Read on SmallNetBuilder
Last edited:
Smart Homes In The Cloud
- Thread starter thiggins
- Start date
Read on SmallNetBuilder
System Error Message
Part of the Furniture
interesting article, trying to provide some negativity against while hiding it as well.
The solution is simple, its simplicity. Theres no need for an AI to anticipate your needs, we have medical data to do that to work off. Data shouldnt be logged, rather it should be logged to your doctor if you have some kind of medical condition so the doctor can easily check on you and not the company.
Cameras though would be different. You can determine someones condition using sensors rather than cameras. Best use for camera would be security.
I think the whole smart home took off in the wrong direction. Rather than being a technology that advances our homes to make our lives easier, it ends up being a way to sell us stuff and sell our data or even privacy.
Smart home solutions must be able to work independently and not based on a cloud, this is because it makes networking and cloud a point of failure. This means all a robber would have to do is jam your wifi and he could break into your house without setting off any alarms. This is why its important to have a standards and an open platform for multiple vendors as the more choices there are from different manufacturers, the harder it is for some criminal to figure out what you're using and a way around it. Its just like with modern keys for cars, all someone has to do is listen and repeat the signal and they can just drive away with your car. Not to mention that smart cars are also hackable in a live threatening way now.
The solution is simple, its simplicity. Theres no need for an AI to anticipate your needs, we have medical data to do that to work off. Data shouldnt be logged, rather it should be logged to your doctor if you have some kind of medical condition so the doctor can easily check on you and not the company.
Cameras though would be different. You can determine someones condition using sensors rather than cameras. Best use for camera would be security.
I think the whole smart home took off in the wrong direction. Rather than being a technology that advances our homes to make our lives easier, it ends up being a way to sell us stuff and sell our data or even privacy.
Smart home solutions must be able to work independently and not based on a cloud, this is because it makes networking and cloud a point of failure. This means all a robber would have to do is jam your wifi and he could break into your house without setting off any alarms. This is why its important to have a standards and an open platform for multiple vendors as the more choices there are from different manufacturers, the harder it is for some criminal to figure out what you're using and a way around it. Its just like with modern keys for cars, all someone has to do is listen and repeat the signal and they can just drive away with your car. Not to mention that smart cars are also hackable in a live threatening way now.
ADFHogan
Regular Contributor
"The cloud will take care of it" ... until it doesn't, and you're left with bricks that only talk the proprietary cloud protocol.
- IoT needs minimum security standards through good design, not NDAs / security through obscurity. Manufacturers have proven that they will take the quickest path to market, and employ reference design software with hard coded passwords, ancient versions of code libraries, and poor application level authentication mechanisms. Often the software will have open source elements which are patched by the community, but for which the manufacturer never releases patches.. this is how we end up with things like Mirai
- Equipment should have clearly documented APIs - particularly equipment connected to systems that will last many years (whitegoods, home power generation, HVAC etc.). Clearly documented APIs would allow orphaned devices to be interfaced with other devices. What Google did to the Revolv shows that closed platforms can be canned quickly and then you're left with a stack of devices which may not even support "dumb" operation and need to be replaced
- Equipment should receive software updates - at the very least, security updates, but these updates need not necessarily be free - ongoing software development has an associated cost, and to deny this is to incentivise manufacturers to orphan old kit and put out new kit which does what the old kit is still perfectly capable of doing. Manufacturers need to explore how they can monetise existing kit
- IoT need not mean that EVERYTHING needs to be routed off to a cloud server somewhere. Internet can go out, we have very powerful devices in our homes - the idea we need to plug everything into machine learning to know when to turn the lights on, or to turn on the TV is bulldust and clearly just a grab at our personal information
Agree with many of your points. Note all the mesh Wi-Fi systems have firmware update push enabled by default. Name brands know they have a lot to lose if their brand gets a rep for poor security.
No-names could care less. Consumers who buy no-names care the least and should know better, especially with all the press internet security is getting lately.
These guys know they need to push at least some functions to the edge as soon as they can and even more as the number of home IoT devices grow. There simply isn't the bandwidth to execute every function in the cloud, not to mention latency issues.
Amazon and Google are offering a Faustian bargain with Alexa and Home. We are helping train their AI, which in the end, work for them, not us. I hope someone (Microsoft?) is working on AI that truly works for consumers. It should be just like hiring a human personal assistant with confidentiality terms that protect the employer. If confidentiality is breached, damages could be collected by the employer.
To do this, however, would require laws to catch up. Good luck with that at least here in the U.S. We can't even get laws to require companies to divulge data breaches, let alone be liable for damages.
No-names could care less. Consumers who buy no-names care the least and should know better, especially with all the press internet security is getting lately.
These guys know they need to push at least some functions to the edge as soon as they can and even more as the number of home IoT devices grow. There simply isn't the bandwidth to execute every function in the cloud, not to mention latency issues.
Amazon and Google are offering a Faustian bargain with Alexa and Home. We are helping train their AI, which in the end, work for them, not us. I hope someone (Microsoft?) is working on AI that truly works for consumers. It should be just like hiring a human personal assistant with confidentiality terms that protect the employer. If confidentiality is breached, damages could be collected by the employer.
To do this, however, would require laws to catch up. Good luck with that at least here in the U.S. We can't even get laws to require companies to divulge data breaches, let alone be liable for damages.
sfx2000
Part of the Furniture
It's an odd place to be...
A few years back, I was at an industry round-table - at the time, the concern was about security for mobile apps, and over the top applications.
One of the questions posed to me specifically was about federation of those apps into a common gateway interface to prevent spam, malware, and other abuse..
I'm ex-telecom, and at the time, I was the SMS/MMS message wrangler for a good size mobile operator - and my answer was fairly surprising... even amongst my peers in the industry, as there was a real drive for federation and more content management at the time... and also to monetize some of the OTT content...
"for the services we provide directly - we'll do our best to protect them, and provide the very best experience for our customers there
For the over the top providers like Facebook, Google, iMessage, Instagram, kik, whatever, it's up to them to protect their users - we'll do our best to provide best of class data services and devices, as all try to do this, but for those application providers, the onus is on them to secure their services and protect their users, by federating that content, it does not add to the user experience, and introduces cost and complexity to our platforms"
(in our company's context, we didn't charge for SMS/MMS - as SMS is essentially free, and MMS was on the downslope anyways because of the OTT apps - even then it didn't cost us much, and FWIW - our messages/sub/month was one of the highest in the US market)
For the over the top providers like Facebook, Google, iMessage, Instagram, kik, whatever, it's up to them to protect their users - we'll do our best to provide best of class data services and devices, as all try to do this, but for those application providers, the onus is on them to secure their services and protect their users, by federating that content, it does not add to the user experience, and introduces cost and complexity to our platforms"
(in our company's context, we didn't charge for SMS/MMS - as SMS is essentially free, and MMS was on the downslope anyways because of the OTT apps - even then it didn't cost us much, and FWIW - our messages/sub/month was one of the highest in the US market)
This was a few years back - 2013, and the situation hasn't really changed there - if the Carrier offers services, as long as it's a vertical service, it has a chance to work -- but don't expect them to keep things secure for application services they don't directly offer...
Similar threads
