to many utilities was the "hidden promise" of "instant tarrifs" basically variable rate charging to "balance load" but in reality squeeze even more profit out of home consumers. But they still baulked and thus the utilities held their hand out to the politicians and dug their heals in.

The results vairied from place to place. Some went down the subsidie route others the legislative route. Either way the utilities and their share holders salivate at the idea of "instant tariffs" that they control for their benifit. Which also has the side effect of not just less investment in infrastructure but also less maintenance... So no upside for the consumer...

Thus the "legality" depends on legislation in your jurisdiction.

However... there are almost always loop holes which the utilities will try to drive a bus through. But... they can also work for a consumer.

For a number of reasons my home is in no way Smart Meter friendly. For various "Technical Safety" reasons, no smart meter will work inside my home, or in most cases on my property. Thus even if the government enacts the legislation it will not do the utilities any favours in my case... I suspect the politico's can see what a disaster politically compulsory smart meters will be, further due to their own stupidity they don't have the 2-5billion required to "pay off" the utilities...

Oh and in Europe there has been a grinding halt due to new Personal Data Protection legislation. It appears there are no --cheap-- smart meters that meet the requirments sufficiently well that any one is going to risk what the EU Court might decide...

VinnyGFebruary 10, 2018 9:58 AM

@Clive re: meatware meter readers - In the US, electric power utilities began the practice of billing based on estimated usage quite a few years ago. I wasn't too pleased a the time, but for those who draw power on a fairly consistent basis (most households, I would presume) it works fairly well. The customer has the option to request that his or her meter be read manually. There are regulations in some states limiting how many consecutive estimated bills may be issued to a customer. I suppose for someone living paycheck to paycheck, a grossly overestimated bill could pose a cash flow problem. I should also mention that allowing someone (typically a not-extremely-well-compensated employee of the utility's low-bid contractor) unquestioned access to your property for the nominal purpose of reading your electric meter also incurs a security and privacy risk. Some of those of those folks have been found to be running side businesses providing information to cops and/or criminals, depending on the going rate...

TatütataFebruary 10, 2018 10:59 AM

One issue I have with "smart meters" is that many of them include a kill switch, allowing the utility to remotely cut service.

A long time ago a friend was going through bereavement, and unbeknown to me, hadn't paid his power bill for several months -- among other things. One morning at 7AM sharp the utility guy stood at the door, and was going to cut off service unless the dough was ponied up at once. The friend called me for help, and about 21 seconds later I found myself still asleep on my bike hurrying to an ATM to withdraw a largish sum.

If one of those "smart meters" had been installed, the situation would have been downright dire, as losing power for a few days or even weeks would have IMO many consequences.

That kill relay is also a vulnerability. I was going to elaborate, but upon verification I see that this topic was already exhaustively treated here back in 2010. [I was actually looking for a reference to the crappy crypto, to buttress the next point I was planning to develop, but, meh].

Some designers apparently don't understand the Nyquist criterion, or common-mode rejection either, with many meters recording absolute crap under non-sinusoidal loads.

It wasn't that costly to send someone around. The reader would probably report when something was amiss, like fallen tree limbs and suchlike. At remote places, or for some indoor meters, the actual reading was done something like once a year, and estimated bills were sent in the meantime. Another technique was self-recording postcards, with the customer jotting down the position of the needles on US-style meters. Even if there was a bit of fibbing, the result will eventually be corrected. And when a change of tenant occured, the utility company would just ask the customer to read out the meter over the phone.

An hypothesis of mine is that the smart meters bring a one-off gain because of their higher accuracy (Notwithstanding the waveshape problem, which is to the detriment of the customer anyway). Ferranti-type meters apparently tend to slow down over time due to wear, which on the average advantages the customer. The accuracy and calibration requirements vary widely from country to country, but are generally in the single percent range. Electronic meters advertise accuracies of about 0,1%, IIRC. I have researched this a bit, but my initial results are inconclusive, and more effort would be required.

Another issue is that the utilities haven't really figured out yet what to do with the smart meters on a system level. Much has been touted of the smart network with distributed power generation close to consumption, but this is actually a threat to the old operators with their big, fat, out-of-town, coal-fired plants and the constant base load they need. (Electric home appliances were advertised by the utilities beginning in the 1920s essentially as a means to smooth the load over the day, including nonsensical electrical heating).

For the "instant tariff", look up Enron and California circa y2k...

About legality, one utility I know of tends to treat all accounts under your name as a pool. If there is a problem with your country home, they can blackmail your city account to force you to cough up the money and discuss later.

Security SamFebruary 10, 2018 11:23 AM

If you're not astute enough
To realize a smart home
Makes the owner a dope
Then you rightfully become
The butt of a joke.

