The Real Security Issue With The Cloud and the IoT – Loss of Access

creeva · Posted on

The most important thing for anyone in IT is control over your assets and investments. The loss of control can cause you to be vulnerable and helpless even if what you have lost is menial. In the modern corporate world businesses are outsourcing projects and infrastructure at an accelerated rate. This means you have to rely on the companies in which you have invested time and effort. If these companies suddenly disappear large investments might be needed to re-architect a solution. I’m sure some of you reading this have had to deal with that exact situation.

While you have corporate disaster recovery or contingency plans to deal with this at work, what do you do when it happens at home? Over the last decade as we have become accustomed to the internet age, we are familiar with web apps or social networks that are hot one day, yet disappear the next. This is the nature of business. We then move on to the next site, re-upload our images, and reconnect with our contacts. It’s annoying, yet a fact that we deal with. What we have lost is time and possibly some connections.

In the age of cloud-connected Internet of Things devices (IoT), this access changes dramatically in the inconvenience. At home, we are investing in smart devices at an increasing rate. If we take out devices we take for granted such as phones, computers, and tablets the items around my house that have an investment in intelligence is quite large. Just off the top of my head, I use a Wink hub to control lighting for almost all the bulbs inside and outside of my house, a Nest thermostat, a generic Z-Wave thermostat, multi-room audio, many game consoles, and streaming devices. My house even has smoke detectors on every floor that alerts me if there is an issue. This has actually worked by sending me a phone alert when my dehumidifier bit the dust in a puff of smoke in the basement.

I have heavily invested in different IoT devices that have made my life easier by giving me functionality and scheduling to live without thinking about turning on the outside lights at night. Being a geek I also enjoy the sheer communication and possibilities that these devices give me. Last year however Wink sent out a bad update for their hub. You could send in your device for replacement – or eventually, if you were tech inclined enough to make a DNS record on your LAN – a way to reflash the firmware. This wasn’t really to much of an inconvenience since it was corrected. I had to use the light switch instead of controlling the bulbs from my phone. Life went on and everything was corrected. What if it hadn’t though?

Revolv is an IoT company that makes a competing device for the Wink hub. It was recently announced that they were ending service on May 15th. Revolv has a similar issue to Wink – it relies on cloud components to allow it to work. This is my largest complaint about Wink overall. If the web service goes down, the devices that you have invested in have stopped working. This means that any lights that were controlled by your Revolv hub will stop functioning as smart devices. Any home automation such as blinds or controlling power to shut off at night for the coffee maker that you route through the hub will also cease.

If you are used to your lights coming on and your door automatically unlocking when you are on the porch, wouldn’t you feel at least a tinge of helplessness? This is sure to happen to some people that have invested in Revolv as their home infrastructure. Not everyone reads alerts and messages from companies – so a percentage won’t know about this until it breaks. The end-users don’t really have recourse either. In the corporate environment, you have contracts that protect you from this process for your corporate data. However, for consumer devices most of these services are free and there is no contract between the end-user and the corporation that allows them any insurance or compensation. Depending on the infrastructure they purchased into – they might be out hundreds if not thousands of dollars. The devices might become dumb or stop working altogether if the technology is proprietary.

Of course, your first claim on purchasing technology such as this is buyer beware. Trust in the company you are investing your devices with. You might pay more to be with a company that has a brand you trust – but you expect them to be around longer. Personally, I had not heard of Revolv until this story started passing around. However, even if you haven’t heard of them doesn’t mean they are not owned by a company you trust. Two years ago Revolv was purchased by Nest. This was after Nest was already owned by Google. Currently, Revolv, Nest, and Google are subsidiaries of Alphabet – one of the most valuable companies in the world.

As companies are expanding the use of consumer devices in a corporate setting they need to take into account scenarios like this. If Revolv uses open technologies, most users and companies that were relying on the service should be able to recover. It will take time to reconfigure everything, personally if this Wink that discontinues service it would likely take me a few hours just to re-sync my light bulbs to a new device or service. It also likely won’t be a company with the financial backing that Revolv had behind it.