
IoT’s killer app is not home security - gvb
https://techcrunch.com/2016/09/03/iots-killer-app-is-not-home-security/
======
niftich
The commercial excitement over IoT is all about offering 'services' you
couldn't offer before. When your house is full of these devices, some people
will pay extra for the 'enhanced tier' of service (even if the basic tier is
offered for free). In cases where the business model isn't subscription-based,
it's either made up by the high retail price of the device, or indirectly
monetizing the data collected for 'market research' and the like.

IoT isn't about people hooking up jailbroken Kindles to one-way mirrors to
show the weather. It's not about Ardunios and Raspberry Pis being used to
collect some data, move some servos, and make a blog post about it. It's about
big money to be made by introducing new monetization channels in places there
were none before.

~~~
euske
I've been saying that there are three "scammy" markets which tend to have a
higher ratio of overpriced, scammy products, and they're the following:

* Health

* Education

* Office productivity

And now,

* Home security (New!)

The reason that I think these markets tend to be scammy is because their
quality is mostly based on perception. And there's no easy way to drastically
improve these, people tend to look for a magic pill. And you're right,
security is certainly going to be one of them.

~~~
nightcracker
The first two bullet points on your list are very specific to an american
perspective. As a dutchman I do not consider these scammy markets whatsoever.

~~~
starmilk
$0.02:

As an Australian, I do agree with you, but only looking at them from what
government services are provided. In terms of the industry, I think
health/fitness is possibly the largest in terms of misinformation because no
one wants to do simple exercise and eat well, everyone is looking for a
shortcut to get bigger or smaller.

So I don't think that they're specific to the American perspective in a larger
sense, but I do also see where you are coming from. Then again, neither of us
are American!

------
fpgaminer
I recently looked at the landscape of smart door locks, and came to the same
conclusion as @Animats did in his comment. Actually, I would rephrase it to
say _all_ smart door locks suck. All I really want right now is an RFID/NFC
deadbolt, purely for convenience. Seems simple enough, and yet nothing secure
exists.

So I'm now set on trying to build my own lock. I'm thinking of just getting a
really nice, mechanical deadbolt, and then building something similar in
design to Lockitron, where it just sits on top of the deadbolt, augmenting it
with digital authentication. For the keycards I plan to combine a low power
MCU with NFC and Ed25519 cryptography for authentication. I found a variation
of the MSP430 chips with built-in NFC capability which are designed to run
battery-less (they harvest energy from the NFC signal). My rough calculations
suggest that they'll be able to soak up enough power to do an Ed25519
signature in 0.25 seconds; fast enough for me. I'll just have the lock send a
random challenge to the keycard, it responds with a signature of the
challenge, and then the lock can verify the signature and confirm that the
card is legit. It should be simple enough to mold the MSP430 and supporting
electronics into a thin 1" diameter disc which I can hook to my keychain or
put in my wallet. Awesome! The lock itself is just another MCU with NFC
capabilities, battery, and motor.

That setup satisfies my desire for a convenient, digital lock, while
maintaining real security (Ed25519 with real random challenges, versus
existing RFID solutions which use 48-bit keys, 3DES, suffer replay attacks,
etc). I'm surprised these things don't already exist. I only had to spend an
hour to find the MSP430 chip variation and sketch out this system...

~~~
greggman
What benefit do you hope to get from your smart lock? I stayed at an Airbnb
with a simple electronic combo lock.

Plus: no key to pass me Plus: can change code for each new guest

It's not a smartlock tho but maybe I don't understand what a smartlock is. A
friend as an internet connected lock

Plus: can open remotely (package delivery guy calls. From phone friend
remotely let's him into garage Plus: can set time based codes (code only works
on a particular day/time range)

Minus: it's on the internet and controlled through a third party service

What will yours do? I'd love one that's online somehow but secure

~~~
grogenaut
I'm not really sure why you need an electronic lock on an airbnb, you're
either there to flip the place or you have an onsite person to flip the place,
well in large numbers of airbnbs. The ones I can think of that don't need it
wouldn't have internet generally. Interested in what you see as the benefit
over one of those punch code locks that hold the keys that are like $14 on
amazon or a schlage deadbolt for $150.

