Your light bulbs need a system administrator

21 Feb 2019

The 1950s Home of the Future has arrived. You can control your home lights, furnace, refrigerator, washer, security system, everything with a smart phone.

Sounds great except all of these networked appliances leak data either by accident or by design, and require you to be their system administrator, keeping their firmware updated like your laptop and smart phone. And after all that, the device might just stop working if the manufacturer stops supporting it.

You’re now the system administrator for a bunch of fiddly gadgets

Anything that connects to the internet has some sort of network software installed. Hackers search for weaknesses in network software so they can break in and steal your data or use your smart appliance to DDOS1 other websites. It’s a Red Queen race: the software developers fix exploits in the networking software and hackers try to find ways to exploit the new fixes.

Because your smart refrigerator, washer, light bulbs, and coffee cup connect to the internet, they connect to every hacker and bored teenager with a computer and internet access.

I don’t mind system administration: I administer a virtual server hosting my websites including this blog. Russian and Dutch hackers trying to log into my server 17 times per second? No problem. I’ll just set up the IPtables firewall. When I rented a virtual server I understood it’s my job to keep the bad guys out. It’s a part-time job and kind of fun.

Yet I have no desire to keep the bad guys out of a bunch of internet-connected smart appliances in my home. And I’m certainly not going to be a system administrator for my home’s light bulbs.

Networked devices leak data

Even if you carefully install all security software updates and change the password from the factory default you can still get hacked. One homeowner stored his home security system’s passwords in a third party password manager which got hacked. Hackers broke into his security system and announced through its speaker that nuclear war has started. Did these hackers watch the family through the security cameras? The family will never know.

Parts of your home may stop working

The Revolvy smart home hub stopped working after the company was acquired by Nest. One Revolvy user wrote:

On May 15th, my house will stop working. My landscape lighting will stop turning on and off, my security lights will stop reacting to motion, and my home made vacation burglar deterrent will stop working. This is a conscious intentional decision by Google/Nest. Which hardware will Google choose to intentionally brick next?

The Internet of Things is made of smart2 devices with dubious benefits but concrete disadvantages. They leak data. They require security updates. They stop working if the server they talk to is taken offline.

  1. A distributed denial-of-service attack uses swarms of hacked devices to flood a website with requests, knocking it offline. 

  2. Strange how smart objects require constant care and administration compared to dumb objects.