Secure IoTs? Depends on what you mean by that. Standards like Z-Wave and Zigbee are already somewhat safer from remote tampering than WiFi-enabled devices since they operate on their own network. Hacking into them remotely or making them send data to a 3rd party involves hacking the central controller (if that controller even is connected to the Internet, though it often is). Certainly possible but it's a considerable extra hurdle. The networks themselves are fairly easy to hack, though the new version of Z-Wave adds encryption to make that a great deal harder.
For the rest, it comes down to selecting what data to share with whom, when, and what risk you deem acceptable when sharing. And if you're worried about the CIA and their pals, don't do anything in the cloud, access your stuff via encrypted VPN or forego remote access completely and create an air gap between your smart home stuff and the LAN.
The real problem with the IoT is that everyone and their brother is trying to be the One True Provider of All Home Automation, and they want to do it in the cloud so they can charge you for integrating with everyone else's clouds. Nest has the whole Nest-Certified thing, running in the cloud. Samsung has the Samsung Smart Home, running your washers, dryers, and air conditioners in their cloud. AssureLink will happily run your garage door openers in their cloud. Honeywell has their thermostat system, in their cloud. Rheem has their EcoNet for running hot water heaters, in their cloud. LG has a cloud service for their TVs. Schlage has a cloud for running door locks. D-Link has a cloud for viewing their security cameras. Fitbit cloud-enables your health data. Philips' cloud runs your Hue lights. And so on.
Cloud solves some thorny problems. It enables easier configuration of the home user's environment by removing most of the barriers, which is critical to commercial success. Ordinary people don't know they need to poke a hole in their firewalls, and they also know they don't want to know all those technical details. But they still want to remotely access their IoThings from their iPhones. Having the IoThings phone home to the cloud means there's a central point to discover and communicate with them, making the consumer's installation woes less painful - ease of use is critical to driving sales. And the cloud can back up those configurations, allowing you to replace your old device 1.0 with new device 2.0, all without pain.
Clouds can also improve end user security - from a certain kind of threat. If your home device is connecting to the cloud and never listening for input on its own, its attack surface is much smaller than if it has opened a port on your firewall. And when your home device needs a security patch, the cloud can push it. Obviously, that means your home devices place their trust in the cloud to be secure, which is the point of TFA.
But the main problem cloud solves is that clouds provide an ongoing "service" for which the device provider can charge $9.99/month. And it's all about the continual extraction of money from the consumers. Why sell an overpriced sprinkler system only once when you can have that wealthy sprinkler system owner send your cloud service a check every single month? That's really why everyone wants to be the company that sells you the One True System, so they are the ones you're willing to pay on a monthly basis.
What I want (and have) is a server in my house that handles the home automation communications and executes rules without requiring a cloud. Unfortunately, most of the commercial hubs come needlessly saddled with clouds. There is no technical reason for an Iris hub or a Wink hub to connect to a cloud, yet they do. Amazon Echo runs everything to the cloud, including your voice. Better systems make the cloud optional.
There are also better choices on the horizon. OpenHAB is making great progress on providing an open source Java package that can handle a wide variety of home automation devices; GUI control is getting there, but setup and configuration is still a complex problem that's out of reach of the average homeowner.
OpenHAB is one option, with a Z-Wave/Zigbee USB stick it might be able to replace a SmartThings/Nest kind of set up - if you don't mind a lot of work getting it all working (kinda like using Linux in the early days)
Also look for devices that don't need the cloud but use it for additional features. Philips Hue lights talk to a hub that does talk to the cloud for remote control, but that hub has a simple REST API for local control. If you wanted to, you could block the hub from talking to the internet and use
Yeah, I looked at OpenHAB for a while, but their grandly named "OpenHAB Designer" turned out to be nothing more a copy of Eclipse running a text editor to modify the necessary half-dozen configuration files and check them for syntax errors. It is definitely not ready for an advanced installation professional, let alone the average homeowner.
I've had great luck so far with Vera (getvera.com). It can use the cloud if you let it, but everything is configured and run locally. Configuration is not quite plugT
Very similar to my experiences with SmartThings - despite being sold here in the UK in a major high street store, it's not really ready for primetime, but you can work around the limitations. I haven't gone beyond lights and a plug socket yet, plus the motion/door sensors that come in the starter kit. It's been a bit of fun, I like playing with gadgets, but I wouldn't recommend it to anyone just yet
Sounds like the big difference, when compared with Vera, is that ST is cloud based and the development options
Laugh if you want, but I really do have two "clouds" controlled by my smart house. They're ultrasonic mist emitters that fill our orchid-growing cabinets with fog, three times a day. It keeps the humidity inside the glass cases above 95%, which is ideal for some of the equatorial cloud-forest species.
And yes, the electrical plug is kept safely outside of the cabinets. Condensing humidity is a very bad environment for electrical appliances.
We (OpenTRV) are building IoT devices that are decentralised and will work (well) without an Internet connection, smartphone or hideously complex instruction manual.
Some of our target users don't have Internet connections or smartphones, for a start.
Our devices can be connected up beyond a local hub (eg to control your heating better) if you wish, but making it possible to do without makes them inherently safer and more reliable IMHO.
Yes, we're keen on OpenHAB integration, but Open Energy Monitor and MQTT a
Zigbee is old and crusty, the newest version is just strange and bloated and no one has really adopted it. It may die off except that big companies keep demanding Zigbee as a check-off box. The standards of this are new and evolving, and security isn't always there but the device makers are adding it anyway (and if you insist on alliance led standards for security then you'll get crap like WPA as a result when a manufacturer might actually have something better).