~~~
greggman
The benefit to a code lock for me over a box with a code that holds the keys
is there's no key to lose nor any key to forget to return. I don't even have
to carry the key when I go out. One less (three less?) things to worry about.
I actually locked myself out of the last AirBnb I was at. I forgot the key and
while that meant I didn't lock the door to the apartment there was also an
automated door to the building. Going out it auto-opens, going in it requires
a key. I just sat in front of the building for 30 minutes until someone else
opened the door.

I've stayed at about 15 AirBnBs, most of them I didn't have to meet the owner.
But, also most of them used a lock box with a code instead of just a door code
lock.

------
Animats
Most of the "smart" door locks suck as locks.[1] Most are physically too weak.
Most need regular battery replacement, although a few generate power from
turning the handle.

If you want any real door security, you have to go to steel doors and frames,
and multipoint locks. You can get door/frame/lock systems which look normal
and operate like a regular door, but bolts go out the top, bottom, and sides
into the frame, like a vault door.

[1] [http://schuylertowne.com/blog/smart-
locks](http://schuylertowne.com/blog/smart-locks)

~~~
kbenson
As an addition to your point, it's always worth noting there is no such thing
as perfect security (at least not in any _useful_ way). As soon as you make
your door much more hardened, there are other points of entry that will be
used instead. It does you little good to transform your door into a foot thick
slab of concrete if your window is still just a couple panes of glass, or
someone can just take a sledgehammer to your wall next to the door and it's
just a few sheets of plywood and some 2x4's.

Passive security measures buy you time, which in turn makes you a less
lucrative target by requiring more effort and making it more likely someone
will notice and intervention will arrive before the intruder has completed
their goal. This applies equally as well to network security, and usually this
comes up here because of analogies in discussions regarding network security,
but it applies just the same no matter which direction you approach it from.

What this means in context is that it's often better to step back and look at
what your real goal is. It's entirely possible a sign stating "guard dog on
premises" (whether you have one or not) will prevent a lot more break-ins than
a better padlock. On the other hand, if the convenience is what you are after,
then you have a different set of criteria to consider.

~~~
AceJohnny2
_> As soon as you make your door much more hardened, there are other points of
entry that will be used instead. It does you little good to transform your
door into a foot thick slab of concrete if your window is still just a couple
panes of glass, or someone can just take a sledgehammer to your wall next to
the door and it's just a few sheets of plywood and some 2x4's._

Well sure, but like in all security it's about adjusting the attacker's
effort/reward ratio. As I recall [citation needed], most burglaries are less
than a few minutes, in-and-out affairs. Make it harder than that, and you can
deter the low-effort attackers.

~~~
kbenson
> Well sure, but like in all security it's about adjusting the attacker's
> effort/reward ratio.

That's exactly right (and a large part of my point). But if you have a fairly
large unsecured window easily visible and a very secure door, there's a good
chance that might just get smashed in and people will run in and grab a few
high value items before running away. This probably isn't as crazy as it
sounds to some, as I heard from a police officer not too long ago that in some
cases cars just drive up to a property, someone jumps out and knocks to see if
someone is home, and then they just kick the front door in, and run in and
grab a few items. A more secure door will prevent that _exact_ scenario, but
if they can tell the door is secure, what's to prevent them from throwing
something through the window? They are already expecting a loud noise and
possibly being noticed, glass breaking doesn't seem like it would deter them
(other houses may look easier, but if you look more appealing for some other
reason, that may be all that matters in this case).

What I really wanted to point out is that what's really protecting you in most
cases is the _perception_ that it's hard to break in, and while reinforcing
your door may meet that criteria in _your_ eyes, those that break into houses
may have long ago dropped the idea that the door is the only, main, or even
best way to break into a house.

------
zrgiu_

        IoT finding its footing in augmenting other systems rather than revolutionizing them
    

This is key. All the companies that are trying to start from scratch and build
something big are failing or are hitting huge roadblocks due to high learning
curves. On the other hand, those that are starting with simple, one-feature,
even buttonless devices (philips hue, chromecast, echo) are the ones that are
staying afloat.

I'm in this niche, and have been hit hard by this reality. IoT is _definitely_
coming, but right now it is SO young, immature and fragmented, that it takes a
pretty skilled person to use it in any meaningful way.

People need to be educated, and the best (read: only) way to do that is to
introduce them to IoT one piece at a time. And these pieces have to be
reliable and consistent. Until then, the switch on the wall has nothing to
worry about.

