Internet of Fail
The IoF strikes again!
Philips' Hue smart-home lighting has had an embarrassing outage with its API going offline for four hours on Thursday, preventing customers from accessing the system remotely. On the same day that the company launched its new service – where its lights will respond automatically to streaming music and games – the system died …
I use hue lightbulbs and frankly they have been pretty awesome
thankfully if your on the same LAN segment or have a remote you can control them without the magical intermawebs
to be honest with a architecture like this what could possibly go wrong
https://twitter.com/internetofshit/status/986540999047630849
so in truth they are useable without the internet connection and thats how all "IOT" things should work its the other end they screwed up...
It's a bit strange that the author couldn't think of one reason to control hue remotely?
How about you've been delayed getting home. You want the light on for your pet dog so they're not sitting in the dark for two hours? Or you've decided to stay at a "friend's" house overnight, but you want a light on for a couple of hours in the evening so it looks like your home is occupied? Or your parents called to say they're coming over, but they'll be at the house before you and you don't want them going into a dark house?
There's three reasonable use cases that took me about thirty seconds to come up with. I'm sure others have plenty more.
Okay, also many grown-up people like to toy around with technology, a few decades ago model trains were quite popular. But anyone toying around with "smart home" stuff somewhat reasonably would find ways to set up some (maybe even random) lighting scheme without having to connect to the Internet. That would perfectly cover the first two "use cases". And the third case (parents coming to your home before you arrive) implies that you believe your parents are not able to find and operate the light switch on the wall. Assuming that you were clever enough to install standard wall switches too (if only as a fallback option in case your smartphone's battery is depleted), this would raise some questions ...
yeah, in a funny way this is kind of a *good* news story: at least they didn't design it so stupidly that it sends all your local requests to the internet Just Cuz, thus leaking unnecessary information *and* ensuring local control would go down in a scenario like this.
Low bar, I know! But I suspect at least some IoS products wouldn't clear it...
It's partially good design in having local control (does Nest have that ? I''m not sure). But it's bad (read : venal, customer always comes last) to tie the remote service into a single point of failure.
Of course, most customers want it in a box and no thinking. I'm sure Philip's have done a reasonable job on that or they'd be on the remainder shelves already. And they're not : I tried to get one in the Maplin firesale but they all went before they'd dropped to retail price. So they're an attractive item, for whatever reason.
A reasonably professional IoT device though would have :
1. Default fully-local control (not set it up on the net then fallback to local. Full.)
2. A provisioned service from the manufacturer, secure, reasonably reliable, easy to use. 'Free', paid, whatever as long as it's clear upfront. Points off for 'free for the first year'.
3. The option to move the remote control from the manufacturers' service to another, whether your own or a 3rd party. Documented, secure, no opt-out cost. Possible even if the manufacturer's servers fall offline one day and never return.
I don't honestly know whether Phipps or Nest offer that (I wanted a bargain offer to find out!) but anything less than that is just junk or, worse, a scam that deserves the full scorn of the anti-IoT peanut gallery.
There have been a few people doing studies of IoT devices with an interest in security. They don't generally do a good job of also evaluating threat models, they're more interested in the publicity of 'I found a hole'. But it seems to me that such a review should also examine business models.
Update : just saw MartinB105's post. Philips appear to be pretty close to the above. ++
Perhaps a bit off topic, but why smart light bulbs instead of smart light fixtures that work with any old bulb? Not that either seems to me to have all that much utility.
Good idea mostly, except it's more work to take them with you when you move, and they're not readily installable by the average homeowner.
I'd trust my mother to install a light bulb without electrocuting herself, but less so to change a light fitting.
I'd trust my mother to install a light bulb without electrocuting herself, but less so to change a light fitting.
There's an easy mistake to make if you change a light fitting without knowing what you're doing. Explained in this examination of a failed light switch.
You can even do that with a gas or oil lamp. No need for pesky unreliable mains services.Get orff my lawn.
Everyone has their own choice of a tradeoff between convenience, complexity and risk. You make yours and I'll make mine. Fwiw, that means mechanical switches for me too at the moment too, but there are some cases where I'd be glad of a different method provided it met various criteria.
I'm getting bored with the anti-ioters. Nobody makes you use the things. Some of them (most of them ?) have flaws. So what ? Fix them, or ditch them, or push for something better and move on. But don't tell me what I should think. I can do that myself, thank you.
Installation issues. Few potential customers are willing to work on their own house electrical system, and paying an electrician to come and install it is expensive and inconvenient - that would greatly reduce the appeal of the product. Changing a light bulb is something that anyone can do, and feel comfortable in their ability to do.
Why smart bulbs? Even the cheapest Hue bulbs all support dimming. For that you need a dimmer switch, and bulbs that support dimming (LED dimmable lights are not that cheap). The next more expensive ones change the light temperature, and the expensive ones change their colour. Doing more than just on/off with smart fixtures would be difficult.
And fixtures would need to be connected to the cabling in your home which is work for an electrician, while Hue bulbs are just screwed in.
