Did you receive this newsletter as a forward? Subscribe here
|
|
Are you ready for new smart home device triggers? |
|
By Kevin Tofel |
Depending on your smart home platform, you may already be familiar with, or even using, device information to automatically make something happen in your home. Apple’s HomeKit platform, for example, allows for this, and I use this feature in my own home. Amazon offers limited but growing support for device triggers, while Google is just getting around to adding this feature through its new Household Routines.
The ability to use one device’s information as a trigger event for one or more other devices to change state is what I’d consider the next step forward for the smart home. It may not sound like a huge step, but it’s an important one. And as devices from different brands begin to communicate with one another through the new Matter standard, consumers will be able to get more value from the hardware and devices they buy or already own.
|
|
— The Eve Outdoor Cam. Image courtesy K. Tofel |
|
|
To illustrate, I’ll use one of my home’s device triggers. I'll also use it to showcase the difference between a device trigger and a voice command or time-based routine.
I live in an end-unit townhome, so my front door is actually located on the side of the house. Way around the corner is the garage door. Next to the front door, I have a standard light fixture with a connected bulb. And over the garage door, I have the Eve Outdoor Cam with a floodlight.
Unfortunately, the two devices are on the same circuit, controlled by a standard switch inside the front door. Flip one switch and you light up the front porch and the driveway near the garage. Which makes sense when you realize the home was built 20 years ago. But in 2022, that’s not what I want. Why? Because I need that switch to always be on for the camera over the garage. If I do that, however, the front porch light is lit up day and night. So we don’t touch the switch. We leave it on and use a voice command to illuminate the porch as needed.
The problem is that our dog is getting older. Recently, he started to need a quick bio break in the middle of the night. The first few times this happened, we’d fumble for a phone to open our Home app and enable the porch light. Or we'd use voice commands, which would wake up whoever wasn’t walking the dog. Since neither was a good solution, I turned to a device trigger.
Now, whenever we manually unlock the smart lock on our front door, the front porch light automatically lights up for 10 minutes. After that, the light automatically goes out. That’s enough time to enable a quick doggie break and get back inside. And it’s all kicked off by that device trigger, as the smart lock being unlocked (only during hours of darkness, I might add) effectively tells the smart bulb to light up.
Unlike using a voice command or the tap of a button to tell the home what to do, my home is reacting to an event and taking an appropriate, albeit pre-defined, action.
You likely have different smart home devices and use cases. Maybe you want your Nanoleaf lights to do something when you're on a phone call so that others nearby know you're not available. Maybe you can't hear your video doorbell and you want to have a light flash to indicate someone's at the door. Or perhaps you want your smart air purifier on at full blast when your robot vacuum starts kicking dust around. There are plenty of situations where a device trigger is useful.
Alexa can currently use contact sensors, motion sensors, and cameras as device triggers, which shouldn’t be a surprise if you’ve ever set up an Alexa Routine. When any of these device types change state, it can automatically trigger something in your home to happen. Maybe you set a light to flash when triggered by camera seeing something, for example. Amazon added this support through developer APIs back in 2018.
Google’s recently announced Household Routines are the start of similar support for advanced device triggers. For example, enabling presence detection on supported Google Nest devices can turn lights on when someone walks into a room. And the company says routines can now start when a device turns on or off. That’s not quite as advanced as my HomeKit example of controlling another device when a door is unlocked, but it’s useful progress. Google also announced an upcoming Script Editor feature for advanced routines, which will allow for more customized routines.
As the major smart home systems continue to evolve device triggers, they’ll be further helped by Matter. That’s because all Matter-certified devices of the same type, regardless of the brand, use a common set of attributes.
Below is an example of such attributes for connected lights, directly from the Matter spec:
|
|
Today my HomeKit lock can’t tell an Amazon or Google device that the door is unlocked because each vendor created its own version of these device specifications. But eventually, with the right application support combined with Matter’s application layer “language,” that will become possible. In a perfect situation where Matter is widespread, a device from any brand can be the trigger for devices from other brands to do something of value.
For now, though, events triggered by devices are a bit fragmented. I’d still recommend checking your smart home ecosystem mobile app to see which device trigger capabilities are available now. And watch for updates as the Matter implementation starts gaining momentum over the coming months.