~~~
lgleason
The problem with IOT is that it's the tower of babble. Interoperability will
be the killer feature that will drive growth.

------
sverige
Adding more insecure devices to protect your home makes no sense. Whatever
happened to the idea that fewer "moving parts" meant less likelihood of
failure?

The selling point is that you can monitor all this stuff remotely on your
phone, but really, what can you do about it? I don't see how this surpasses
the (very expensive) services like Brink's and ADT who will contact law
enforcement for you.

And yes, I've seen the ad where the guy is at the store trying to figure out
what to buy and can look in his fridge from his phone. Whatever happened to
making a grocery list before you leave?

~~~
alexbanks
To play devil's advocate, what ever happened to making a mix tape from songs
on the radio to play in your large battery powered Walkman on the go?

"Why can't we just do it the old way" isn't the best argument for halting
attempts at innovation. Before we can have the IoT we see in movies, we have
to have gradual iterative progress in the way we think of/use the tech.

~~~
pessimizer
"Making a mix tape from songs on the radio to play in your large battery
powered Walkman on the go?" was never a design principle, and "why can't we
just do it the old way" is not the argument being made above.

~~~
alexbanks
The last line of the post I commented on: Whatever happened to making a
grocery list before you leave?

Which summarizes to: Why can't we just do it the old way

To which I responded. Again, summary: it's silly to complain about new things
being different than the things that came before them, and the only way to
make the new stuff great is to make a bunch of new stuff and see what sticks.

~~~
ionised
> Which summarizes to: Why can't we just do it the old way

To me, that summarises to _Why can 't we do it the simple way?_

~~~
alexbanks
Again, why use a combustion engine that requires fuel when you can just use
the horses we already have?

~~~
dragonwriter
Horses are a combustion engine that requires fuel, and a fairly high
maintenance one, low power-to-weight ratio combustion engine, at that.

On the plus side, they run on renewable rather than fossil fuels.

~~~
alexbanks
Point: missed.

------
bsder
While his thesis for things that are related to home security in the face of
an adversary are correct, there are a lot more cases that aren't so dire.

Gee, someone is banging on my door at 3AM in the morning. I'd really like to
see who it is _WITHOUT_ being directly behind the door. Especially since it's
most likely to be a neighbor or the police and greeting them with a shotgun is
not likely to result in a positive outcome. A cam on my door that I can see
from my phone would be kinda useful.

My water heater, washer, shower, etc. just broke. I'd really like to get
continuous alerts on my phone that there is water filling up my house.

There are lots of things like this. They're grubby and mucky and an
opportunity, but they are not high volume and they require more than 3 guys
and a dog and some software.

~~~
acidburnNSA
To further your point, I live in a high-crime urban area in an apartment
complex that gets broken into weekly by folks stealing packages and prowling
cars. My apartment used to have no security, and it would have stayed there if
I hadn't gotten into the open source Python 3 home automation engine
[https://home-assistant.io](https://home-assistant.io). I got it up on a
Raspberry Pi and fiddled with it for lots of things. Now, if my door opens or
motion is detected and the alarm is armed:

* My stereo gets turned on by an IR LED

* A scary mp3 I threw together with dogs barking, sirens blaring, and monsters growling starts playing loudly

* My camera starts taking snapshots and saving them locally and emailing them to me

* All the lights in my apt. start blinking on and off

If I'm home, this will wake me up if my door gets compromised, and possibly
scare off the perp. If I'm not home I will almost certainly get the alert
(services are up 99% of the time), and I feel relatively confident that it
will scare off a low-level property thief.

If professionals show up with SDR to jam my sensors, yeah they'll get in...I
agree. But IoT home security is still good because some security is better
than none, and there's no way I would have any security at all without it.

~~~
grogenaut
What software defined radio would screw up your sensors? The ones you listed
above are all door or ir. Or did you just mean the motion sensors?

