Smart Home Primer

You may have heard about it in the news, earlier this year two researchers from the University of Leuven, Belgium submitted their research for review, exposing a flaw in our WiFi security. They discovered a critical vulnerability they dubbed, KRACK, which affects the WPA2 security of ALL client WiFi devices. For clarity, examples of client devices are your WiFi connected smart home devices, laptop, phone, tablet, e-reader, etc.

Is this something you need to be concerned about? Short answer is, YES!

If you’re using any Android device, it is of particular concern, because this attack executed on an Android-based client can result in a complete breakdown of the devices wireless security until this is patched. Fortunately, the security patch is relatively simple, but you can expect manufacturers will want to test it to make sure it doesn’t cause issues before releasing. Expect to see big companies like Apple publishing it as beta (aka, not ready for primetime) at first.

Devices such as WiFi access points are at lower risk, unless they also act as client devices themselves to connect to other access points. Examples are wireless extenders and the new “Mesh Network” devices such as Eero, Google WiFi and Linksys Velop that connect together to extend wireless access throughout your home. However, unless you’re very tech-savvy, you may not be aware of a client capability your wireless router has, and there is a long history of exploits against wireless routers. Although less likely, it’s not impossible that a router could be attacked, have its client capabilities enabled, and then compromised. Therefore, please do update if possible, or check that your ISP has done this for you, if you are one of them millions that rent a wireless router as part of your Internet service.

How quickly smart home devices are going to be patched against this attack is anyone’s guess. The good news is many companies are taking this more seriously and reacting, now that it’s out in mainstream media. It’s also good news that many devices such as Insteon, Philips Hue and Lutron Caséta are unaffected by this, since they’ve never supported WiFi to begin with.

Although many companies already use HTTPS encrypted traffic, the researchers warn that this was easily bypassed in a “worrying number of situations”. The good news is, if you’re able to use a VPN connection to encrypt all your Internet traffic, you’re safe from attack, because all of your data is encrypted, and therefor unusable to an attacker the entire time you are connected to the VPN service.

Additionally, Mac and PC users do not need to be concerned, because the WPA2 protocol was never properly implemented by either Microsoft or Apple, which consequently made them immune to the attack, and official patches are already available.

Should you update everything you own that connects by Wi-Fi? In a word, yes, but since it may be very difficult to know whether or not the manufacturer has updated your device automatically, or if it must be done manually, whenever you have the opportunity to connect securely via a VPN, we recommend you do so. This will make your life easier and take a lot of worry off your mind. It’s also important to know that this attack is very sophisticated at the moment, and requires an attacker to be within radio proximity such as free Wi-Fi in a coffee shop. But, black hat hackers do not wait to take advantage of vulnerabilities like this, and you can be sure a method of simplifying this attack is in the works, seeking those that are unknowingly still vulnerable.

To find detailed information about the KRACK vulnerability, be sure to visit the EFF post about it. For a list of updated devices and those not yet updated, BLEEPINGCOMPUTER is one site taking the lead on tracking this complicated issue.

Have a comment or question? Please gives us your feedback in the comments sections and do join us in the discussion on Twitter @smarthomeprimer where you'll find us posting about the latest news in IoT and smart home innovations.

No comments

Originally posted on The Digital Media Zone

Amazon recently unveiled the latest addition to its Echo product line. The Echo Look, like the original Echo, will be available initially to US customers by invitation only. Echo Look has the same Alexa Voice Service found in other Echo devices, but it also has a camera built in to take vertical-format full-body photos and short videos, hands-free. It includes built-in LED lighting, a depth-sensing camera, and computer vision-based background blur to make subjects stand out and improve the accuracy of Amazon’s machine learning algorithms.

Amazon’s promotional video describes how its new Style Check service will let you get outfit advice from fashion specialists. It’s pretty clear they’re targeting female shoppers, since the only guy in the video is shown for a total of about two seconds. And it’s a smart step for them—McKinsey & Company estimates the fashion industry to be worth $2.4 trillion, and it is expected to accelerate this year.

Echo Look makes perfect sense for Amazon, and it all fits with its moves toward global retail domination. It’s been betting big in the fashion space with numerous partnerships and acquisitions—even its own streaming fashion series, Style Code Live. According to one Bloomberg report, Amazon is now the biggest online clothing retailer. And consider this: The Echo Look will offer an enormous treasure trove of data for brands to track satisfaction levels, reducing costly returns and exchanges.

But…

Can we just say this? Putting a camera in your dressing area is creepy! Consumers have had mixed reactions to the idea of bringing cameras into the very private spaces in their homes Perhaps this initial discomfort is because it’s a fairly new concept, but c’mon…the dressing area?

