Internet of Things: What could go wrong?

Two weeks ago I reviewed security cameras and the Ring video doorbell, all products in the category called Internet of Things (IoT) that connect to the cloud through your WiFi network. While they provide useful benefits, they can also bring some risks.

That became evident for many of those using a Nest connected thermostat, one of the first and most successful of IoT products.  It’s designed to use the cloud and your WiFi to reduce home heating and cooling costs by controlling the temperature, based on your living patterns, the weather, and whether you are home or away.

When Nest sent out an automatic software update in December, it contained a bug that caused some units to stop working, shutting off the heating systems of thousands of customers. Users reported that their temperatures plummeted, and they had no way to turn on their heat.

The same company, Nest Labs, also had an issue with its connected $129 Protect smoke detector. One of its features, called Nest Wave, is designed to let you wave your hand to silence the alarm; unintentionally it also prevented the alarm from working.

In a third example, it was discovered that the Ring doorbell that I wrote about had a vulnerability that could let someone tap into your WiFi network without authorization. It required the person to remove the Ring from the wall and press a hidden button.

These new IoT products claim to save money, save time, add convenience and/or make us safer, so it’s very tempting to buy these devices and just assume they will just work as promised. After all, none of us would assume a conventional thermostat or doorbell would not be reliable.

But if Nest Labs, a company Google bought for $3.1 billion, has these problems, imagine the possible vulnerabilities in products coming from tiny startup companies that don’t have similar resources, discipline or financial strength.

Few of us really consider the downside of these devices, and assume the manufacturers have adequately tested their products. But from my experience developing many products over the years, involving both hardware and software, some of the problems are discovered only after thousands of products are put in the hands of customers in a wide variety of environments, and other companies don’t have the knowledge to do adequate testing in the first place.

With all sorts of companies jumping on the IoT bandwagon, it’s important to be very skeptical and not to accept a new technical solution without first considering the consequences if it should have a glitch.

Just imagine what could go wrong with connected devices that turn on your oven before you arrive home, start your car by itself, automatically fill your pool, or remotely unlock your door. When you buy a product so vital, like the Nest, you need to understand whether the product has a safe mode that maintains its functionality in the event the software crashes or the battery runs out.

IoT devices also can provide more ways for others to access your network. We really don’t know how secure these devices are or how easily they can be compromised. And if that were not enough, you are providing access to these companies about when you are home, what you are doing and what you are saying, although so far there are few indications that your privacy is being compromised.

But as more companies come out with new devices, be sure the benefits are important enough to endure the risks of failure and a risk to your privacy. Now, more than ever, let the buyer beware!

by Phil Baker