You Better Watch Out

You Better Watch Out
By Dr. Neal Krawetz

As we enter the holiday season, I’m seeing more and more Internet-enabled devices available to consumers. The Internet of Things (IoT) is based on the concept of making everything network enabled. However, this always make me question “why would you want that?”

For example, there’s a product called the iKettle. This Internet-enabled teapot allows your smartphone to start the water boiling remotely. But I have to ask: do we really need this?

Personally, if I want fast boiling water, then I use a microwave oven. 1 minute on high boils a cup of water. It takes me a minute to break out the mugs and cocoa powder, so I can multitask while the water heats. In contrast, the iKettle can boil the water ahead of time, but I still need to spend a minute pulling out mugs and cocoa powder.

As an aside, I find it ironic that my cocoa powder by Swiss Miss has “As much calcium as a glass of milk… just add milk.”

(If I add water, then does that mean it doesn’t have calcium? What if I use hard water?)

I’m not even going into the security risks related to how the iKettle can expose your wifi password. I mentioned that in a previous blog entry.

In fact, this year has a selection of Internet-enabled water bottles. There’s the Hidrate Spark and the smart bottle by Thermos. Both track how much water your drink. The Thermos bottle even tracks the water’s temperature. (I find it funny that it provides “real-time temperature readings” but is “not for use with hot liquids”.)

You better not cry

Back in 2013, Huggies tested a new product called TweetPee. This device attaches to a diaper and lets you know (via Twitter) whether your baby needs changing.

Personally, I view this as oversharing. I don’t think everyone on Twitter should know when that diaper is dirty. Besides, kids have their own built-in alarm system called “crying”. Parents even have some built-in sensors — like noses and fingers — that can detect if the diaper is dirty. (And before you cringe at the thought of putting your finger into a diaper to see if it is dirty, just wait until you have to clean projectile vomit and diaper leaks. If you’re that squeamish, then don’t have kids.)

Amazingly, I can find lots of news reports about TweetPee, but no products for sale. I guess it didn’t make it past the initial product reviews and limited testing.

Better not pout

Not every IoT device is related to liquids. For example, there is Bluesmart luggage. This Internet-enabled suitcase allows you to locate your bag anywhere in the world. As a frequent traveler, the more I think about Bluesmart, the stupider it becomes:

  • At the airport, you can expect questions like “Has your luggage been in your control this entire time?” If the answer is “yes”, then you don’t need Bluesmart. If the answer is “no”, then Bluesmart won’t tell you what happened when it was away.
  • If you use it as a carry-on, then you know it is on the plane and you don’t need Bluesmart.
  • If you check it as luggage, then it is outside of the Bluetooth range; you can’t control it.
  • The specs say that it is also “Equipped with 3G Cellular Data and GPS”. Except that you are supposed to turn off all cellular devices before getting on the plane. If the device is turned off, then you cannot track it. And if you leave it on, then it will likely have a drained battery after a long flight so, again, it won’t work. (Cellular devices constantly try to connect to ground towers when flying, and that quickly drains the battery!)
  • What about trains and buses? If your luggage isn’t with you, then it’s in a metal-enclosed luggage storage area. That means it has weak or no cell coverage, and no GPS.
  • And what happens if you do discover that your luggage didn’t get on your flight? Well, they’re not going to hold the plane while they search for your bags. You’ll just be happy to know that they lost your luggage before you took off, rather than after you land. And telling the airline the exact GPS location of your missing luggage probably won’t help them recover it any faster.

Making a list and checking it twice

Of course, most of the people I’ve talked to are interested in wireless security cameras. One friend is using a new camera to watch his new puppy. Another used something similar to figure out which cat wasn’t using the litter box. I’m also seeing more houses with cameras that watch the premises for potential burglars or thieves. (They may not be able to stop the crime, but they can still hand over pictures of the perpetrators to the police.)

I recently looked at some PTZ cameras (pan/tilt/zoom), since my old Fosscam died. (Fosscam just isn’t built to last.) Some of the product comments were pretty startling. For example, there were complaints that some cameras won’t work without Internet access. It seems that many cameras continually communicate with an external service, even if you want to use it on a private local network. Of course, the security geek in me makes me wonder: What are they sending and why?

There are also configuration issues. For example, many users don’t change the default administrative password. And some cameras have backdoor accounts that cannot be disabled. As a result, there are plenty of private web cams that are publicly accessible. You can browse a list of them at Insecam. When I took a peek, I saw kids playing in swimming pools, an empty exercise room, a storage closet in Russia, and some guy sleeping on the job in Korea.

(For my own needs, I’ve converted a couple of old cellphones into Internet-enabled cameras using DroidCam. As long as the phone is plugged in, the camera is fine.)

He sees you when you’re sleepin’, so be good for goodness sake

The funniest IoT device that I’ve heard about this year is the Smarttress — an Internet-enabled mattress. This device includes multiple sensors that can identify when the bed is in use and how it is used.

Now, I can totally see this being marketed toward sleep researchers or people with sleep disorders like night terrors, insomnia, or sleep apnea. I can totally envision people who are into body hacking and sleep tracking really being interested in this bed.

However, that’s not how Smarttress is being marketed. This Internet-enabled mattress is intended for people who suspect infidelity. On their web site, they actually have a heading titled “Lover Detection System“. Not only can you determine when your lover in unfaithful, you can tell for how long, what positions, and how vigorously. The company actually sells it with the tag line: “If your partner isn’t faithful, at least your mattress is.”

Personally, I think this mattress is a waste of money. It’s like when people write to me to forensically evaluate their spouse’s computer because they suspect their partner is having an affair. First, I can’t: it’s called “digital trespassing” and it’s a felony if I don’t have the partner’s permission. And second, if they have this kind of suspicion, then they don’t need a forensic analyst; they need a divorce attorney. (Even if the accusation is false, they have serious trust issues in their relationship. Better to end it now.)

Then again, maybe Smarttress should market this bed to dog owners — along with a remote control audio system that shouts “Bad dog! Off the bed!”

December 11, 2016 at 07:44PM
via The Hacker Factor Blog