So what you’re suggesting is that my IoT kettle won’t boil water for my cup of tea when I want one because the demand is too high?

No, of course not, but it might take 90 seconds instead of 60, or ping a message to your phone saying it’ll be 50p cheaper if you are willing to wait 2 minutes, or pause your washing machine while it boils. Not earth shattering but the IoT kettle is often chosen as a ludicrous example and even that has some small use.

I’m still struggling to see why I’d want to have that functionality.

or ping a message to your phone saying it’ll be 50p cheaper if you are willing to wait 2 minutes

Given it currently costs less than 0.1p to boil a kettle for a cup of tea, that seems somewhat unlikely – though even if you were bothered about saving 0.05p by waiting 2 minutes your phone could do that all by itself, no reason to have the functionality in the kettle. But then current IoT kettles don’t have that functionality (I doubt any will in the near future, if ever), and the reason they’re mentioned as a stupid thing to have IoT functionality is that they are a stupid thing to have IoT functionality. If there were useful features to be added to an IoT kettle then surely you would be able to buy an IoT kettle with those features…

Have you missed that I’m not anti IoT as a concept, simply not in favour of adding IoT functionality to everything? I’m in the middle – just because some IoT devices are stupid doesn’t mean all IoT devices are stupid, just because some IoT devices are useful doesn’t mean all IoT devices are useful.

SMALT is a joke, yeah? Please let it be a joke.

Limit demand when it is in short supply. I expect well see continuously variable pricing sometime soon and more smart devices to take advantage.

It’s already here. Commercially, some organisations will reduce their energy consumption (for example, by turning down heating or air conditioning) to reduce electricity costs at peak times.

Remind me again why I want an IoT kettle…

You don’t. However, an IoT freezer might switch off for 30 minutes at peak time, and in return, you get cheaper electricity.

[video]https://youtu.be/zt0ojsOMNgs[/video]

Very worth watching that video if you are thinking of buying some IoT gadgets…

A lot of the current ‘internet of things’ devices are either churned out by high tech far eastern factories with no cares about IT security, or are churned out by western appliance designers who have no concept of IT security, so your connected kettle allows anyone with a bit of knowledge to get onto your wifi network…

Most IoT gadgets are totally pointless, the stuff that will be useful is the things that you don’t notice – when your electricity/water/gas meter suddenly never need to be manually read again, or when your car calls the emergency services when it’s had a crash..

Maybe. If they can connect to your kettle.

Yes these things have dodgy security and I’m loathe to say dodgy security is OK – ideally everything should be secure (and there’s certainly not enough benefit from an IoT kettle to be worth even the slightest chance of it compromising your security 😉 ). However in reality the chances of your WiFi being hacked via your kettle are minimal – there isn’t an easy attack vector provided you have otherwise good WiFi security.

So they’d need to connect to a kettle, which is presumably behind a router firewall or at the very least a NAT gateway and doesn’t really have any good reason to have an open port, then they’d need to be able to reprogram it somehow remotely, which’ll be hard as presumably it’ll just be a microprocessor running whatever IoT tasks the kettle supports not a full operating system, then from there they might get access to other things on your network provided you have no security at all.

Nah.

(There are undoubtedly plenty of security risks with IoT stuff, not denying that)

no need to hack your wifi.
plug in a fancy IoT device, and it’ll probably use UPNP and quietly punch a hole thru your firewall anyway.
and as per that vid, so much tat has no way of providing firmware updates if any vulnerability is found.
and on 99% of consumer devices it’s pretty easy to find a vulnerability.

Mirai was just a start.

For hobbyists IFTTT looks interesting. A guy I work with is messing around with this and can switch on a Hue light when his Ring doorbell goes off.

I work in the internet of the traditional internet, so I guess I’m a bit of a dinosaur now. But is a doorbell that can control a light bulb from within the same house considered IoT? It kinda sounds like it’s in similar territory to a remote device that can turn on the TV… Or a doorbell that can, well, wirelessly alert you with a sound…

I always assumed IoT is not really IoT unless it connects to the wider internet. Surely anything operating on a home network is more like the Intranet of Things?

