I Told You So Part 20421 (Home Automation/Security)
The Market Ticker - Commentary on The Capital Markets
Logging in or registering will improve your experience here
Main Navigation
Display list of topics
Sarah's Resources You Should See
Sarah's Blog Buy Sarah's Pictures
Full-Text Search & Archives
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-06-24 12:11 by Karl Denninger
in Technology , 98 references Ignore this thread
I Told You So Part 20421 (Home Automation/Security)
[Comments enabled]

This is the exact sort of scenario that HomeDaemon-MCP prevents by design.

One woman had turned on her air-conditioner, but said it then switched off without her touching it. Another said the code numbers of the digital lock at her front door changed every day and she could not figure out why. Still another told an abuse help line that she kept hearing the doorbell ring, but no one was there.

Their stories are part of a new pattern of behavior in domestic abuse cases tied to the rise of smart home technology. Internet-connected locks, speakers, thermostats, lights and cameras that have been marketed as the newest conveniences are now also being used as a means for harassment, monitoring, revenge and control.

There is no clean answer to this for anything "cloud connected" where the putative buyer retains control via some link to the purchase through said cloud connection.

The issue is even worse than a "hacker" in that the person in question doing it has the full assistance of the company that made the damn thing in harassing you or worse.

Yet a non-cloud based system, such as HomeDaemon-MCP, is utterly immune to this.

If you have administrative access you sign into the unit, change the password on the admin account (to prevent setting up another account), then change your user password.  Access to the other instances signed in is instantly revoked and so is access to everything behind HomeDaemon-MCP at the same time -- your thermostat, lights, locks and cameras.

If the person in question is the only one with the admin password and won't give it to you then it's trivially easy to take the SD card out of the unit and either reset the account that way, or if you don't know how, to ask someone to help you -- which you will only have to do once.

Having done that there's no back door way back in since there is no "cloud" to come back in through.

Try this in a typical "cloud-connected home" and you wind up having to screw with a dozen or more discrete things and if they're interconnected via the cloud then just one that's missed can let the harasser back into the rest of them!

Last night while waiting for Jurassic Park to start in the theater I was treated to a commercial for such a cloud-connected vision from a major company.  I about threw up right then and there in my seat as the obvious means by which you can be screwed with or worse were immediately and instantly apparent to me, and the "convenience" factor over the alternative of not cloud-connecting such a set of capability was virtually zero.

Again faux convenience has been sold when it actually is dumb and ought to be a matter of liability -- both from an insurance perspective and, when criminal law (e.g. harassment) is implicated as accessories before the fact as well.

Of course the latter will never be enforced against the tech giants but the former is another matter.  Insurance-related issues are real and they ought to get a lot more real.  We're already seeing some of this with cars, where the very capability I pointed out a few years ago with "no push" entry and start, which makes silent intrusion and theft of said vehicle trivially easy, is showing up in theft rates and insurance premiums.

It gets even worse if there's a microphone -- or camera -- involved.  For the latter to be "cloud-connected" is an absolute disaster as that's a flat-out spying device if abused, and the former might even be worse since interception of your conversations in your own home is probably second only to someone getting video of you walking around naked in your bathroom.

You can see how HomeDaemon-MCP prevents and mitigates these problems right here; click all the little houses on the left for each point, and why it matters to you.

Then, if you're of the entrepreneurial sort, make contact.  The package is for sale -- lock, stock and barrel -- and you can be firm that resolves these issues once and for all (making a hell of a lot of money in the process.)

Go to responses (registration required to post)
 

 
Comments.......
User: Not logged on
Login Register Top Blog Top Blog Topics FAQ
User Info I Told You So Part 20421 (Home Automation/Security) in forum [Market-Ticker]
Lobo
Posts: 480
Incept: 2013-12-25

Report This As A Bad Post Add To Your Ignored User List
I wonder if Subaru has ensured that their new vehicle systems are secure...

Quote:
While every new Forester comes with Subaru's EyeSight driver assistance features, the Touring spec debuts the DriverFocus fatigue and distraction alert. In unison with EyeSight, DriverFocus uses facial recognition software to monitor signs of fatigue or distraction on up to five different drivers, and it remembers each driver's seat, climate control and infotainment presets. The 2019 Forester hits dealers later this year.


https://www.autoblog.com/2018/03/28/2019....
If a hacker can gain control while the vehicle is in motion, can they change the seat position to as close to the wheel as it can get (for a tall person) or as far from the wheel as it can get (for a small person)?

----------
Village Idiot
Tickerguy
Posts: 153486
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Those systems are ridiculously scary if penetrated and quite hard to do right.

I bet they're not done right.

----------
Winding it down.
Thelazer
Posts: 152
Incept: 2009-05-11

Davenport, Fl
Report This As A Bad Post Add To Your Ignored User List
Are you able to interface it with some of the newer smoke / carbon alarm detectors that use a wifi connection to non-wire ones?

Tickerguy
Posts: 153486
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
There are Z-Wave CO/Smoke detectors; it will talk to them native without any interfacing as it knows the various alarm "types" and CO and Smoke are two that are explicitly defined.

https://www.gokeyless.com/product/first-....

I would be particularly careful with the WiFi ones as they are potentially vulnerable to having "fun stuff" in their firmware, as they're designed to "phone home" to talk to some cloud resource. I can't come up with a good reason to buy them, especially given that you can get these which are reasonably-priced and integrate cleanly.

Most of the WiFi ones I've seen are double the price and you get all the potential security issues at no extra charge! smiley

BTW since this is a SENSOR (not a control point) there's no particular reason for you to worry about encryption or similar, since the worst that could be done to you is harassment (e.g. duplicating an apparent message that there is smoke when there is not), and to do it you have to get within RF range (100' or so from your residence) and then send a spoofed message. This is not impossible by any means but it is of limited value and locating the bad guy's gear would not be very hard (due to that limited range) if someone was to do it.

Indeed this sort of device is exactly the type of unit where you really don't want much in the way of capability or brains. Encrypted operation would be nice (although the current units I've seen don't support it) just to reduce harassment risk, but there's utterly no reason to put any sort of CPU firepower in a smoke detector -- that's just begging for trouble as there's utterly zero legitimate reason for it to process anything -- it just alerts on the presence of smoke (or CO)

----------
Winding it down.

Rufust445
Posts: 769
Incept: 2007-08-11

Emerald City
Report This As A Bad Post Add To Your Ignored User List
Some 64 years ago, this Warner Bros. short feature was prescient:

https://video.search.yahoo.com/search/vi....

----------
"The stock market isn't bullish, it's bull$hit." -- Alan King
Tickerguy
Posts: 153486
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Yep...

----------
Winding it down.
Login Register Top Blog Top Blog Topics FAQ