The Cloudiness of Things

[jay (support)]

I see a problem with where this is leading: want to control your music? There’s an app for that. Want to turn off your coffee maker? There’s an app for that. So, let’s take inventory: lights, thermostat, sprinklers, music, coffee. That’s 5 different apps. Following this course, your iPhone and these apps are going to turn into the 21st century version of having 5 remotes on your coffee table, one for your amplifier, one for your TV, one for your VCR, one for your DVD, one for your Cable box.

Someone somewhere referred to this as "app fatigue". I think that's a incisive way to put it.

That (many different apps) is a normal technology cycle until the industry has consolidated.
If there is enough money on the table technology will evolve, it will be commoditized after some time and the "one special" feature of one app will be available everywhere. (e.g.: nothing special about MS word ... anymore)
This needs strong players (i.e. google, MS? apple, att, GE?..) that have the money to buy up the players. That might not be what we like but in 5+ years, I strongly believe it will be that way. enjoy the time until then..


Karl

That (many different apps) is a normal technology cycle until the industry has consolidated.

Its been 50 odd years since the first VCRs appeared.. i’m still waiting for the industry to consolidate and agree a good remote control for all devices

[jay (support)]

Even longer for wireless remote control in general - I think there was one back in the 1940's for some radio. Zenith did the first one for TVs in the 1950s (as I recall).

I agree that it's likely there will be some consolidation - but around protocols (Z-Wave, ZigBee, or perhaps something else entirely) and not around specific hardware/software bits. Lots of people build "smart phones" - all of which talk to the internet, provide telephone services, etc. Those bits have consolidated around standards. It's the combination of those things in a singular product that will continue to be driven through a wide variety of competition.

Given last weeks WWDC it will be interesting to see where HomeKit leads us. Hopefully to some inter-operable standards to allow various devices to work with each other.

I think HA is "Balkanised" like the Android ecosystem to quote the late Steve Jobs.

What I'm expecting from Apple is some kind of certification program, where they develop the protocol, and as devices adopt it, they are certified by Apple to "Work". All of this automation, of course, will be run by iCloud, and we all remember the issues and problems Apple had with iDisk, and to some extent even with iCloud, so running my house from the cloud.... especially Apple's cloud isn't something I'd ever consider.

And of course, this also depends entirely on an 24/7 internet connection to do anything. And while Indigo is greatly enhanced by the internet, even with no internet, Indigo is fully capable of doing a lot of things.

And if Apple does dream up some neat, new protocol, I assume that there will be a plugin for Indigo to make use of it. I can't say the same thing about all the existing protocols that Indigo already supports.. Apple is not likely to dip it's toes into the Insteon protocol, or any of the others that Indigo uses reliably every day.

Indigo is a very mature software platform, with a small but very dedicated set of plugin developers.... I hope Apple does bring some order to the game, but that isn't going to happen overnight... not by a long shot.

It looks like the certification program is happening, and the database stored in the iPhone and probably in the cloud too, something I don't like very much. But Apple could also store all this info locally, an AppleTV could do it.
That opens a world of possibilities for the future, and for Indigo...

I would think that an apple TV as a unified controller would make sense. However I see it more along the lines of the smarthings approach where it offers very basic control as opposed to the deep functionality and customization that Indigo offers... but I like the idea of a drop dead simple interface for basic control and siri integration. Indigo would then handle the true automation of my system. In the end bringing home automation to the masses is a great thing for everyone.

And yet another strike against cloudy based systems:

http://gizmodo.com/nest-owned-smart-hub ... 1768977505

Regarding the article that Hackers hijack thousands of IoT devices in internet attack, what are the less knowledgeable of us to consider regarding smart home security?

For example, am I correct in assuming that Indigo / Insteon are relatively safe, so long as my Indigo server is reasonably well protected, but Hue and Alexa plugins open new or additional IoT related security issues to my Indigo system?