I agree butcher. Being able to control your house over the internet only becomes the IoT if there’s some kind of big data learning going on that uses the internet.

So for example, my 3D printer will soon be fully controllable and watchable from anywhere, but unless it used problem-solving big-data, or became part of a print-farm, or similar, I wouldn’t call it IoT.

Most of the time it’s very difficult to think of a use.

Tesla’s tracking of driving data is more like it. Coming at automated-driving from a completely different angle to most others robotics-approach.

Surely anything operating on a home network is more like the Intranet of Things?

Well if it is using IFTT then his doorbell is calling an Internet service which is signalling a public port on his lightbulb controller. So yeah, it’s beyond the home intranet, so Internet of Things.

Being able to control your house over the internet only becomes the IoT if there’s some kind of big data learning going on that uses the internet.

Disagree. Big data learning has nothing to do with it.

Well if it is using IFTT then his doorbell is calling an Internet service which is signalling a public port on his lightbulb controller. So yeah, it’s beyond the home intranet, so Internet of Things.

Extranet of Things :). Still doesn’t qualify in my book as a) we had that tech back in ’97 (probably before but that was my first experience of it) and b) it’s not using it’s interconnectedness to the world’s other devices for anything useful.
The example of the kettle taking longer because it is using data from the electricity supplier is a good one. Simply turning your kettle on with your phone via 3G isn’t imo.

we had that tech back in ’97

If you were suitably geeky you could certainly hook something together yourself on 97.

The difference these days is there are readily available consumer IoT devices and commercial web services like IfThisThenThat that let you hook them together with little or no programming.

In ’97 we (I designed veterinary software interfaces) installed a load of these:
http://www.digicammuseum.com/en/cameras/item/axis-neteye-200

Worked flawlessly. We gave some talks on behalf of Axis and Java too although I don’t think I realised it was so unique at the time.

Reading that article, it actually says “Remarks: First internet of Things device”, so I guess you’re right!

So they’d need to connect to a kettle, which is presumably behind a router firewall

This one sentence pretty much sums up the sillyness of the IoT. Kettles behind firewalls? It really is incredible that trillions of pounds/dollars in investment and the collective knowledge and intelligence of some of the finest minds in human history has resulted in an IoT kettle.

This one sentence pretty much sums up the sillyness of the IoT. Kettles behind firewalls?

My point was more that the kettle, and any other IoT devices on your network should be protected by the same firewall (possibly with different settings) that the rest of your network is protected by.

Maybe. If they can connect to your kettle.

The kettle in the video creates it’s own wifi network, with no security, so that you can easily configure it – you load the app on your phone, connect to the kettle_wifi network, and give it your ‘real’ wifi details so that it can connect to the internet.

The problem is that kettle_wifi network stays there afterwards for anyone to connect to. And once connected, you can telnet into the kettle with a static admin user/password combination. Then you can read the wifi key for the ‘real’ network which is conveniently stored in plain text.

As for the ‘kettle will be running a microprocessor’ – pretty much all the IoT devices run stripped down linux – so if you can get onto them you can do quite a lot – eg. Mirai botnet running on compromised IP CCTV cameras…

kettle_wifi network stays there afterwards for anyone to connect to.

That is very poor, especially if they have also left a telnet port open. They should only need a single port with a bespoke process behind it for the app to connect to. Surprised they leave it running too as doing that while also connected to the house wifi presumably means the kettle needs two separate wifi chipset or at least a more advanced chipset capable of handling that.

I’ve got a couple of things that have had similar setup routines (Alexa, robot dog, MiRobot car) and they always shutdown their local setup wifi once they can connect to the main network.

Still potential hackers would actually need to visit your house and get in range on the kettles wifi, so I don’t suppose it is a huge risk.

pretty much all the IoT devices run stripped down linux

Depends. There is no real need to do that for simple devices, you can do quite a lot with just a little ESP8266 for instance, no OS required.

A lot of the current ‘internet of things’ devices are either churned out by high tech far eastern factories with no cares about IT security, or are churned out by western appliance designers who have no concept of IT security

This needs stressing more than it has so far here.