Although I do love my Hue bulbs, it would be great if I could upgrade all my non-hue rooms with a hue compatible switch ( with an optional trailing edge dimmer, why not ).
Hue uses Zigbee, so could it be tricked into supporting the switches as though they are bulbs?
Edit: it seems they are coming this year: https://huehomelighting.com/hue-compatible-light-switches-coming-this-year/
Grikath
Usually to dissuade the local usual suspects from a quiet visit when they've a feeling you're away for an extended time.
Plenty of homebuild solutions printed in the golden days of electronics mags...
And in 18th/19th century Britain, before a Tyrannical Government brought in Nanny State laws to stop the Right To Bear Spring-Guns there were other options...
"Usually to dissuade the local usual suspects from a quiet visit when they've a feeling you're away for an extended time."
So all the other clues about you being away will be there, but the lights are on, so they'll just jog on?
If the car hasn't moved, bins not put out or any of the many other things that indicate someone is on holiday, then your typical half brained scrote will perform some cunning ruse to ascertain whether you're home, such as ringing your doorbell.
Plus the fact that night time burglaries are very risky, since neighbors are ore likely to be home. Whereas rocking up in daytime with a moving van, wearing overalls (clipboard optional) means that even the cops will ignore you.
My security measures are mainly not having anything worth nicking versus the hassle of getting in, combined with being on good terms with the local pot growers, who are around at all hours, and tend to keep an eye out for suspicious activity :)
If you must have voice control, it really needs to be done in the device or at least within the LAN. Farming it off to the internet creates problems with both security and reliability. I presume I'm preaching to the converted here, but I wonder how long it will take for the wider world to realise this.
We can't really think of any good reasons why remote control of Hue lights would be useful.
It's really useful if you have a long overgrown pathway to your house, and you're coming home late. Turning on the outside lights so you can see the nefarious rascal about to jump you and make off with the remains of your kebab.
Why they never realize that they can make off with your very expensive Hue lights instead is beyond me.
There's already a solution to that, it's called a movement detector. Place it near your light looking down and the overgrowth will not keep it from detecting you and turning on the light.
Why people absolutely have to go with the least secure bit of shiny instead of using proven tech that is safe is beyond me.
There's already a solution to that, it's called a movement detector. Place it near your light looking down and the overgrowth will not keep it from detecting you and turning on the light.
Or, if you're dealing with a pathway of which only a part is in the detector's field: a conventional RF remote control on your keyring, or if you want to get fancy, fitted to the garden gate.
.. or, as you can with most cars these days, park so the 'follow me home' lights illuminate the pathway (and learn to walk fast if you haven't figured out how to adjust the timing yet)
On the Hue note, I have LED light fixtures manufactured by some 'Happy Electrics Corporation' in China. They have a short range remote (actually many of them, but each works on any light inside or out) which allows you to switch the lights on and off, dim them, and set them to any one of (so they claim!) 16 MEELLION colours, as well as a relatively efficient dimmer function and various hideous colour changing 'pulse' modes.
Dirt cheap, and no infernalnet connection required.
Of course, I can completely understand that being unable to switch your kitchen light on and change it from white to blue while you're on holiday in the Cocos islands could be a major problem for .. .. fucking NOBODY.
If you're relying on third party services for something to work, you need to expect that it will randomly fail to work. Oh, and it'll be hacked.
This is the thing that makes the current view of IoT unbelievably stupid -- their reliance on third party services. It's not technically necessary, and give little benefit to the end user. It's only required to allow companies to engage in ever-more data mining.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
Lost internet connection, emergency blink-mode initiated, contact your administrator to reset.
The bulb has only one channel of communication in the event of network failure by which it could show an error code. Blink codes. It'll be the old BIOS-beep thing all over again.
One short, two long, one short, pause... Ok, that means... incorrect supply voltage? Oh, no, that's the reference book for the Amazon brand, this is a Phillips brand. Which means the code means... it's not on the chart! Or is this chart for the first revision? No, they changed the codes on bulbs after 2021, so... got it. One short, two long, one short, pause means "Unspecified error." Screw that, I'm getting an old-fashioned manual bulb.
How do debug your Philips lightbulbs
Who on earth would think this is any way an improvement?
Holy Flying Scotsmen, Batman! that is one of the weirdest articles I've ever read.
- type in the serial numbers of your lightbulbs
- remove all your dimmer switches
- reset your configuration and start again
- give the lightbulb full access to internet, sms, contacts, location and breakfast menu
- sign out of your iCloud account
- be careful not to delete all your contacts
- sign back in to your iCloud account
This is how a lightbulb install/debug/operation should go:
screw bulb into fixture
switch on (at wall or via remote)
Of course, it means your lightbulb can't try to sell you shit, but sometimes you have to take the smooth with the even smoother.
This post has been deleted by its author
I have Hue bulbs throughout my entire house (around 20 in total) and I never noticed any problems.
But then why would I need to control my lights from outside my home?
