back to article Burning down the house! Consumer champ Which? probes smart plugs to find a bunch of insecure fire-risk tat

Smart plugs could set your house on fire and let hackers gaze upon your private data, according to consumer champion company Which? Which? bought 10 smart plugs available from popular online retailers and marketplaces, ranging from vendors such as TP-Link and Hive to "more obscure" brands such as Hictkon, Meross, and Ajax …

  1. Anonymous Coward
    Anonymous Coward

    The stupid, the lazy and the first mover

    I know a surprising amount of people that use smart plugs:

    'I can turn my xmas tree lights on when I'm not home.'

    'When I see my dog looking sad I turn on the radio.'

    'It's great for vacations because I can make it look like we're really at home.'

    'They're brilliant, I have one where I can turn the TV on by clapping.'

    That's it. Enjoy.

    1. Spoonsinger

      Re: The stupid, the lazy and the first mover

      "They are great for the perfect murder"

      1. earl grey

        Re: The stupid, the lazy and the first mover

        Oh, noes. I've been hacked! (is it TO bits or BY bits?)

    2. I Am Spartacus

      Re: The stupid, the lazy and the first mover

      A person I know has his Echo connected to his lights. Sounds great: "Alexa I'm home" and the lights in the hall, living room go on. He has the same thing at night "Alexa Goodnight" turns the lights in the living room off, and the Hall, Stairs and Bedroom lights on.

      He thought this was great until we left the house together "Alexa, goodbye", and all the lights went out. When I pointed out to him that he had just told Amazon and everyone who can hack its IoT that the house was now empty, he was all "No, it's from Amazon, that makes it secure".

      1. Doctor Syntax Silver badge

        Re: The stupid, the lazy and the first mover


        1. iron Silver badge

          Re: The stupid, the lazy and the first mover

          I have actually done that although my choice of product was decidedly more blue.

          1. Anonymous Coward
            Anonymous Coward

            Re: The stupid, the lazy and the first mover

            Runny cheese ?

          2. KBeee Silver badge

            Re: The stupid, the lazy and the first mover


          3. Anonymous Coward
            Anonymous Coward

            Re: The stupid, the lazy and the first mover

            Harsh language?

      2. Robert Helpmann??
        Paris Hilton

        Re: The stupid, the lazy and the first mover

        "No, it's from Amazon, that makes it secure".

        I wonder if Amazon takes the same approach to vulnerabilities as MS in rating severity on the risk they incur by vulns existing rather than by the potential outcomes to their customers.

        Icon: As appropriate to IoT as anything.

      3. Tilda Rice

        Re: The stupid, the lazy and the first mover

        wow 36 likes. Reflection of the El Reg userbase.

        So, these perps are somehow in cahoots with Amazon employees, or have the brainpower to hack your account. Singled you out.

        Then lay in wait, for you to go out and your "Alexa, Goodnight" just so they can break in a nick your Xbox?

        Oh do me a favour Mr Tin Foil hat. The average thieving chav isn't that sophisticated.

        [also, couldnt possibly meam you've goone to sleep]

        quick, time to install Linux - "the man" is out to get me... Good grief

        1. earl grey

          Re: The stupid, the lazy and the first mover


      4. Man inna barrel

        Re: The stupid, the lazy and the first mover

        That reminds me of the very first product my startup made in the 80's. It was designed to operate things like lights or electrically operated curtains. It detected a hand clap, and operated a relay. That was it. My colleague and I set up his garage as an office/workshop, and we assembled the things by hand. Delivery and payment was at a motorway service station. Great stuff.

        The product was for the rich Arab market, I understand. I hope the customer did well. The whole job was so straightforward, and getting paid on delivery is an unexpected bonus. It's normally "90 days, take it or leave it".

    3. G28

      Re: The stupid, the lazy and the first mover

      Really? You can turn the tv on by clapping? Ok, even if something is sitting about listening for a clap, turning the plug on on any TV I’ve ever had simply puts it on standby. It doesn’t actually turn the TV on and even if it did what a useless feature as you’d need that pesky remote control to actually pick a channel. Clapping to dim the lights, fire up a bit Barry White and light the fire on the other hand...

  2. Mike 137 Silver badge

    What for anyway?

    Voice operated kit can have other side effects too. Years back (I think in the .80s), Dave Allen delivered a comedy sketch where an enthusiast is demonstrating his automated home to a friend. Amazed by the technology, the friend flops into a chair exclaiming "Well bu**er me!" The home owner shouts "NO! Cancel!"

    1. big_D Silver badge

      Re: What for anyway?