Too late (Score:5, Insightful)
The convenience is worth the risk. The dumb-ass majority has spoken.
Re: (Score:5, Insightful)
Fair point. But did they have any other options?
Are there secure IoTs?
Maybe, just maybe, the developers/manufacturers are at some fault.
Re:Too late (Score:2)
For the rest, it comes down to selecting what data to share with whom, when, and what risk you deem acceptable when sharing. And if you're worried about the CIA and their pals, don't do anything in the cloud, access your stuff via encrypted VPN or forego remote access completely and create an air gap between your smart home stuff and the LAN.
Re:Too late (Score:5, Informative)
The real problem with the IoT is that everyone and their brother is trying to be the One True Provider of All Home Automation, and they want to do it in the cloud so they can charge you for integrating with everyone else's clouds. Nest has the whole Nest-Certified thing, running in the cloud. Samsung has the Samsung Smart Home, running your washers, dryers, and air conditioners in their cloud. AssureLink will happily run your garage door openers in their cloud. Honeywell has their thermostat system, in their cloud. Rheem has their EcoNet for running hot water heaters, in their cloud. LG has a cloud service for their TVs. Schlage has a cloud for running door locks. D-Link has a cloud for viewing their security cameras. Fitbit cloud-enables your health data. Philips' cloud runs your Hue lights. And so on.
Cloud solves some thorny problems. It enables easier configuration of the home user's environment by removing most of the barriers, which is critical to commercial success. Ordinary people don't know they need to poke a hole in their firewalls, and they also know they don't want to know all those technical details. But they still want to remotely access their IoThings from their iPhones. Having the IoThings phone home to the cloud means there's a central point to discover and communicate with them, making the consumer's installation woes less painful - ease of use is critical to driving sales. And the cloud can back up those configurations, allowing you to replace your old device 1.0 with new device 2.0, all without pain.
Clouds can also improve end user security - from a certain kind of threat. If your home device is connecting to the cloud and never listening for input on its own, its attack surface is much smaller than if it has opened a port on your firewall. And when your home device needs a security patch, the cloud can push it. Obviously, that means your home devices place their trust in the cloud to be secure, which is the point of TFA.
But the main problem cloud solves is that clouds provide an ongoing "service" for which the device provider can charge $9.99/month. And it's all about the continual extraction of money from the consumers. Why sell an overpriced sprinkler system only once when you can have that wealthy sprinkler system owner send your cloud service a check every single month? That's really why everyone wants to be the company that sells you the One True System, so they are the ones you're willing to pay on a monthly basis.
What I want (and have) is a server in my house that handles the home automation communications and executes rules without requiring a cloud. Unfortunately, most of the commercial hubs come needlessly saddled with clouds. There is no technical reason for an Iris hub or a Wink hub to connect to a cloud, yet they do. Amazon Echo runs everything to the cloud, including your voice. Better systems make the cloud optional.
There are also better choices on the horizon. OpenHAB is making great progress on providing an open source Java package that can handle a wide variety of home automation devices; GUI control is getting there, but setup and configuration is still a complex problem that's out of reach of the average homeowner.
Re: (Score:2)
OpenHAB is one option, with a Z-Wave/Zigbee USB stick it might be able to replace a SmartThings/Nest kind of set up - if you don't mind a lot of work getting it all working (kinda like using Linux in the early days)
Also look for devices that don't need the cloud but use it for additional features. Philips Hue lights talk to a hub that does talk to the cloud for remote control, but that hub has a simple REST API for local control. If you wanted to, you could block the hub from talking to the internet and use
Re: (Score:2)
Yeah, I looked at OpenHAB for a while, but their grandly named "OpenHAB Designer" turned out to be nothing more a copy of Eclipse running a text editor to modify the necessary half-dozen configuration files and check them for syntax errors. It is definitely not ready for an advanced installation professional, let alone the average homeowner.
I've had great luck so far with Vera (getvera.com). It can use the cloud if you let it, but everything is configured and run locally. Configuration is not quite plugT
Re: (Score:2)
Very similar to my experiences with SmartThings - despite being sold here in the UK in a major high street store, it's not really ready for primetime, but you can work around the limitations. I haven't gone beyond lights and a plug socket yet, plus the motion/door sensors that come in the starter kit. It's been a bit of fun, I like playing with gadgets, but I wouldn't recommend it to anyone just yet
Sounds like the big difference, when compared with Vera, is that ST is cloud based and the development options
Re: (Score:2)
Laugh if you want, but I really do have two "clouds" controlled by my smart house. They're ultrasonic mist emitters that fill our orchid-growing cabinets with fog, three times a day. It keeps the humidity inside the glass cases above 95%, which is ideal for some of the equatorial cloud-forest species.
And yes, the electrical plug is kept safely outside of the cabinets. Condensing humidity is a very bad environment for electrical appliances.
Re: (Score:2)
We (OpenTRV) are building IoT devices that are decentralised and will work (well) without an Internet connection, smartphone or hideously complex instruction manual.
Some of our target users don't have Internet connections or smartphones, for a start.
Our devices can be connected up beyond a local hub (eg to control your heating better) if you wish, but making it possible to do without makes them inherently safer and more reliable IMHO.
Yes, we're keen on OpenHAB integration, but Open Energy Monitor and MQTT a
Re: (Score:2)
Zigbee is old and crusty, the newest version is just strange and bloated and no one has really adopted it. It may die off except that big companies keep demanding Zigbee as a check-off box. The standards of this are new and evolving, and security isn't always there but the device makers are adding it anyway (and if you insist on alliance led standards for security then you'll get crap like WPA as a result when a manufacturer might actually have something better).
Big problem is with the dumb IoT, devices t