Aside from that, the Hue Bridge runs a local web server that lets any web capable client application control the lights, and the documentation for the Hue web API is fully available to customers, and its not very difficult to understand.
So literally anyone can develop software to control Hue bulbs using any web-capable technology of their choice, which means someone could easily make Hue bulbs work remotely without relying on the Philips online service.
I have to give credit to Philips for being so open with the Hue system; I don't know many device manufacturers who make their systems as open as Hue is.
An outage of a service that is little more than a bonus periphery feature of the system isn't going to change my opinion that Hue is a great system.
I've discovered a huge vulnerability in TV sets from almost every manufacturer. Apparently they use an unencrypted, openly known (and often documented) broadcast method to control them.
You could be subject to sniffing attacks that determine your choice of TV viewing, traffic and content analysis that determines which of your family is near that TV, remote command attacks that could change channel and influence you politically or present a fake channel instead of one you thought you chose. Selection of paid content while you're not present. Denial of service.
All this with just line-of-sight access to your window : no need to tap infrastructure, you can do it from a van in the road,. a handheld appliance from across the street, or a laser from the next block of flats.Cost of entry is low using arduino-level hardware. Cheap products have been on the market for years to facilitate some attacks. For extra fun and on-topicness, I can imagine a remote attack via a compromised light bulb. PoC needed.
ps. I don't watch TV any more and never leave it in standby if my partner uses it. So I don't care. Perhaps you don't either. I made this post because you don't have to be on the internet to be a victim of remote control device takeover. Moaning about IoT failures like they're a new thing and the result of people using unnecessary technology is valid, but 50 years too late.
I am old enough to remember the Bad Old Days(tm) of networks (both corporate and home), when you had to check and double-check that the network card you were adding to your network would work with (a) the other network cards; and (b) your switch/router/whatever.
Now, we have standards and unless you are very unlucky, WiFi and cabled PCs will quite happily interact with each other and your network equipment (security settings notwithstanding).
That's what the IoT needs: an IoT "router" that sits on your network and interacts with your IoT shit and, WHEN ABSOLUTELY REQUIRED, talks to the internet. Of course, this would mean that IoT management needs to be standardised - which no company will want to do unless someone like the IEEE steps in.
I'm guessing some bellend at Philips tech screwed up the AWS Route 53 config and broke all their customers toys!
Sure I have remote controlled lights in a few rooms but they're Bluetooth controlled locally in the house, useful for when you and the Missus are cuddled up on the sofa and you don't want to get up they can be useful to turn down the lights. You get into bed and forgot to switch off the lights downstairs whip out the phone and switch them off remotely. Useful when you get early in the morning and my lights are timed come on so I don't trip arse over tit, over the fecking cat in the dark some mornings! However they're a simple convinience, not life and death and I could live without them if pushed, I managed for many years before. I most certainly have no interest in conntecting my house lights via a remote server hosted on AWS or Google Cloud.
A quick look at the early commercial IoT devices made it a no brainer to design and build my own. As person living with disabilities , it is easier for me to have one way traffic with the Internet. Data only comes from , never to the wider network. Even so, the overwhelming number of failures with a sh!t-ton of work around codes is with that minor part of the system. For example, I use an open weather API for some meteorological observations not possible from my 2nd floor flat. The api return is carefully evaluated for nasites before use I run servers here mostly on raspberry pi3,the price makes having a server per pi cheap and easy. , but for the heavy lifting and speedier communications a rock 64 SBC.
Kit communicating with remote backends unnecessarily is the problem rather than the technology itself. Those dangers exist in all communications with the wider net. In the main this is to benefit of the producer , rather than the end user. Determining the lifestyle of an individual from their habits is an easy task for machine learning . Some monitoring systems for confused and frail rely on this to alert possible problems with an individual's health. The main use is to profile people advertisers are interested in. opting out is not an option if the device is calling home continuously.
It ain't just the hackers you need to worry about. If you go with Nest, then you've invited Google into your life. Now, to be fair to them, they may hoover up your data like nobody's business, but at least they mostly haven't given it away to everyone. Unlike Facebook, who seem to have all the data-security abilties of my Mum. Actually that might be unfair to Mum...
Phillips probably aren't as interested in tracking your personal habits, but you have to worry if they plan to sell that data to someone who does.
I've been messing around with a Hues Emulator; a python script that runs on a VM and pretends to have light bulbs attached. The Alexa device detects these and adds them. Now when I use voice control I see a connection from the Echo (oddly, not the one I'm speaking to but another one in another room!) to the emulator. So Alexa voice control appears to be local (once it's been sent to Amazon for processing, of course).
For "out of home" connections, the Hue Bridge makes an outgoing persistent connection to a Hues website. My router conntrack is telling me it is currently connected to 104.155.18.91 - which is "....bc.googleusercontent.com" and has a certificate for ws.meethue.com (signed by some Philips intermediate) - I'm guessing a websockets layer.
Given this is google cloud compute, it's likely Philips pushed bad code...