      Was that Dave Allen? Sounds like his humour, but I thought it was Eric and Ernie (but I was just a kid)... Either way a very apt cautionary tale.

      1. Yet Another Hierachial Anonynmous Coward

        Re: What for anyway?

        Home automation always makes me think of the classic Frank Spencer - Some Mothers Do 'Ave 'Em episode I first saw as 10 y/o back in 1978. Still makes me laugh whenever it is repeated 40+ years later.

        It was supposed to be a slapstick comedy, not a prophecy.

    2. Chewi


      You forgot to mention the comedy sound effect that followed!

    3. DJV Silver badge

      Re: Dave Allen

      Here it is!

  3. Little Mouse Silver badge

    Viz had a Top Tip many years ago, advising people to label their house keys with their address so they could be returned more easily if lost, and to maybe include a note of when the house is occupied to prevent a wasted journey for the finder.

    And we laughed at the thought of a world where people have such a preposterous approach to home security. It could never happen here, right?

    1. Mage

      Re: top tip

      Never put address or car reg.

      If anything a tag asking they are given to police / garda etc with a code number. NOT your phone number. The code number helps convince the authorities that they are your keys.

      Media is full of stupid advice.

      1. Alister

        Re: top tip

        @Mage, you do know Viz is a satirical comic, don't you? The advice was meant to make you laugh, not take it seriously.

        1. Anonymous Coward
          Anonymous Coward

          Re: top tip

          Give Mage a break - that was at least a useful tip.

      2. Paceman

        Re: top tip

        You have heard of Viz haven't you...?

      3. Anonymous Coward
        Anonymous Coward

        Re: top tip

        I'm guessing you're not familiar with Viz magazine

      4. Anonymous Coward
        Anonymous Coward

        Re: top tip

        Didn't they have Viz in your part of town?

    2. KBeee Silver badge

      Another Viz Top Tip was put Rice Krispies into the tread of your tyres so it will sound like you have a gravel driveway.

  4. Mage

    Not just smart plugs!

    The biggest cause of accidental domestic fires outside the kitchen might now be chargers for phones, laptops and tablets. Next is other power supplies.

    The small SMPSU are too small and badly made compared to the old heavy transformer based units.

    Also they often don't meet RFI standards, too much radio interference that can even affect DSL broadband.

    Unplug them when not in use. Don't replace wall sockets with models that have built in USB chargers.

    Amazon even supplies their own branded US pinned chargers for years to European customers with some products, which is illegal.

    1. Tony W

      Re: Not just smart plugs!

      Scary. But citation please.

      1. Doctor Syntax Silver badge

        Re: Not just smart plugs!

        A search through the usual souks will usually turn up something although these days it will usually be a Euro plug. A few weeks ago I bought a desoldering iron which was only available with a Euro plug. SWMBO has just bought a Clover mini iron and close inspection of the photo on Amazon showed a Euro plug although it appears they're selling it with a UK adapter.

        It always pays to check the pictures of what's being advertised.

      2. Cuddles Silver badge

        Re: Not just smart plugs!

        This analysis of various USB chargers is always worth a link. It's a bit out of date now, but gives an idea of the problems they can have.

        The OP is incorrect that such chargers are inherently dangerous simply because they're small; there's absolutely nothing wrong with the ones made competently to standards. But even genuine branded ones can be pretty terrible in terms of power quality. And no, power isn't simply power, as that article notes, sufficient noise on the input can cause problems such as having your screen completely fail to work while the charger is plugged in. The real problem is, unsurprisingly, counterfeits, which can be a serious danger. And are probably the most common things people buy because they don't understand why it would cost more for something that is "just a plug".

      3. The_H

        Re: Not just smart plugs!

        Have a look on t'Youtube at bigclivedotcom's channel. He revels in taking shoddy equipment apart and explaining just why it's shoddy.

        1. MachDiamond Silver badge

          Re: Not just smart plugs!

          "Have a look on t'Youtube at bigclivedotcom's channel. "

          BigClive should be mandatory viewing. Who else would have thought to try carbonating Jaegermeister? How about cooking a sausage by connecting the mains across a link?

    2. Anonymous Coward
      Anonymous Coward

      Re: Not just smart plugs!

      This situation will only get worse now manufacturers (e.g. Apple, Samsung) no longer provide chargers "as everyone's got one". So there will be fewer properly-designed chargers, and more three-quid tat ones.

      When it comes to plugging stuff into the mains, I prefer a manufacturer who has a reputation to lose.

    3. TheVogon

      Re: Not just smart plugs!

      "Don't replace wall sockets with models that have built in USB chargers."