~~~
fulafel
Camera and light switch are probably on wifi -> jammable.

~~~
acidburnNSA
Light switches and door sensor are zwave; jammable. However I could relatively
easily rig up my own SDR receiver and detect jamming as a backup trigger.

------
eveningcoffee
I most of the cases there is no need for I part.

What most people actually need is local in house system. They do not need
leaches that suck on their data and they do not need products that stop to
work in few years because company producing them and providing a "service"
looses the interest.

------
unabst
IoT will explode when 1) open hardware gains unprecedented trust between the
user and their hardware, 2) users begin to prefer open source software because
that's just how the most secure and user-first software is maintained, and 3)
TBD open hosting.

1 + 2 = "my bulb is an open spec made by factory X running on transparent
software maintained by people who care"

3 = "and I host it myself on Y"

3 is the missing link, and it's yesterday's self-hosting that hasn't made it
to it's next incarnation. When we'd self-host our web site, we owned the box,
owned the set-up and felt absolutely in control of the system. It may not have
been as reliable or fast as a hosting service, but there is comfort in full
ownership and full control. To their own detriment the shared hosting industry
went to shit when they settled for their shady marketing eco-system (paid
reviews, not unlimited unlimited quotas, cheap bad service). No one trusts
shared hosting now, and so Squarespace and the like have gained popularity,
but that's a fully corporate owned opaque service.

The closest to 3 we have now is AWS and Google Cloud and the like, but they
are not made for normal users. Dropbox would have been a good candidate but
they lose credibility with every word they speak (damage control clearly
centered on themselves, ignoring customer complaints).

3 could be 1) a new self-hosting local box that has it's own app or something
that's fully contained and in your house. 2) A cloud provider that has managed
to detach their corporate interests from their shared infrastructure (like
amazon and google have towards developers). Consumers don't want their IoT
console cluttered with ads or "recommended items for you" and the last thing
consumers want is for Google to mine their personal IoT information. Or 3) a
standardized open source cloud platform where users can take their data from
one provider to another while enjoying full ownership (local backups), privacy
(full encryption), and portability (zero lock-down).

~~~
acidburnNSA
3 is the open-source [http://home-assistant.io](http://home-assistant.io)
engine hosted on a local Raspberry Pi and accessed remotely through a DD-WRT
OpenVPN. It's here now, and it's amazing.

~~~
unabst
Exactly. When this (and the like) goes mainstream, and I can buy standard-
based hardware, IoT will explode. Consumers do not trust corporations, and
will not let them in their home. (This might sound counter intuitive because
corporations are all over our homes, but consumers don't want that, and IoT is
extremely personal -- it's _the_ home.)

~~~
thr0waway1239
My prediction is that 3 will not happen, and what happens in its place is
going to perpetuate the tech giant oligopoly. With the tech giants getting
into the business of collecting any remaining missing data points using IoT,
it is only a matter of time before most of us are inside houses which are
periodically sending data to servers at Amazon, Google et. al.

Their marketing might of course is hard to match. But they are also more
likely to know more about your present needs with the trove of data at their
disposal. Which cloud provider is going to match that?

Respected experts like Andrew Ng talk about data being a 'defensible
barrier'[1] . Under this euphemism lies practices such as 'creating products
which do not produce revenue but are intended for data collection'. Yes, folks
at HN have known about these things for a long time, but my point is the stamp
of endorsement for these disturbing practices from people who are regarded as
authority figures, and the general absence of debate around these practices.

[1]
[https://www.youtube.com/watch?v=4eJhcxfYR4I&t=21m30s](https://www.youtube.com/watch?v=4eJhcxfYR4I&t=21m30s)

The cloud providers and their ilk will be quickly driven out of business with
revenue-less products which 'complete the picture' for the tech giants.

[https://www.fastcompany.com/3061546/Amazon-dash-
buttons](https://www.fastcompany.com/3061546/Amazon-dash-buttons)

Self-hosted is possible. But that is going to make an explosion in IoT's
popularity unlikely.

------
cbuq
I agree that the security of IOT devices is petty terrible in its current
state.

However the author seems to make a mistake in generalizing that "It doesn’t
take a professional to realize his particular house of cards [home security
system] is about as fragile as they come."

