Tag Archives: Smart Homes

IoT Liability – Who’s Responsible?

When your Internet connected baby monitor fails you probably whine.  You may complain to the manufacturer or the store where you bought it.  Or, you may just buy a new one.

But if that IoT device is your car, well, that could be a bit more complicated.

If you buy a used car and the previous owner did not wipe the phonebook from the hands free unit in the car, the buyer may have access to data that he or she should not have.

But if you wipe the data, is it really gone?  That is way less clear.  Is the data backed up in the cloud.  Is the cloud account associated with the buyer or the seller.

What if the seller had access to the car (to say unlock it or start it) from his or her smart phone?  Does the buyer know if that “connection” between the seller and the car has been severed?  How would the buyer ever know?  Maybe the seller can still see geolocation data – where the car is at any time.

What if a house had a smart thermostat?  If the seller still had access he or she could turn off the heat in the winter or turn off the AC in the summer.  There have been a number of cases where, during a divorce, the displaced spouse did mischievous things.

What if the house had a smart lock and the seller decided to unlock it?  Randomly.  What if the house was burgled as a result?

Are realtors equipped to counsel buyers about smart homes?  I doubt it.  Many realtors have a hard time using their MLS software (certainly not all of them, but this is a pretty geeky subject).

What about home inspectors?  Surely they are educated enough to warn people.  Many home inspectors are retired handymen.  That is the wrong demographic to be providing advice on the Internet of Things.

In some cases, the IoT devices are not even visible.  Like, perhaps, a connected furnace or smart water heater.

In some cases, when the seller sells the house and takes their Internet connection connection with him or her, the device, of course, will go offline.  Does that mean the device stops working or is there a fail-safe in the device?

According to the National Association of Realtors, only 15% of buyers ask about smart homes.  What if the realtor says “I don’t know if this is a smart house”?  Does the buyer demand answers?  Probably in some cases, the seller probably doesn’t even remember if the water heater is connected to the Internet and if it is, how do you change that connection.

Underwriters Laboratories is working a a UL security seal, but that process is voluntary and maybe, in 10 or 20 years that may turn into something.

In this article I am talking about big, expensive, smart devices, but the prediction is that, by 2020, there will be 20 billion devices connected to the Internet.  Most of them small – a toaster or refrigerator or baby monitor or security camera.  What if, as some people do have, there are security cameras inside the house and the buyer doesn’t change the password that the seller provides the buyer.  That isn’t too far fetched.  It works and it is too hard to figure out how to change it.  Now the seller can watch the buyer in his or her house.  No telling what the seller might see.  Or capture.  Or post online.  Or share with friends.  Think about that one for a minute.

In the mean time, it is kind of like the wild west.  You are on your own and good luck.

I am not anticipating this changing any time soon.

BUYER BEWARE!

Information for this post came from SC Magazine.

Buying A Smart Home – Food For Thought

In the world of a connected home (or any other building), when you sell it or buy it, you need to consider the security and privacy implications.  Does the former owner still have access to the security cameras?  HVAC?  Alarm system?  Are the smart devices not so smart anymore?  Have they EVER been patched?  Are there known security holes big enough to drive a truck through?

It used to be that all you had to worry about was whether there were termites and did the heating system work (among other things).  Now, at least in the case of smart homes, there are many other things to consider.

In fact, the Online Trust Alliance has even created a checklist (see here).

Here are a few thoughts to consider:

  • Do you know what devices in the building are connected to the Internet and if there is a service provider involved?
  • How do you know that the former owner can no longer access each and every one of these smart devices?
  • Are all of these devices still supported by the manufacturers – if you even know who the manufacturers are?
  • Are there known security vulnerabilities in any of the devices that would allow them to be taken over or surreptitiously monitored (for example, there are well known cases of perps hacking into baby monitors and other security cameras and watching)?
  • Are all the devices patched?  Do you know HOW to patch all of them?

The challenge, I think, is that this is likely overwhelming for most homeowners – except maybe for a few geeks.

 

Manufacturers of these smart devices don’t help either.  The manufacturers could easily help a hacker break into your system since they really don’t know if you ever owned or still own the system in question.  In addition, for consumer devices, manufacturers stop making them pretty quickly and want to stop supporting them soon after that.

Manufacturers also make it difficult for users to install patches.  Do you, for example, have any idea how to patch your smart TV?  This is the current generation’s version of the VCR with the blinking clock. (That is, for those of you old enough to know what a VCR is.  If you are not old enough, it is your parent’s version of a TiVo).

Manufacturers have to step up their game – assuming they want to become anything other than a niche player.  I can also see the prospect of lawsuits against manufacturers who don’t timely patch their devices.

On my satellite TV, the provider downloads software updates every week – so I don’t try to record any shows on Saturday night at around 2 AM.  That’s when the satellite box takes over, shuts down satellite reception and downloads new firmware.

I am not a cable user, so I don’t know what they do and each provider is likely different anyway.  Typical cable setups have a cable modem and a set top box, each of which would need to be patched separately.  It is a reasonable question to your provider – who is responsible for patching security holes, how often does that happen and, if you need to do it, how do you do it.

I only mention TV boxes because they are something most people are familiar with.  While they are smart, they are not likely to be handed over to a new owner.

What is likely to be handed over are things like smart locks, alarm systems, security cameras, garage door openers – all connected to the Internet.  And, if the manufacturers are right, by the year 2020, billions of other devices.

As if you didn’t have enough to be concerned about when buying a new or used home (even if it is new, someone else likely has the codes).

UNLESS users start pressuring manufacturers by refusing to buy products that do not address this issue.

I PROMISE this problem will get worse before it gets better.  Sorry.

Information from this post came from CIO.