It takes time to get comfortable with the idea of giving up privacy. We allowed it with email, then we started posting online what previously would have been considered private photos and videos. Next, we decided it was fine to share our location 24/7, and then we willingly brought always-listening microphones into our homes. Of course a camera for the bedroom would be next! The live streaming shower cam can’t be far behind. Actually…let’s hope it’s not.

Seriously though, the data gathered will undoubtedly evolve to other Echo products and uses quickly, and the possibilities are intriguing. Amazon is reported to be accelerating its Echo with a screen (code-named Knight) and could reveal it as early as next month.

What if you could take a photo of yourself, allowing a depth sensing camera to take your measurements and virtually dress you? In minutes, you could see what multiple outfits would look like on you from a screen right in front of you. Or imagine having a professional chef assist you in the kitchen, giving pointers instantly, showing examples, and making suggestions for side dishes to compliment your meal. And Amazon will be ready to deliver fresh ingredients, or anything else you need to complete the meal, right to your kitchen!

We’d like to know what you think about bringing not just microphones but Amazon cameras into your home. Share your thoughts in the comments, below.

No comments

If you’ve never heard of Stringify, we’re honored to introduce you to it. Similar to IFTTT, Stringify allows you to connect disparate devices in the cloud for free. For example, your Wink Hub might support Ecobee 3, but not in a way that allows you to do everything that you want. This is one way Stringify in particular can help. Don’t misunderstand us, we like IFTTT and find there’s great value in their partnerships, especially the one they announced with Stringify on January 13, 2017. We’ll get into that in a follow-up post, because it’s advanced and requires you have a good understanding of both Stringify and IFTTT to get results. Be sure to read our post "How-to: Connect Smart Home Devices with IFTTT" in preparation.

Before we start, you’ll need to download Stringify from either the Apple App Store or Google Play Store on your smart device. Currently, there is no iPad specific version, but you can still use it on iPad in so called “Universal App” mode where everything is scaled to fit the larger format. Be sure to select “iPhone Only” when searching the iOS App Store for Stringify from an iPad.

Put security first

This app and the associated services in the cloud will be able to control devices around your home and send notifications to your smart devices, so we recommend you review our How-to: on using password managers with Smart Home devices

Your first flow

For most of this article we’re going to refer you back to Stringify Knowledge base documents with links throughout this article, because they are well written. However, many people still struggle with creating their own flows in Stringify when getting started, so the purpose of this article is to reinforce some important basics you’ll need to know.

Start with a basic flow to get a feel for how Stringify works. This first will be similar to what can be done with IFTTT, but once you understand how to add “Things” to your canvas, how to connect them and complete your flow, we’ll get fancy and you'll quickly see how powerful Stringify is. In this example, an email will automatically be sent to your partner anytime you're home early from work.

The good part

Now that you understand how to build and connect a basic flow by following the links above, lets get more advanced by adding an “ONLY IF” trigger to a flow. This is something that IFTTT cannot do alone.

“Things” you’ll need

Start by adding Location, Date & Time and the Gmail “Thing” to your canvas.

Now configure the Date & Time “Thing” to start on today’s date, the time should be set to 5:00 PM or whatever time would be considered early for you to be home, and it should repeat Every Day.

Set the location to “ONLY IF” I’m at a location. We suggest within 1000ft for best accuracy.

Configure triggers or actions

Tap the Gmail “Thing” and set your partner as the recipient, with the subject “I’m home early”. It’s necessary to also enter something into the body. If your partner has a good sense of humor, try “What’s for dinner?”, but use with caution as your milage with that phrasing may vary.

Putting it all together

Now connect the “Things" together. First drag Date & Time to Gmail.

This will create a quick link between them showing they have a relationship.

It’s a common error to next want to drag the “ONLY IF” trigger to the Gmail “Thing” as in this example. But as you can see, this tries create a second relationship with Gmail and that will result in a red quick link and an error when you attempt “Enable Flow”.

Flows can contain only one “WHEN” trigger, but may contain unlimited “ONLY IF” triggers as explained in the Stringify KB here.

Your goal is that the Location “Thing” should interact on the relationship between Date & Time and Gmail. So WHEN the TIME EVERYDAY is 5:00 PM, ONLY IF I’m at a location should the flow continue and send the email to the recipient I have specified in the Gmail “Thing”

To make that happen, you must drag the Location “Thing”, not to the Gmail “Thing”, but to the Quick Link that defines the relationship between Date & Time and Gmail.

Your flow should look like the image below and the lines will change from dashed to solid then the flow is enabled.

Congratulations, you've built your first Stringify Flow! Stringify runs in the cloud, so there's no need to have the app running in the background on your device.

Have a comment or question? Please gives us your feedback in the comments sections and do join us in the discussion on Twitter @smarthomeprimer where you'll find us posting about the latest news in IoT and smart home innovations.

No comments

Pages

But…

About Us

Follow Us

recent posts

Previous Posts