The average person does not understand the danger of IOT, and this is where
the most damage will come from.

~~~
flogic
Physical security doesn't have the same parameters as digital security though.
The pool of attackers on the internet is much larger and more sophisticated
than those looking to break into the average person's home.

To put it in more concrete terms. The door to my home has 2 deadbolt locks. I
would be highly surprised to learn that either can't be picked in a short
period of time by someone with enough skill. That said the probability of that
happening to my door is relatively low. The same level of exploitability in a
web browser though is much more likely to be a problem.

In short the pools of likely attackers for my home is quite different from the
pool of attackers for my digital presence. The primary concern I have with IoT
is it's potential to expand the pool of attackers for my home.

------
jimjimjim
my guess is that companies are pushing this (rather than customer pull)
because:

1) product differentiation, more vague tick boxes on the product comparison
chart that your competitors don't have.

2) vendor lockin/ecosystem lockin. If the devices are not going straight to a
remote server you'll need a "hub". your brandA lightbulbs will only talk to a
brandA house hub which is incompatible with brandB security locks.

3) product churn. (did you really really need to replace your ok tv with one
that does 3d? lots of people did).

4) clip the ticket. build a platform that involves transactions and take a
cut.

5) data. paraphrasing: if you aren't paying for it, you aren't the customer
you're the product.

none of these really sound like a utopia for the average person.

~~~
sjellis
There's also the "Star Trek factor" (I just made us this term). Tech people
grow up watching or reading science fiction and then try to build the stuff
for real, because it would be cool.

We'll have to see if ordinary people find it _useful_.

------
SigmundA
I have had a HAI Omni Pro in my house for nearly a decade, it is a UL listed
Fire/Burglary and automation system. It has never faulted or rebooted except
when I needed to change its backup battery. There are Omni's running that
where made in the 80's.

It has a Ethernet port and a documented TCP protocol that uses 256 AES. I have
an iOS app that talks to it directly, which means no lag in controlling it.

Beyond Security and Fire, it controls my lights, HVAC, garage doors,
sprinklers.

It is one of the most reliable computing systems I have used. The recent IoT
stuff is a joke compared to my Omni, unfortunately I think HAI got left behind
and ended up selling out to Leviton and there seems to be little progress
since then.

------
tempodox
Laws and regulations may remedy the racket that IoT is now. I'll believe it
when I see it.

------
yalogin
IoT reminds me of the fiber optics craze of the late 90s. No one knew what the
killer application for fiber was back then but every company was in it. Eerily
similar to whats going on now with IoT.

------
nbadg
I think the article does a decent job of highlighting some of (what I hear as)
the primary concerns surrounding IoT, namely:

1\. WiFi needs to always work

2\. Internet connection needs to always work

3\. Power needs to always work

4\. Stability of software and firmware

5\. Trustworthiness of software and firmware (including data leakage, privacy,
etc)

Simultaneously, though it rightly points out that IoT is still very much in
its infancy, I think it misses a very important observation: there will
absolutely come a day when IoT is unavoidable. Not as in you can't avoid
encountering it, but as in you can't avoid _owning_ it. There will, (I think
anyways) without a doubt, be a day when devices that the average Western
consumer considers necessary for everyday life -- things like refrigerators,
electric meters, thermostats, and so on -- are effectively impossible to buy
"dumb". Every analysis and meta-analysis of IoT that I've seen has been
incredibly bullish on it, and I think that's an indication of how much
economic incentive there is for it. Given that, I'd say automobile ECIs are
the proof in the pudding for the assertion that IoT will be unavoidably
ubiquitous. As an experiment, try to find a new car that you can personally
can actually buy, that doesn't have a computer in it. As the median Western
consumer, that's not possible. So I'm pretty convinced that for IoT, non-
participation will not remain an option.

So then the question is, what do we do about those 5 issues? I tend to look at
stuff like this from an economic perspective; clearly device producers haven't
seen enough market pressure to give a shit about any of them. Right now, the
only pressure device creators are demonstrating is a profound push to get
something, anything, to market. It really is an internet of shit.

That being said, even the bare minimum is really hard here. You're talking
about a system architecture that our existing infrastructure simply isn't cut
out to handle. Think about the challenges involved in deploying a reliable
authentication system to a web-scale application, and now imagine doing it in
a way that can't necessarily rely upon a central server. It's far easier to
just "punt" on the second half of that, assume the traditional web paradigm
(trusted third party server), and call it a day. And make no mistake, for a
commercial device, authentication is absolutely required, even for home WiFi
network: not everyone wants every person in their house to control, for
example, their locks. Or, alternatively, imagine an AirBNB host being forced
to give their guests unfettered access to their IoT vibrator (yes, they
exist). These edge cases are everywhere, and they make authentication of some
sort or another an absolute requirement.