Security around IoT devices is shocking. Default passwords of “password”, anyone?

Moreover, a lot of the firmware is common between devices, so once you’ve compromised one DVR (say), you’ve potentially compromised over a quarter of a million of them.

C’mon, that internet-controlled butt plug looks pretty good!

I went to a security conference recently and this talk was particularly, ahem, eye-opening.

Talk Schedule

EDIT: it’s here if you want to watch it:

[video]https://www.youtube.com/watch?v=AJvgMiQkDHA[/video]

This is from the same con a couple of years ago (disclaimer, I’ve not watched this yet):

[video]https://www.youtube.com/watch?v=15ZMWldUIx8[/video]

That is very poor, especially if they have also left a telnet port open. They should only need a single port with a bespoke process behind it for the app to connect to.[/quote]

Agreed – that is rubbish and truly dangerous, I’d missed that point as presumably it was one of the things which wasn’t supposed to be public and cut from the video (it goes from kettle in a box to kettle out of box with no mention of the kettle!) TBH what they do once they leave an unsecured WiFi network running is almost irrelevant – at best it’s security through obscurity, with the obscure stuff being publicly available. I suppose if they switched off the SSID broadcast that would help a lot, but then I doubt they have!

Surprised they leave it running too as doing that while also connected to the house wifi presumably means the kettle needs two separate wifi chipset or at least a more advanced chipset capable of handling that.

It seems to be a fairly common feature in modern chipsets (I’d be very surprised if it wasn’t a single WiFi chipset) – logically it shouldn’t make it significantly more expensive as it’s just an added feature at the firmware rather than hardware level. I suspect your devices which switch off the host WiFi probably work that way because they’re forced to by the hardware rather than because they’ve thought about security though!

Still potential hackers would actually need to visit your house and get in range on the kettles wifi

Visit your road, I’d be surprised if they needed to be inside your house given typical WiFi range I’ve seen with cheap devices. Maybe with IoT things like that around I should start scanning for unsecured WiFi again 😉

I really can’t get excited about this stuff yet – I’m sure that over the next few years, the IoT in the domestic environment will have found something really useful to do – but until then, it’s almost the definition of a solution looking for a problem.

I’m absolutely not a naysayer – just that I haven’t seen any domestic application yet which is worth the investment/hassle. Maybe that will change as things get cheaper/more robust.

The exception is the Ring doorbell…. that’s kinda useful.

Any other domestic IoT products that offer a significant benefit over the current gold standard?

I suppose if they switched off the SSID broadcast that would help a lot, but then I doubt they have!

Masking the SSID is no security really.

Any other domestic IoT products that offer a significant benefit over the current gold standard?

Well Alexa (or Google / Apple equivalents) seem to be pretty well regarded and probably meet the fairly flexible definition of an IoT device, as well as providing a nice way to interact with other IoT devices such as lights.

Another good example of IOT is maersk who need to monitor 300,000 refrigerated containers. Each one is fitted with an iot sensor device which sends back data about the performance of the container.Link

Visit your road, I’d be surprised if they needed to be inside your house given typical WiFi range I’ve seen with cheap devices. Maybe with IoT things like that around I should start scanning for unsecured WiFi again

When I saw him give the talk in person, he talked about the security flaws in it, how to connect to it, and had figured out a way to geolocate active kettles with a google maps overlay, so you knew exactly which end of the street to park…

Might be going on a course about the internet of tat, so just curious to see what all the fuss is about.

Might watch Terminator for a refresher on Skynet.

I expect well see continuously variable pricing sometime soon and more smart devices to take advantage.

This is indeed on the horizon. The company I work for does a lot of the backend infrastructure for smart metering (although not a project I’m involved with personally). One of the guys on the project was stressing about the PKI required to enable client certs to be changed multiple times a day (to allow the homeowner to switch provider) – I have nightmares about annual renewal certs let alone multiple times a day…

Thread Resurrection!
Some interesting stuff in this IoT competition:
https://www.hackster.io/contests/ESP8266

A really interesting topic – just done some coursework on this so if anyone fancies reading some academic papers then I might be able to dig something out.