      Just to note that any socket made to BS1363 is safe with USB ports built in. This primarily a problem for cheaper 2 pin type sockets not permitted in the UK.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not just smart plugs!

        "Just to note that any socket made to BS1363 is safe with USB ports built in."

        This is excellent advice, and thankyou. But how do I verify that any socket labelled as having been made to BS1363 actually has been?

        1. TheVogon

          Re: Not just smart plugs!

          Pick a well known brand name from a mainstream supply such as Amazon itself - not resellers.

          The European equivalent "CE" mark is pretty much worthless as on items displaying that logo it frequently means "China Export". Seriously!

      2. Stephen 1

        Re: Not just smart plugs!

        I looked at installing some of those recently since they seemed a pretty handy thing to have. None of them had a separate switch to disconnect the USB circuitry from the mains and that was enough to put me off. It is still a potential fire hazard in case of circuit failure, small though the risk might be, I can't see what difference BS1363 makes to that.

        1. TheVogon

          Re: Not just smart plugs!

          They have inbuilt thermal fuses and as such don't pose a fire hazard.

          1. Anonymous Coward
            Anonymous Coward

            Re: Not just smart plugs!

            And made of materials that self extinguish too.

            The cheapest well made USB wall adapter around at the moment is probably Ikea's Koppla 17W three port. They've just been reduced from £8 to £6. Big Clive gives the innards a thumbs up so they're definitely not tat. They're actually cheaper than the Lightning cable Ikea sell to go with them which is likely also not tat.

      3. Evil_Goblin

        Re: Not just smart plugs!

        Really? But how do you know it really does conform when almost everyone self-certifies these days. Yes there's BS1363 part 2 that pertains to USB, but various investigations by people like Electrical Safety First show that a lot of "compliant" sockets available for purchase don't even conform to Part 1 for the standard 13A bit, let alone the Part 2 for the USB stuff.

        Fundamentally for me, until there is a socket available which gives the USB ports their own separate mechanical on/off switch, not going to be fitting any.

        EDIT: For typos and to add that two others above clearly have the same concerns and got in before me!

        1. Chris 239

          Re: Not just smart plugs!

          Unless you stand there watching your shiny iThing charging for however long it takes I don't see the benefit of an off switch on it on safety grounds.

          OTOH I often wonder what standby power they consume - probably very very little but x a billion or so and it's probably a decent sized power station worth.

  5. Neil Barnes Silver badge

    If you have an alexa

    and it's plugged into a smart socket, will it turn itself off when told to?

    I think the second law trumps the third...

    1. Anonymous Coward
      1. Captain Hogwash

        Re: If you have an alexa


  6. big_D Silver badge


    I don't currently have any Internet of Tat stuff, but when I set up my network, I dedicated an extra VLAN for IoT devices. It has its own SSID and it has only access to the Internet, no access to the other VLANs, just like the guest network.

  7. MJI Silver badge

    Are these certified?

    Can they legally carry BS1363?

    All my plugs and sockets are decent ones and chargers are NEVER left powered up

  8. Doctor Syntax Silver badge

    "It appears the latter sentence means your email address is transmitted to TP-Link's servers without encryption"

    Whether or not its encrypted is a secondary concern. What do they do with it when they've go it?

    1. Pascal Monett Silver badge

      They sell it, of course. Why do think they put the thing on the market ? For their customers ?

  9. DrXym Silver badge

    More money than sense

    I could see the benefit of a smart plug / light to simulate activity in a house for anyone who is away and wants to give the appearance that it is occupied.

    I absolutely do not see any day to day purpose in decking out a house with smart plugs / lights. It wastes power, wastes internet, invades privacy, lessens security and costs a fortune. All because someone is too fucking lazy to turn on a switch even though they're probably stood by it.

    1. Anonymous Coward
      Anonymous Coward

      Re: More money than sense

      I totally agree. Anyway, what was wrong with burning torches? Last forever, provide excellent light and can be used to ward off marauding zombies?

    2. Anonymous Coward
      Anonymous Coward

      Re: More money than sense

      I use a TP-Link Kasa to control my house heating. I send it on/off commands from a cron job on a pi. And I really like the fact that it has next to no security and doesn't need to phone home.

      I'll bet your central heating is more complicated and more expensive.

    3. John Brown (no body) Silver badge

      Re: More money than sense

      "I could see the benefit of a smart plug / light to simulate activity in a house for anyone who is away and wants to give the appearance that it is occupied."

      Or an even cheaper timer switch. No need for "smart". Most modern timer switches will let you set many on/off times for specific days, weekdays, weekends and even random on/off times during a defined period. I think mine was a tenner a few years ago.