Alyer Babtu February 10, 2018 7:56 PM

@Tatütata

Thanks for the links to the amusing videos!

In “Leben ohne Smartphone”, when the protagonist is in the cinema, the opening curtains for a moment create a frame just like a smartphone screen. Is there a subtext here ?

Are we being watched in movies ? Or, is there a suggestion that all artificial, technically intrusive forms are the same, a smartphone experience, present even without smartphones, and we might be better off in every case meeting and conversing with people in their actual presence (e.g., read a play together) as the other parts of the sketch depict and hint at.

PanopticlutzFebruary 10, 2018 9:32 PM

@Security Sam

There was once an oblivious tech head.
In every aspect of life he injected
hard-coded credentials
not knowing of pencils
his shames savored by all those connected.

Clive RobinsonFebruary 11, 2018 12:23 PM

@ VinnyG,

In the US, electric power utilities began the practice of billing based on estimated usage quite a few years ago.

Yes they did in the UK as well, and put in place "front loading"... That is they would over estimate the bill insist on payment before they would change it down to the meter reading you had taken, then adjust the next estimate or the one after or over the next three etc (different operators tried different tricks) thus they could have the equivalent of a 2-500USD equivalent loan out of every home that did not kick up a real fuss.

Eventually the usually supine regulator (stuffed with rotating door industry bodies) got to the point the bad press and polticians questions forced them to act and thus had to mildly repremand the industry a few times before issuing small fines to the ones that had a major owning in a foreign country...

The list of extortion tricks they tried was immense and they were and still are getting away with ripping customers of one way or another...

Security SamFebruary 11, 2018 4:31 PM

@Panopticlutz

The high tech gods of virtual automation
Are feeding naive consumers hallucination
With their intricate gadgets of temptation
That create more hazards than protection.

PanopticlutzFebruary 11, 2018 10:48 PM

@Sam

Golf clap. We can't rightly stop now..

There once was a business from the webs
which made fortunes selling secrets of plebs
though pure corporate malfeasance
with all promised convenience
they forced all IT managers onto meds

CallMeLateForSupperFebruary 13, 2018 9:45 AM

"In the US, electric power utilities began the practice of billing based on estimated usage quite a few years ago."

Where I live it's the gas company (NYSEG) that offends. For decades, it has estimated every other month, and that really chaps my b**t. A 12-month bar chart printed on each of my 30+ years of bills shows alternating very short bars & very tall bars. Because my water heater is the only gas eater *and* I keep its thermostat turned low (one can shower with only "hot" water, no "hot/cold" mixing), my consumption is pretty consistent throughout the year. Nevertheless, the estimated consumption has been sky-high every other month for 30+ years. Natural gas is expensive here. What a racket.

On the other hand, I have municipal electric power; 90+ percent of the mix is hydro. Those are two reasons why my power is very cheap[1]. Meter has always been read monthly, never estimated. But there's a weirdness even here (though in my favor). The "town boys" came 'round two years ago to replace my traditional electric meter with the new-fangled "smart" thingie. I expected the rate - and my bills - to increase. They did not. Then, last summer I noted that my KWH usage (as billed) FELL significantly. It remains "in the weeds" to the present. I can find no plausible explanation(s). (I secretly hope that the root cause is a seriously malfunctioning "smart" meter.)


[1] Last month's bill was $8.85 for 89 KWH, or about 10-cents/KWH. Contrast that with the 5-cents/KWH that my dad paid in the late 1950's.

wutFebruary 15, 2018 6:22 AM

"But the truth is that my house will remain smart, just like yours may be."

First of all, why, after learning all of this, would you still cave?

Second of all, no, my home isn't going to be retarded, thank you!

"Almost every TV on the market now is connected..."

Yeah, only if and after you configure it to connect to your network. It's not like these TVs sploit your WiFi password automatically, it's up to you to decide to "connect" your TV. Nobody is forcing you to do this step in configuration.

"...because otherwise how do you Netflix and chill?"

Really? Friggin' REALLY? The writer of this statement is married, I thought the whole "cave to modern technology or die alone and childless" problem wouldn't apply to her, unless her husband's impotent.

This is just plain weakness. You can live without Netflix. Jesus Christ, some people!

JimFebruary 21, 2018 2:03 PM

"But the truth is that my house will remain smart, just like yours may be. Almost every TV on the market now is connected—because otherwise how do you Netflix and chill?—[...]"

The way we do Netflix on the big TV is, we get it going on our laptop, then plug the big TV into the laptop as an external monitor. And we have a wireless keyboard and mouse, which means that we can do everything without having to get up from the sofa.

The only device which is connected is the computer, not the TV. So we are a lot more secure than the person who brings up Netflix directly on the smart TV.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.