The home automation market was worth $1.5 billion in 2012 according to Reuters; there’s been an explosion in products that promise to make our homes “smarter.” The best known is Nest, a thermostat that monitors inhabitants’ activity, learns their schedules and temperature preferences and heats or cools the house as it deems appropriate. Many of these products have smartphone["smart" phone --d]
apps and Web portals that let users operate devices, cameras, and locks from afar. Getting to live the Jetsons’ lifestyle has downsides though;[a futuristic lifestyle which, it should be noted, people in "smart" homes are not actually living even when their mostly useless truly crappy remote control light-switch gizmos ARE working --d]
as we bring the things in our homes onto the Internet, we run into the same kind of security concerns we have for any connected device... Googling a very simple phrase led me to a list of “smart homes” that had... an automation system from Insteon that allows remote control of their lights, hot tubs, fans, televisions, water pumps, garage doors, cameras, and other devices, so that their owners can turn these things on and off with a smartphone app or via the Web... Their systems [were] crawl-able by search engines –- meaning they show up in search results -- and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion... Sensitive information was revealed -- not just what appliances and devices people had, but their time zone (along with the closest major city to their home), IP addresses and even the name of a child;[The Footure needs children! --d]
apparently, the parents wanted the ability to pull the plug on his television from afar. In at least three cases, there was enough information to link the homes on the Internet to their locations in the real world. The names for most of the systems were generic, but in one of those cases, it included a street address that I was able to track down to a house in Connecticut. I could have wreaked serious havoc with this home... The Insteon vulnerability was one of many found in smarthome devices by David Bryan and Daniel Crowley, security researchers at Trustwave. Bryan got one of Insteon’s HUB devices in December, installed the app on his phone, and began monitoring how it worked. “What I saw concerned me,” he said. “There was no authentication between the handheld and any of the control commands... “You could put someone’s electric bill through the roof by turning on a hot tub heater” ... Insteon chief information officer Mike Nunes... blamed user error[of course he did! So, you will recall, did the HAL 9000 --d]
for the appearance in search results, saying the older product was not originally intended for remote access, and to set this up required some savvy on the users’ part. The devices had come with an instruction manual telling users how to put the devices online which strongly advised them to add a username and password to the system. (But, really, who reads instruction manuals closely?[Indeed, like user agreements, most of the manuals are written in the expectation that they will not and possibly cannot be read -- but still provide plausible deniability and shifts of responsibility for costs and failures on those who suffer rather than enable them --d]
Insteon says the problem has been fixed in its current product but affected users were never informed that this vulnerability existed[gosh, why should they be informed how their technofetishism has made them more vulnerable to home intrusion, kidnapping of their children, skyrocketing utilities bills, and gizmos that not only don't do what you pay for them to do but also make other gizmos that used to work not work anymore, you know, because the sooper-geniuses at some tech company have made your house "smart" with stoopid software? --d]
“I’m excited these technologies exist but am heart-broken that these security flaws exist,” says Trustwave’s Crowley.[After all who ISN'T excited to discover that entrepreneurial capitalism is still producing useless crap that turns out not only to be useless but actively menacing? --d]
He and his colleague found security flaws that would allow a digital intruder to take control of a number of sensitive devices beyond the Insteon systems, from the Belkin WeMo Switch to the Satis Smart Toilet. Yes, they found that a toilet was hackable. You only have to have the Android app for the $5,000 toilet on your phone and be close enough to the toilet to communicate with it... Another problem with some of the devices, such as the Mi Casa Verde MIOS VeraLite, is that once they’re connected to a Wi-Fi network, they assume that anyone using that network is an authorized user. So if you can manage to get on someone’s Wi-Fi network -- which is easy if they have no password on it -- you could take control of their home. “These companies are considering the home network as a fortress,” says Crowley. “In most cases, it’s anything but.”Needless to say, the tech companies peddling this crap will insist that all these problems (and the endlessly many other problems like them that will never stop appearing) are isolated and fixable instances within a broader, irresistible tide of techno-emancipation. What is conspicuous throughout this piece is the extent to which a discussion of real problems caused by real networked devices is infused with fantasy. There is no such thing as "artificial intelligence." Given what we actually know about actual intelligence and given what we can actually do with actual technique, there is no more reasonable expectation that humans will craft an artificial intelligence any time soon than that we will be contacted by an extra-terrestrial intelligence any time soon. Even when they manage to work more or less as they are expected to do "smart" phones, "smart" cards, "smart" homes, "smart" cars, "smart" appliances aren't the least bit smart. They do not exhibit intelligence -- indeed, their design is usually rendered incomparably less intelligent precisely by the ideological investment of their designers in fantasies that gizmos will indeed one day BE intelligent as they are in the science fiction worlds they prefer to our own, that their designs should pretend to be intelligent now so that they and their users can likewise pretend to be living the science fictional worlds they prefer to our own. Despite its skepticism and focus on problems the piece is nonetheless full of utterly fantastic and metaphorical conjurations that invest it in a futurological hyperbole that facilitates credulity and distraction from problems: recall the conjuration of a "Jetson's lifestyle" nobody is living even when these techno-gewgaws work, recall the "excitement" of a hacker at the thought that "these technologies exist" even as he exposes the glaring flaws and false promise of these very technologies, recall the mirage of building a mighty material "fortress" of immaterial code through the paradoxical opening up of the doors and wires and walls of the home to the remote access of countless millions of networked strangers. I am hard pressed to think of a single outstanding way in which any of these new networked applications justify their expense even when they are working properly -- especially given the brittleness of these complex novelties as compared with the perfectly serviceable locks and switches and handles that have worked so well for so long before futurological flim flam artists peddled their useless wares to the bored bourgeois brats of the digital generation as "convenience" and "smartness." Like most "technological" discourse, the "smart" home is activating fantasies to distract attention from realities in the service of short-term parochial profit-taking by suave con artists many of whom are high on their own supply. The truth smarts.