My hope is that someone (and by someone, in all honesty I'm talking about my
own project [1]) can come along and say to device producers:

1\. I understand how hard it is for you to make _any_ IoT device.

2\. I'm going to make it substantially cheaper for you to do that, but...

3\. The privacy and security I've baked into my system is inseparable from
your economic benefit as a device producer.

The idea is to evolve that into:

4\. You cannot be competitive in the IoT marketplace without privacy and
security.

At this point, with how completely and totally horrendous the industry has
been in these areas so far, I think that's the only viable way we can achieve
those goals without a tremendous amount of growing pains.

[1] The project is called Hypergolix, and at this point it's basically
"Dropbox for Python objects, geared towards IoT, with an emphasis on social,
and secured via end-to-end encryption". We're in the process of getting a
private alpha shippable, to be followed soon by a public alpha. It all works,
and it's all open source, but there's some necessary stuff we need to iron out
in the coming weeks. Our outdated landing page is
[https://hypergolix.com](https://hypergolix.com), but a better preview of the
developer experience is on our very incomplete docs page:
[http://pyhgx.readthedocs.io/en/latest/index.html](http://pyhgx.readthedocs.io/en/latest/index.html)
. The whole project is backed by a crypto protocol known as Golix:
[https://github.com/Muterra/doc-golix](https://github.com/Muterra/doc-golix)

~~~
nbadg
To expound a little on this combination:

> There will... be a day when devices [are] necessary for everyday life... are
> effectively impossible to buy "dumb".

> As an experiment, try to find a new car that you can personally can actually
> buy, that doesn't have a computer in it.

The reason I'm convinced this is the case is simply economics. Solid-state
electronic controls are very often simpler, cheaper, and more reliable than
mechanical ones. When it comes to, for example, thermostat in your
refrigerator, on your hot water heater, etc, the reason the economics have,
thus far, worked out in favor of the mechanical controls it that the external
costs associated with solid state electronics -- the software development, the
upkeep, the initial electrical design, etc -- have been too high to justify
them (in many cases). But as those external costs decrease, which they
(through maturation of the IoT field) inevitably will, the solid-state
electronics will be increasingly economically competitive, until eventually to
have competitive margins as a device manufacturer, you have to go the
connected route. When I say "impossible to buy dumb", I'm not suggesting that
every refrigerator is going to have a Google calendar on it or something, I'm
talking about all of the little things you take for granted. Don't
underestimate the banality of automation.

Cars are a particularly apt example because the exact same thing happened to
the automotive industry with the advent of the ECU. The added technical
complexity of their computer control was initially only economically
justifiable in performance vehicles. As time went on, and ECUs progressed and
matured, they became cheaper and cheaper, until even the cheapest new cars
were forced to incorporate them to be competitive in the market.

------
kordless
IoT isn't anything other than what already was. It's decentralized compute,
plain and simple.

------
jaredraby
This was interesting look at home IoT is used in home security today and it's
current downfalls. However, the items that seem IoT specific are ones that are
issues in implementation, not application.

To frame what I mean when I say "IoT specific", I'm pointing out that many of
the examples that he highlights are also the downfall of traditional security
systems as well. If you have remote monitoring, and you internet/telephone
line goes down, IoT or not, you've lost the service end of discussion.

    
    
      It doesn’t take a professional to realize his particular 
      house of cards is about as fragile as they come. It is built 
      on the assumption that one’s WiFi will always work, their 
      internet connection will always be up, power will always be 
      on, and every piece of software and firmware is stable and 
      trustworthy."
    

Power loss on traditional security, wifi loss on traditional security, hard
wire cut on traditional security, all of these will take their toll as well,
not just on an IoT system.

Onto the IoT specific related items. The implementation issues that he
highlights; having to have your app open to record footage. Your cellphone
being at the bottom of you bag and you can't reach it. These are all problems
that can happen already. If you can't reach your phone when the security
company calls you to notify of a break in, this is the same problem.

I understand why there is a lot of distaste for IoT, and all the security
pitfalls that happen. However this is not an inherent issue to the concept,
rather is a breakdown of implementation of security protocols that are not
being followed and a lack of learning from traditional systems that isn't
being applied.

After thinking about this for a while there are ways to bolster an IoT
security or monitoring system: > Power / connection required for signaling. So
rather than waiting for a system to signal something is wrong, wait for a
heartbeat to die. > Battery back up: Pretty obvious. You should have a way to
at least keep your systems for a period while you get power restored >
Multiple links to a central service. WiFi and Cellular, monitor for
connections going down and built in trouble shooting to notify the user if
there is one or the other > Centralized data center for always on recording,
pay an additional $10/mo for the ability to store your data elsewhere or offer
local 24 hour recordings in the security base station in your home like many
dash cams have now.

As for security concerns I look at it this way. Remote connections are
something we've got down pat, assuming everyone follows it. Blaming IoT on
being inherently insecure is like blaming the database password leaks on mysql
rather than an open port and plain text user name / passwords.

I think IoT security has a place and purpose that offers benefits over a
traditional system, we're just waiting for the right implementation.