If all goes as planned, by this time next year your smart home might be doing more for you on its own than by you speaking commands or using a mobile app.
|
|
|
|
Accelerate IoT Development with Arm and AWS SPONSORED |
|
|
Arm and AWS simplify the development and deployment of IoT devices. Watch this Arm DevSummit workshop on-demand to learn how to create AWS-enabled IoT projects with FreeRTOS components, Arm Keil tools and Arm Virtual Hardware. Arm Keil Studio, which is used in the workflow, is a cloud-native software development platform with Git integration, that supports CI workflows for software validation accelerating time-to-market. This workshop is ideal for embedded software engineers who embrace modern software development workflows.
Watch Workshop |
|
|
|
How I secure my smart home devices and my home network |
|
This week we learned that Anker, the company behind the Eufy brand of connected devices, actively lied about serious security flaws in its smart home cameras. In the meantime, I spent the last few days immersed in discussions about privacy and cybersecurity.
So I figured it's probably a good time to explain what I do to protect my home network and how I think about the risks of using various connected devices in my day-to-day life. Feel free to take any of this for your own use, and to ask questions (or tell me about flaws in my thinking) at stacey@staceyhigginbotham.com. |
|
— Eufy security cameras have some serious security flaws. Image courtesy of Anker/Eufy. |
|
|
I get a lot of questions about how secure particular devices are, usually from someone who wants to buy a connected gadget and is worried about it getting "hacked." If the device is a camera, the asker usually wants to make sure that it won't be used to spy on them inside their home. And if it's something like a smart plug, they are mostly worried about a bad actor controlling the device over the internet — think unlocking a connected door lock or turning a lamp on or off using a vulnerable smart plug.
Few of them are worried that their devices will become part of a botnet or that a device might be used as an entry point into the network and then as a way to deliver ransomware to a personal computer or exfiltrate data. But the first scenario is the most likely result of a vulnerable device being found on the network. The second scenario is the one I'd be most concerned about. This is partly because I don't have cameras inside my home.
So for those of you worried about your cybersecurity, I'd suggest starting by assessing your risk profile and getting a general sense of which "hacks" are most common. Most of us have a pretty low risk profile. We're not government employees at top secret agencies or engineers at Apple designing competitive hardware. Those people are incredibly likely to be hacked by people who have the time and money to target them.
But for most of us, the biggest "hacks" to worry about are those that are one-to-many and those that are so easy and public that anyone can spend a few minutes and gain access to our devices. With that in mind, I will also stop using the word "hack" indiscriminately because many events that are reported as hacks of smart home devices are really just some lazy stranger logging in and taking over a device because they found someone's credentials on a website somewhere (likely as a result of an actual hack) or they guessed that their password was 1234.
So to avoid these lazy stranger hacks, the advice I have is twofold. First, use multifactor security on important devices such as cameras and Wi-Fi door locks. Second, use unique passwords for your connected devices. That way, when your grocery store loses your password and email, those credentials won't work to access your connected camera. If someone does get the passwords, with MFA turned on, they have a difficult step to overcome to control the device.
One-to-many hacks are those in which a bad actor can get access to a device remotely by taking advantage of a vulnerability they've found. The bad actor may have developed the vulnerability themselves or they may have found it online in a forum. When I read about new vulnerabilities, I am looking for those that can be taken advantage of remotely, without needing physical access to a device; those that allow for physical control or access to data collected by the device; and those that can change the software on the device (like add malware or exfiltrate data).
Notably, a vulnerability can be as complex as malware or it can merely be someone realizing that if they type in a certain number and go to a website, they can see a camera feed. The Eufy security camera issue is one example, because it's a one-to-many vulnerability that can share access to hugely private data (since the device is a security camera.) This is what cybersecurity folks think about when trying to assess how much effort to put into protecting a device or mitigating a vulnerability. The Eufy flaws are a big deal.
It's hard, as a normal person, to think this way. But doing so is becoming ever more important, especially if you want to fill your home with connected devices.
Here's how I apply this thinking in my day-to-day life.