  10. WaveyDavey

    I think El Reg should adopt the terminology used by Youtuber aVe (an amusingly potty mouthed, very smart canadian engineer). It is not "electricity", rather it is "angry pixies" what provide the scootch to the thingummy.

    1. cawfee
    2. Pascal Monett Silver badge

      And we all know the importance of the scootch.

      All hail the scootch !

      1. Uncle Slacky

        What, *this* Scootch?

  11. Fazal Majid


    The first thing you do with smart plugs is replace the manufacturer's spyware with the open-source Tasmota firmware that is cloud-free. Unfortunately, that won't protect you from electrical engineering flaws in the device.

  12. Morrie Wyatt


    Kudos for the Catweazel reference.

    1. KBeee Silver badge

      Re: Touchwood.


      1. Uncle Slacky

        Re: Touchwood.

        Elastic Trickery.

  13. Blackjack Silver badge

    From the Internet of things...

    To the Internet breaks things...

  14. Anonymous Coward
    Anonymous Coward

    "poorly designed, with the live connection far too close to an energy-monitoring chip," according to Which? "This could cause an arc – a luminous electrical discharge between two electrodes – which poses a fire risk, particularly to older homes with older wiring."

    In the electrical engineering world, PCBs with issues like this are like hard-coded administrative passwords in the software world. All too common, an easy mistake for a total novice, an obvious blunder for someone with experience. If you see that issue, it's a big clue that other important factors were missed, and you should do some more digging.

    Even the cheapest PCB layout tools have automated design rule checks that can catch these.

    1. ivan5

      The question that should be asked is ' why is there an energy monitoring chip in there', from the pictures on the BBC site of the unit it appears to be just a passthrough plug/socket with added on 2 port usb charger outlets. I don't think the usb charger is controlled as an IoT thing.

    2. Stoneshop Silver badge

      If you see that issue, it's a big clue that other important factors were missed, and you should do some more digging.

      Those IoT thingies don't compost very well; it's preferable to deal with them according to WEEE directives.

  15. Man inna barrel

    What about the CE mark?

    Electrical/electronic kit sold in the EU needs to meet minimum safety standards. So how come all this dangerous kit is being bought here? I have gone to a lot of trouble designing mains powered kit to safety standards, and passing all the tests.

    Has anybody been prosecuted for importing dangerous kit? I presume a major problem is that kit bought on ebay, for example, can bypass the standards compliance part of CE marking, if the kit comes straight from the far east. Caveat emptor, and all that.


      Re: What about the CE mark?

      yes, I did. I bought a charger from a German merchant. ((Not even Amazon, as I NEVER buy there, for various reasons.)) The studs that go into the wall were too short an too small. In some receptacle the thing would work, in others not. It would build a loose contact, leading to danger of sparks an subesquent fire. Of course the charger had CE and a lot of further security tokens on it. I forwarded the dangerous thing to German authorities. But what's the use? German or even European authorities can only prosecute the merchant. They will never get hold of the Chinese manufacturer.

  16. Rtbcomp

    If you want to see a load of dangerous stuff, bought mostly off Ebay, check this chaps YouTube Channel

    1. MachDiamond Silver badge

      BigClive is also on LBRY too if you want to shift away from YouTube.

  17. MachDiamond Silver badge


    I've got an X10 system at my house. It was easier to install lights in the workshop with X10 modules to switch them on/off than to open up the walls to run a switch line to each one. I have exterior lighting on the system so I can turn on the lights if I hear something and don't want to pad around the house to get to the wall switch. I have a wireless remote in the car so if I drive up with stuff to put away in the garage/workshop, I can turn on the outside lights remotely rather than finding my way around in the dark (at night, obviously).

    I have no need to do any of this from far away via the internet on an app that is likely bleeding PII like a firehose. If I'm going to be away, I have a couple of timers and a TV simulator. The new digital timers can take a pretty complex programming so you can have lights going on and off like somebody is home. I usually put in having certain lights turn on for 10 minutes at night like somebody has needed a trip to the loo. I also have a good neighbor that I tell that I'll be gone so he can keep a look out for me and a friend across town to make sure the cat is fed and watered if I'm gone for more than a night or two.

    The IoT thing doesn't excite me. I've seen people that get it use it for a bit and then not so much. When I see shows about complex installations, the owners are .... large. The X10 system does have a computer interface but the official software isn't available any more and the old stuff doesn't work on a current OS. I haven't looked to see if there are any open-source projects for some time. I have the interface if I ever decide to play with it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like