Apple joins the Thread Group, sparking speculation over whether HomeKit will support the low-power mesh networking protocol.
“Up until now, Apple has adopted its typical my-way-or-the-highway approach to smart home technology, even ending up in the ludicrous positionwhere it forced device manufacturers to add a special Apple-specified microcontroller and firmware to their products if they wanted their kit to work with Apple’s iThings via HomeKit.
In other words, if you made smart-home stuff, and you want it to be controlled from iOS or macOS, you needed to place Apple-picked electronics in your system. These extra components would perform the cryptography and other operations needed to secure the connection between a person’s iPhone, iPad or Mac, and the smart-home equipment. Not a bad way to enforce security, yet not a great way to make friends in the consumer hardware world: virtually no manufacturer was interested.
Apple eventually backtrackedon that decision, and implemented authentication through software after the broader smart-home market decided not to bother with what it saw as Cupertino control freakery.”
Article from The Register:
US pair’s private chat sent to coworker by AI bug
It’s time to break out your “Alexa, I Told You So” banners – because a Portland, Oregon, couple received a phone call from one of the husband’s employees earlier this month, telling them she had just received a recording of them talking privately in their home.
“Unplug your Alexa devices right now,” the staffer told the couple, who did not wish to be fully identified, “you’re being hacked.”
At first the couple thought it might be a hoax call. However, the employee – over a hundred miles away in Seattle – confirmed the leak by revealing the pair had just been talking about their hardwood floors.
The recording had been sent from the couple’s Alexa-powered Amazon Echo to the employee’s phone, who is in the husband’s contacts list, and she forwarded the audio to the wife, Danielle, who was amazed to hear herself talking about their floors. Suffice to say, this episode was unexpected. The couple had not instructed Alexa to spill a copy of their conversation to someone else.
For the full article see:
You know that silly fear about Alexa recording everything and leaking it online? It just happened
From Pen Test Partners Blog:
Stronger S2 Z-Wave pairing security process can be downgraded to weak S0, exposing smart devices to compromise.
Z-Wave uses a shared network key to secure traffic. This key is exchanged between the controller and the client devices (‘nodes’) when the devices are paired. The keys are used to protect the communications and prevent attackers exploiting joined devices.
The earlier pairing process (‘S0’) had a vulnerability – the network key was transmitted between the nodes using a key of all zeroes, and could be sniffed by an attacker within RF range. This issue was documented by Sensepost in 2013. We have shown that the improved, more secure pairing process (‘S2’) can be downgraded back to S0, negating all improvements.
Once you’ve got the network key, you have access to control the Z-Wave devices on the network. 2,400 vendors and over 100 million Z-wave chips are out there in smart devices, from door locks to lighting to heating to home alarms. The range is usually better than Bluetooth too: over 100 metres.
See full article here:
Z-Shave. Exploiting Z-Wave downgrade attacks
Article by The Verge:
“For at least a few hours overnight, owners of Nest products were unable to access their devices via the Nest app or web browsers, according to Nest Support on Twitter. Other devices like Nest Secure and Nest x Yale Locks behaved erratically.
Importantly, the devices remained (mostly) operational, they just weren’t accessible by any means other than physical controls. You know, just like the plain old dumb devices these more expensive and more cumbersome smart devices replaced.
While not catastrophic (locks still worked, for example), it’s a reminder just how precarious life can be with internet-connected devices, especially when you go all-in on an ecosystem.”
Entire Nest ecosystem of smart home devices goes offline
“That’s right. Britain’s smart meters are now officially the most expensive smart meters in the world.” Full article by Nick Hunn can be found here:
British Smart Meters cost £28 million EACH
For those of you who have not been following the story, let me provide a brief précis. Back in 2010 the Government mandated that every home in Britain should have a smart gas and a smart electricity meter by 2020. Instead of using off the shelf smart meters, they decided to design their own. DECC worked with some vested industry interests to do a classic Government IT committee job, producing the most complex smart meter specification the world has seen. That design was called SMETS1 – short for Smart Metering Equipment Technical Specification. Not only was it the most expensive, but it was also insecure. When GCHQ looked at it and considered the potential implications of connecting it to our national infrastructure they demanded a redesign, resulting in the SMETS2 specification. SMETS1 meters look as if they won’t work with the SMETS2 software infrastructure, so any SMETS1 meters already installed will probably need to be replaced. Throughout this fiasco, the Government has not relaxed its requirements for every home to have a smart meter fitted by 2020, which means fitting around 50 million new meters.
Which brings us to today. The SMETS2 meters are enormously complex and are pushing the limits of the industry to design them. With the 2020 deadline barely 30 months away you’d hope that the bulk of them would be fitted by now. But I’ve just been talking to contacts in the industry who have told me that currently there are only around 80 SMETS2 meters fitted. Do the sums based on what has been spent so far on the GB smart Metering programme and you’ll find that it equates to around £28 million for each of these meters. It is an obscene example of a Government IT project going wrong. But it gets worse. Not only will the overall project cost consumers around £12 billion, it has the potential to destroy Britain’s leading position in the development of the Internet of Things.
In the Internet of Things, every smart device has to understand and speak the same language at the application layer. How else is a smart hub expected to know how to communicate and control an off-the-shelf door lock or thermostat? Without a common application layer, it really doesn’t matter how well the networking layers perform.
Dotdot is a universal, standard application language for smart devices to communicate over any network.
See ElectronicDesign Article:
Dotdot—The Language of the IoT
Article by Tech Radar:
“We’ve long been promised the voice-activated, automated, robot-butler-equipped home of the future, a nuclear age dream of the 1950s that’s inspired everything from The Jetsons to Back to the Future II. And while the smart home concept is now finally, slowly becoming mainstream, there remains a crucial barrier to entry – with so many devices to choose from, and so many smart home ecosystems to rule them all, where does the forward-thinking homeowner start?”
Sommar Place, currently under construction in Milton Keynes, will offer 56 modern houses and apartments with a key difference from your standard new-build properties: they’re being built from the ground up with Apple’s HomeKit ecosystem in mind.
See: The house that Apple built: a tour around a purpose-built HomeKit smart home
“Having announced back in September that it would launch a new smart security system, doorbell and lock, the company finally put the last two into the market this week, as well as a new, smarter outdoor security camera.”
You can see a copy of a presentation on #IoT Wearables and Smart Homes here:
Amazon has bought a US firm that makes high-tech doorbells in a move expected to help the online retailer improve how it delivers parcels.
Ring makes doorbells that record live videos of customers’ doorsteps, then sends the videos to their smartphones.
Amazon buys ‘smart’ doorbell firm Ring