I use multifactor authentication (MFA) on any device that has a camera or takes highly personal data. If the vendor of a camera doesn't offer MFA, then I don't buy it. Also, before I buy any connected device, I run a quick search on the brand to see how it has handled prior security issues. Does it patch vulnerabilities? Sue the person who found it? The first is good. The second in terrible.
I also look for features such as encryption, especially of data as it travels from the device to the cloud, and ideally once the data is in the cloud. When it comes to encryption, more is better. Even something as simple as a light bulb turning on or off can be an indicator of whether or not someone is at home and what room they are in. I can track my husband's showers by looking at the humidity data coming from the air quality monitor in our room.
Once I bring a device home, I make sure that I can change the password and that there are no physical reset buttons that someone can easily access. Then I hook it up. Once a device is on the network, things get fun. Here's where I advocate for an extra layer of awareness, especially as your threat model increases and as you add more devices.
This is also where services such as Eero's security subscription, Comcast's Xfinity xFi Advanced Security, or physical devices such as Firewalla or Everything Set come in. I strongly advocate for some type of network monitoring as you add more devices because the more you add, the more places there are for someone to access your network. (The security industry calls this a larger attack surface, but I can't think of my home in terms of an attack surface and feel cozy.) I've played with most of the mentioned services and a few more, so look for more reviews and conversations about them in the coming weeks. |
|
|
|
Wi-Fi Solutions for the IoT SPONSORED |
|
|
In today’s feature-packed IoT devices, wireless coexistence is necessary. It’s also exceedingly complex.
Silicon Labs' Wi-Fi portfolio is designed specifically for the IoT, where multiprotocol, RF performance, ultra-low power consumption, and fast time-to-market are critical. With industry-leading modules and SoCs as well as software solutions, including Matter, our products provide a system-level approach to application development.
Learn more about Silicon Labs' low-power Wi-Fi hardware, software, tools, and development kits. |
|
|
|
Episode 400: How to pronounce IKEA's Dirigera hub |
|
This week's show starts off with a review of news from AWS re:Invent, which is happening now in Las Vegas. We cover the general availability of support for the latest version of the MQTT messaging protocol and the launch of LoRaWAN and other connectivity technologies as part of AWS Device Location services. There will be more in the newsletter as the conference concludes. We then talk about whether or not it makes sense to buy a cheap smart plug today or wait until we get more with Matter support. It's just that those smart plugs are so cheap right now! We also debate whether or not it's a good thing that the Hubitat smart home hub will start supporting HomeKit, and mention Samsung's new capabilities that link its phones to a UWB door lock. Then we cover funding news from Sanctuary, which is trying to build general purpose robots; Morse Micro, which is making Wi-Fi HaLow chips; and Deepgram, which is developing a new natural language processing algorithm built on vocal utterances as opposed to text. I then explain what I'm using right now in my home for security and monitoring of my many connected devices. |
|
— IKEA's Dirigera hub is now available. Image courtesy of IKEA. |
|
|
Our guest this week is Rebecca Töreman, business leader of the IKEA Home Smart business. Töreman first teaches me how to pronounce Dirigera, the name of IKEA's new smart home hub. We then talk about why IKEA has chosen to focus on products that include lights and connected blinds but not security cameras. After a discussion on connected air purification devices, we talk about what the IKEA Home Smart team learned from its prior five years with the Trådfri smart home hub and how that influenced the design of the Dirigera device. We clarify a few points about how IKEA plans to introduce Matter to its hub and then close out. Enjoy the show. |
|
This week on the IoT Podcast Hotline, we hear from a listener offering a tip on creating a simple pill tracker using an open/close sensor.
The IoT Podcast Hotline is brought to you by Silicon Labs. Silicon Labs is a leader in secure, intelligent wireless technology for a more connected world. Learn more about their integrated hardware, software and development tools at silabs.com. |
|
|
|
|
Sponsor this newsletter |
|
Want to find new customers and support independent IoT journalism at the same time? You're in luck!
We've opened our 2023 advertising calendar. With one sponsorship package, you can reach our newsletter, podcast, website, and social audiences.