~~~
CaptSpify
We could make useful devices right now, there's just more money to be made
without it.

A) Use existing open protocols: WTF do I need an app to get alerts. Doesn't
email still work fine?

B) No cloud connectivity: No, camera, You don't need to store everything on
the internet. My NAS can store it just fine. Or my backup usb drive, or
whatever. If you want that as an option, sure, but quit trying to pretend that
it's the only way this can be done. Same with you fridge. You don't need to
store that grocery list online, it can just be emailed directly to me, TYVM.

C) Manual overrides: If my door won't unlock because servers are down, give me
a physical key as well. I've read some companies faq's saying that if the
internet is out, or their servers are down, you'll just have to call their
customer service. No no no no no. Give me a key override. I'm not going to
stand outside my own house while you try to get your servers going again. And
what if your company goes under?

D) Open Source: If a bug comes out that renders my door-lock unusable, I want
to know that I can patch it. We know the manufacturer sure isn't, using
history as a guide. Why would you buy next years model if this years model
didn't have security flaws?

Building a robust system isn't hard, it's just not profitable. All of these
failure-points aren't there because we can't solve the problem, they exist
because they are more profitable to leave unsolved.

~~~
jaredraby
I agree that a robust system isn't hard. I don't agree that it's not
profitable. If you don't make an app, that cuts down on your bottom line, not
paying to make the app or the programmers to maintain it. From there you can
just tack on additional services easily. Local storage for everything as they
do now with security. Just give the users a micro SD card slot, say you can
record everything right here. Charge them for a cloud connection / storage.
Charge them for remote monitoring.

Agree with manual overrides there is no reason to not have a key. I'm
surprised you've read about that because that's against regulation in
commercial security. If power goes down there should be a battery backup to
power it and keep the key card / door security working OR it turns off and you
can't lock your doors. Better to keep unlocked than have someone burn alive
inside.

The beauty of IoT is how it can be easily expanded and connected should you
choose to. There is nothing preventing companies from implementing the same
idea to the payment system. Charge enough for securing those IoT devices once
they reach out into the world and I think you can have a real system on your
hands.

~~~
CaptSpify
> I don't agree that it's not profitable.

I'm open to your opinion on that, but if that's true why is it not being done?
There's a _lot_ of companies making IoT stuff, but it's really hard to find
any of them making robust systems. The lack of profitability is the only way I
can reconcile that. If you have another idea, let me know.

> I'm surprised you've read about that because that's against regulation in
> commercial security

Looking now, I see a lot of companies switching to local bluetooth
connections. That's definitely an improvement to the last time I looked (years
ago).

> The beauty of IoT is how it can be easily expanded and connected should you
> choose to.

I agree! but not if we keep pushing closed-off systems and protocols

~~~
jaredraby
I guess my opinion comes from the idea that there hasn't been a product or
company that exemplifies a basic/robust system as we have both described.
Everything has had the flashy app, or cloud connectivity, which in itself is a
cost. If you're able to build a basic system completely contained, mark that
up, you have just a regular hardware product, doesn't need to be IoT. Now, if
you want remote monitoring, or backup systems you can start charging for that.
Which, I might add, traditional security companies already do. And what many
IoT companies seem to consider "essentials" rather than "extras". I think once
the idea is shifted from user base / experience towards a goal to hit the
actual benefits (ease of expansion / cheap data monitoring ) then we'll start
to see IoT really explode.

------
PieterH
It's always porn and games.