(Thanks in advance for your thoughts and advice)

The way I see it, anything you are adding that relies on an internet service in any way gives someone another avenue to infiltrate your network. So it basically becomes a risk reward decision. I have nest smoke detectors, Amazon echo and a LIFX bulb that all connect to the internet on their own. Anything else that I'm connecting to in my system requires me entry through the indigo reflector which I am assuming is very secure. The risk of the other three are worth it to me. The problem is that I don't think most people understand that there are actual risks involved with installing these types of devices. Something very well may never happen to them, but they don't even know that it could.

For example, am I correct in assuming that Indigo / Insteon are relatively safe, so long as my Indigo server is reasonably well protected, but Hue and Alexa plugins open new or additional IoT related security issues to my Indigo system?

First off, ANY device you put on your network could potentially be hacked... computers, phones, hubs, etc. However, not all of these devices present an easy target for hackers -- here is my take on a rough estimation of device "classes" from easiest to hardest target:

IoT Devices Connecting to Cloud
Why? Well, these devices are actively speaking with the internet, be it calling out or waiting for connection. Many are poorly made from a security standpoint and thus fairly vulnerable... my bet is that these constitute the majority of the compromised devices out there. Are all these devices bad/poorly done? Absolutely not. Stick with well known manufacturers and keep their firmware up to date. (Note that some devices that fit in this category can "move" to a lower risk by turning off cloud based features.) NOTE: ALWAYS CHANGE DEFAULT PASSWORDS... this is how the vast number of devices are vulnerable since the default username/password is easily looked up by manufacturer.

IoT Devices Not Connected to Cloud
If there is no main cloud connection, devices are far more secure... but not impervious. Devices without authentication could be vulnerable to attack if someone where on your network, either by a security flaw in the network or a virus on your computer that searches for IoT. Again, well known manufacturers who post firmware updates to address issues are your best bet here. Turn on authentication and changing default passwords as before.

Computers / Tablets / Phones
These items should remain pretty secure IF you keep them up-to-date on software/firmware and secure them properly. Opening up ports to your network necessarily opens you up for attack, but there are times that may be necessary (e.g. Xbox Live, shared Plex install, etc.) To be safe, take the time to open ports or access as needed and carefully - don't just stick a computer or device in the DMZ for ease of setup. Use SSL, Reflector, or VPN for outside access to the network. Run anti-virus where possible.

Note the risk here is somewhat user dependent. If you open random email attachments and get a virus then you have introduced a new attack vector. This isn't really the device being insecure, but in the end I guess ends up the same idea.

Local / Proprietary Protocol Devices
Z-Wave, INSTEON, Bluetooth.... these ALL have vulnerabilities, you can't avoid it. However, they also have the advantage of requiring a physical presence close enough to access your network. Your level of paranoia, your physical location, and/or value of your assets may help you make decisions here -- turning on Z-Wave encryption if Indigo enables it in the future as has been hinted at, turning OFF unused bluetooth features (e.g. smart locks), etc. The biggest thing is that these won't be a target from the various scripts that run to find vulnerable systems over the internet. NOW, keep in mind these can also have devices talking to them which fit in an above category (computer Z-Wave interface, August lock controller, etc.)

That is my quick lunch-break take on it...
Adam

To heck with whether it can be hacked externally; I don't have that much that it would be worth a hacker's time and effort to worm their way through my home security system... what I worry about is the uses that Amazon, Google, Apple, Carbonite, etc can put the information that we're GIVING them by putting it out there on their cloud servers... where we're going, what programs and music we're saving, what products we're buying. The FBI has had carnivore mining our emails forever, but (tin foil hat here) I'm not any happier when Amazon keeps presenting me with new "hot deals" based on what I've been looking at and downloading before.

Another strike against the IoT:

http://hackaday.com/2017/01/02/owl-inse ... y-monitors

Another strike agains cloud home automation:
https://www.theregister.com/2020/11/17/google_nest_outage/