Fill out this form to request a media kit. |
|
|
|
|
|
News of the Week |
|
This week's news was compiled and written by Kevin C. Tofel
Got a Eufy security camera? Your video isn’t secure. Given what’s going on with Twitter, we don’t really need another tech company in the headlines. But we have one courtesy of Anker, the company behind the Eufy brand of connected devices. Eufy claims that video from its smart home cameras is encrypted. That’s good — provided it’s true. Unfortunately, it’s actually not that secure. A hacker has revealed that you can view any Eufy camera stream using the VLC Media Player app and a unique address of Eufy’s cloud servers. Anker has denied the possibility of this hack to The Verge. However, writers there tested the hack and were able to view live footage from their own Eufy cameras. While there are currently no reported exploits using this hack on a widespread basis, I’d personally shut off those cameras until this issue is resolved. (The Verge)
Learn to build an event-driven IoT architecture: At the risk of sounding like I’m assigning homework, this tutorial from Amazon is worth the read. Don’t worry, it’s high level enough to be understandable. At the same time, it provides enough detail to make clear how the different Amazon Web Services (AWS) tools work with sensor data. More importantly, you can start gaining insights from that data as quickly as possible. I also like the best practices for building an event-driven solution from IoT data. They’re applicable both within the AWS world and outside of it. (AWS Architecture Blog)
AWS IoT gets better device messaging: Since this week is the big AWS re:Invent show, I’m doubling up on some Amazon news. AWS IoT now supports the MQTT5 message broker. MQTT is a commonly used standard for IoT data and version 5 was ratified in 2019. I guess nobody told Amazon until now. Luckily, you don’t need to use MQTT5 across all devices; Amazon says you can mix and match between the new MQTT5 protocol and the older version 3. With the updated standard, you’ll gain faster message processing, load balancing for message reception, and receipt acknowledgments for your devices. (Amazon)
You might not recognize your Ecobee app: OK, you obviously know what the Ecobee mobile app is if you have it installed. But did you know there is a major user interface change currently rolling out in the app? In early 2023, Ecobee will push the same interface to older thermostats. I’ve used this new interface since I reviewed the latest Ecobee Smart Thermostat Premium, and I love it. It’s much easier to change settings and see temperature data. Expect to see it in your Ecobee app soon, if not already. Next year, the new interface will be pushed to the Ecobee Smart Thermostat with voice control, Ecobee 4, Ecobee 3, and Ecobee 3 lite models. (Ecobee)
Fighting droughts with smart farming: I had no idea that a reported 70% of all freshwater usage went into growing crops. But I learned that and a lot more from a recent Inverse article. Simply by monitoring soil conditions, farmers can use the data to intelligently water agriculture. And that can reduce water demand by between 20% and 72%. That’s a wide range, but any water savings is a good thing. I also didn’t realize that putting sensor antennas underground can have a profound impact on data transmission. This post is well worth the read for these tidbits and more about agricultural IoT solutions. (Inverse)
New York City buses are gaining AI: The Metropolitan Transportation Authority (MTA) in New York City is upgrading its buses with artificial intelligence. Don’t worry, these buses aren’t self-driving. Instead, AI is used to predict when a bus might break down before it actually does. The MTA started testing the AI system in 2019 on 326 buses, and guess when the number of buses that actually broke down started declining? Yup, in 2019, likely because buses that would have been stuck on the side of the road were repaired in advance of a breakdown. (Gothamist)
Need a reference guide to global IoT cybersecurity regulations? This one is for device makers, although as a consumer of IoT devices, I also find it quite fascinating. There’s a public GitHub repository listing all of the IoT cybersecurity regulations around the world, by country. At the moment, there are only listings for 16 countries, but I expect that to expand over time. It’s interesting to read how different countries approach the same problem. You can get those details through links in the repository pointing to publicly available, but often hard to find, regulatory information. (GitHub)
Build a weather station for Home Assistant: I know, even more homework. But many readers use Home Assistant to power their smart homes, so I wanted to surface this DIY project. Using an ESP32 module, sensors for atmospheric pressure, a 3D-printed anemometer, and a basic rain gauge, you too can get real-time weather data. You’ll need to build the project yourself, but all of the code to make it work is provided in this tutorial. And the data looks great in the Home Assistant dashboard! (HackADay)
Want to sponsor this newsletter and the IoT Podcast? Our 2023 media kit is now available. Request a media kit.
|
|
|
|
|
|
|
|
|