Hardware

Smart Device Life Cycles Can Pull the Plug on Security

smart home device control

The use of smart and connected devices promises to make our lives easier, but it might also give their manufacturers greater control over our lives.

One out of three households in the United States with broadband connections owns at least one smart home device, and interactive security systems that allow remote connection and control capabilities are installed in 20 percent of these households, research firm Park Associates reports.

Some companies offering smart devices, including Google, Belkin, and Best Buy, have killed off their smart device product lines without warning, leaving consumers in the lurch.

That leads to what Natasha Tusikov, an assistant professor at Canada’s York University, calls “regulation through bricking.” This is when manufacturers deliberately impair or destroy software “with the intention of negatively affecting product functionality.”

Such bricking reshapes the governance of physical products because the manufacturers can “arbitrarily and remotely affect the functionality of any software-enabled device and even determine the product’s lifespan,” Tusikov stated.

It also gives the companies “an unfair capacity to impose their preferred policies unilaterally, automatically and remotely. Through their software, IoT products remain connected…to their manufacturers, [which] lets companies…wield significant post-purchase control over the software,” Tusikov said.

Hardley Any Choice

For example, Google last year shut down its Works with Nest program that let third-party manufacturers offer products that worked with its Nest family of connected devices. This was a prelude to launching a full-court press into the connected home market on the back of Google Assistant. Third parties, in essence, either had to transition their products to work with Google Assistant or stop working with Google.

Consumers who had purchased smart or connected products made by third parties that belonged to the Works with Nest program were left with the specter of owning a house full of bricks, as Jason Perlow recounted in ZDNet.

“There are quite a few products out there that were designed for Works with Nest, which includes Philips Hue smart lights, Chamberlain smart garage doors, and Wemo smart plugs — all of which I currently have in my house,” Perlow wrote.

“That also includes Amazon Alexa — which seems to be given special dispensation, at least for now. But yes, Google could decide to pull the plug on it at any time since it has its intelligent speaker product, Google Home, instead.”

Companies can further force customers to accept certain product features and determine how goods are used, Tusikov noted. This is all enabled under the companies’ end-user licensing agreements, but people “tend not to read corporate policies and may not even be aware of the rules that govern their use of IoT products.”

Further, companies “have considerable latitude in crafting their policies and reserve the right to change the terms of their licensing agreements without notice to the user,” she said.

Consequences of Surveillance and Security

Surveillance “is a business model and a regulatory mechanism” for IoT device manufacturers, Tusikov said. These devices communicate daily with the manufacturers’ servers, or even multiple times a day, harvesting staggering amounts of data about their owners.

The increasing use of voice assistant technology such as Google Voice, Apple’s Siri and Amazon’s Alexa in connected devices further enhances their surveillance capabilities. All three technologies are always listening and can be activated accidentally quite easily through the use of random phrases.

“Consumers need to be aware that anything connected to the Internet will share some or all of their information back to the home organizations for analysis, improvements, or other needs,” James McQuiggan, security awareness advocate with cybersecurity awareness training firm KnowBe4, told TechNewsWorld.

“The threat to security from these always-listening devices is real,” warned Gurucul CEO Saryu Nayyar. “There are many potential attacks against these systems, not to mention the overwhelming privacy implications.” However, the risk is small for the average consumer because “you’re just not that important.”

To date, most hacks of connected devices have been relatively minor, although terrifying to the victims — such as hacking into a baby monitor.

That said, “In a world where people are constantly finding vulnerabilities in products, you need a vendor that’s responsive to security issues,” Tyler Reguly, manager of security research and development at cybersecurity firm Tripwire, told TechNewsWorld.

Still, the risk is “certainly no more than smart TVs, video game consoles, and the plethora of other devices we all have in our homes.”

Do Manufacturers Really Care?

Product lines slated for termination do pose a security threat to existing users if vulnerabilities are discovered in them prior to the termination date.

“We’ve reported security vulnerabilities to several larger manufacturers, and their final response is they’re not going to fix the issues because they plan to stop making the product,” Lamar Bailey, Tripwire’s senior director of security research, told TechNewsWorld.

The relentless march of technology has put consumers in a bind. Smart and connected device technologies make our lives easier, but the bill for that ease is still largely unknown.

Adhikari Richard

Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology. Email Richard.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels