from the so-you-think-you-have-protection-but-you-do-not dept.
The New York Times is reporting that Nest Labs have halted sales of the Nest Protect smoke alarm due to a concern that the 'temporarily silence alarm' feature could be activated too easily by users. But more worrying, and only briefly skimmed over in the article, is the report that Nest remotely accessed already installed Nest Protect alarms to disable this misfeature.
It seems like this sets a very dangerous precedent. A smoke alarm has life-critical functionality; this is not something that a manufacturer should even be able to modify in real time over the Internet. Are we comfortable with this level of control over critical safety infrastructure resting in a software company's hands? Even if you are, what about the potential for criminals and intelligence agencies to do the same thing?
(Score: 1, Insightful) by Anonymous Coward on Saturday April 05 2014, @02:31AM
Looks like the internet of things can easily become the internet of things that can go wrong. What if all of them were completely disabled? Or what if all of them were turned on and chased people from their homes in the middle of the night?
Remote access to this, or any purchased item really, isn't something a manufacturer should be able to do without the explicit knowledge and approval of the purchaser or owner of the product. I guess other companies learned something from Sony's practice of removing features after the purchase.
(Score: 4, Insightful) by frojack on Saturday April 05 2014, @02:32AM
For remote companies to simply shut off a smoke/fire alarm just seems like a law-suit waiting to happen. Imagine having someone die in a fire only to learn that the alarm had been disabled!! Plaintiff's lawyers would have a field day. Like taking all the seat belts out of a car because someone might forget to buckle it once in a while.
Ok, I get it, the alarm might get shut off by waving at it, but chances are it wouldn't happen all that often, and Nest could rush a software update out to prevent that feature.
Some stuff just has to work, and shouldn't be dependent on any on line service. But even if it is connected to a service (for what ever reason), it should not be something the service can turn off. Not when lives depend on it.
No, you are mistaken. I've always had this sig.
(Score: 4, Informative) by davester666 on Saturday April 05 2014, @02:47AM
The summary is very poorly worded.
Nest did NOT disable peoples fire alarms. If they did that, it would probably be an end-of-company event [short of a bunch of the alarms spontaneously bursting into flames, and that would also be a train-wreck for them].
They disabled the 'wave to turn off alarm' feature, which is the safety concern [that for a real fire, people will run around waving their arms and turn off the alarm].
(Score: 3, Insightful) by edIII on Saturday April 05 2014, @03:11AM
They shouldn't have been able to disable it in the first place though, even if that was a good action. Everyone is in a huge rush to obtain this Internet of Things without even really thinking this through.
Super critical equipment needs to have much higher quality and redundancy built into it. There is huge value in such equipment being simple, no moving parts, redundant, *passively* activated (like sprinkler systems), and just plain work.
There is way too big a problem right now with end users being guinea pigs for software and debugging. For shit's sake people, does everything need to be coded in production?
Those smoke alarms should have all the code written as near perfect as possible and more time spent testing the code under all conditions than writing it.
Under no conditions should there be "write" capabilities to these devices. Information can stream from them, but never to them. Any Internet capability should only be to transmit the status information coming special pathways that even if the Internet portion could be compromised, that such compromises never affect the primary function of the device in any way.
Would you want your IV drip machine in the hospital to go haywire and stop pumping you up with prescription meds keeping you alive because some crap developer introduced kernel panic with a poorly coded update that had no regression testing?
Or worse.. some malcontent that figured out how to stop all the IV drip machines everywhere with a specially formatted packet that triggers a zero-day exploit?
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by glyph on Saturday April 05 2014, @09:28AM
They fixed a bug. You could argue that the bug shouldn't have existed in the first place (lol), but assuming these things are software-based and 'net connected, the manufacturer would be sued for NOT patching them.
(Score: 1) by HiThere on Saturday April 05 2014, @06:16PM
More to the point, if I had bought their alarm, I might have bought it just for that feature. My wife pulls the batteries out of the fire alarms, because they tend to go off when I'm cooking, and there's no "turn yourself off for 20 minutes" feature. Even if there were, with a standard alarm you need a ladder to access many of them, so it NEEDS to be remote (as in "from 10 feet away) access.
So had I bought one of their alarms, I would now consider it money down the drain (for the delta between the Nest cost and the cost of a cheap hardware store alarm).
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by edIII on Saturday April 05 2014, @09:04PM
I'm a fairly good cook so I don't experience it that often unless I'm using the oven. 40 years and still haven't figured out how to graduate from toaster oven to a full oven.
I've set the smoke alarm off though making popcorn plenty of times in the microwave and I came to my own conclusion that it would be far better to quickly remove the cause than temporarily delay the signal. Solves multiple problems.
I would like a system that could do very rapid air exchange at the ceiling level effectively sucking out all the air in 60 seconds. This would be catastrophic in an actual fire though since you are feeding it. Still would be quite useful in many situations. Fresh air, get rid of cooking smells, a fart that turned out to be a lot worse than expected.
Many smoke alarms have a button that can be pressed to silence the alarm for period of time usually 5-10 mins IIRC. If you are so inclined you can take some wire and connect up your own button to it and place it on the wall at eye level. Will prevent most accidental presses and still be accessible to press till you air out the kitchen. As an added benefit you can keep the batteries in them for safety and may have to find other ways to annoy your wife.
As an aside though, I think that smoke alarms are not true fire alarms in that they don't identify fire. I think such devices should be analyzing temperature as well as smoke particulates. Smoke from the kitchen may be prolific in some cases, but only a fire will really raise the temperature up at ceiling level. Fire alarms should have the ability to detect heat in the room just like motion sensors. Something like a small infrared heat sensor that can distinguish between 70 degrees on the kitchen floor, 75 ambient, but a troubling 200 in the hall way.
You put enough sensors in the kitchen you can tell whether it's just somebody that fumbled the cookies in the oven, or that the surface temperature of the cabinets above the range just hit 90% of flash point.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by HiThere on Monday April 07 2014, @06:52PM
To work properly, a fire alarm needs to be at nearly ceiling height. The little button is unreachable, even by me. I can reach most of them to take them down, but not to press the button. And the last time I checked it only silenced the alarm while you were holding it down. (This may vary between models.)
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by edIII on Monday April 07 2014, @08:05PM
Some models perhaps. Many that I have seen do 10 minutes once you press it.
That's a momentary button in any case. I was saying to attach additional wires and extend that momentary button by about 6-10 feet depending on location and put an additional momentary button on the wall.
If your specific model requires it to be held down to disable (which makes little sense btw-you would just remove batteries) you can opt for a toggle switch instead.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 3, Informative) by lennier on Saturday April 05 2014, @03:28AM
Right, yes, there is a confusion in the wording I used. The company pushed a software update to Nest Protect units which disabled a feature.
The feature which was disabled, this time, happened to also be a badly designed 'disable alarm when anyone waves their hands near the device' functionality. So disabling the disable-alarm feature... could count as enabling functionality, if you squint and shake your head.
But that's not the issue that worries me. The issue is that the functionality of a safety-critical Internet-connected device is being altered remotely in any way over the Internet after sale. That's what I think we need to take a closer look at. How, for example, do you do pre-sales safety regulation compliance testing on a smoke alarm where any parts of its firmware might randomly change at any time after installation?
Delenda est Beta
(Score: 1) by tomp on Saturday April 05 2014, @05:22AM
So they changed the way a fire alarm worked without the knowledge of the people relying on that alarm?
I get that they had good intentions, but I don't believe they used their power responsibly.
(Score: 0) by Anonymous Coward on Tuesday May 20 2014, @03:19PM
MkCtFD http://www.qs3pe5zgdxc9iovktapt2dbyppkmkqfz.com/ [qs3pe5zgdx...kmkqfz.com]
(Score: 1) by Subsentient on Saturday April 05 2014, @02:43AM
I agree with Nest's decision, but this does however provide a disturbing glimpse into the techno-dystopia I have been warning people about for years.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 2) by aristarchus on Saturday April 05 2014, @06:06AM
Thank you for your warnings of a techno-dystopia. I would like to subscribe to your newsletter. (Hey, Mom! I found a meme! Can we keep it?)
(Score: 2, Funny) by Subsentient on Saturday April 05 2014, @06:39AM
No son, it smells of pickles.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 3, Funny) by aristarchus on Saturday April 05 2014, @07:19AM
Fair enough. (But if I find another one, like how in Soviet Russia, well, never mind).
(Score: 4, Interesting) by Angry Jesus on Saturday April 05 2014, @02:45AM
Practically every single one of these automated smart home companies designs their product to be dependent on their servers. They have lots of rationalizations for it, convenience is usually at the top of the list but it all boils down to money: typically subscription fees or resale of surreptitious marketing data.
AND IT IS FUCKING BULLSHIT.
The risk it puts on the customer is untenable - if Nest can remotely tinker with a customer's smoke alarm, then so can a prankster or criminal. If I wanted remote monitoring of my home, I'd hire a company like ADT to do it. Otherwise all such smart home appliances need to be fully self-contained, able to operate soup-to-nuts without any dependencies outside the home.
The last thing anyone needs is some asshole turning on the siren in their smoke alarm at 3am every night, or flashing their lights, or running their furnance in the middle of the summer or remotely unlocking their front door. Or just having the stuff stop working when the internet connection goes down for an unexpectedly long period of time.
(Score: 2) by n1 on Saturday April 05 2014, @03:15AM
I'm curious, why do you assume an ADT system would be more secure?
(Score: 2) by Reziac on Saturday April 05 2014, @03:57AM
It isn't. I used to live in a house that had it. Had so many false alarms (seems there's no good way to keep cats from setting it off) they quit paying attention, and I finally turned the damned thing off. But not once did they do more than call the house. The day I decided to turn it off for good, I came home at 2AM and the alarm was blaring (I could hear it two miles away!) and they hadn't even called to check.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Informative) by n1 on Saturday April 05 2014, @06:55PM
You make valid points. I have a lot of experience in the industry and have witnessed remote disabling of devices to avoid customer complaints. You also need to check extremely carefully on what your monitoring coverage provides. They often talk about capabilities but the promises are almost non-existent.
Even if you do have a certified police response system, the majority do not treat it as a priority at all. "Fire" and "PA" signals can be higher priority. This all depends on your national/local regulations.
There are quite good PIR sensors that have pet tolerance now even for medium sized dogs, but you will need to position them away from where a cat can climb.
(Score: 2) by Reziac on Saturday April 05 2014, @07:44PM
And in my observation, just having the "armed response" sign out front works nearly as well.. or did til people caught on that it was just the sign...
But, yeah, behooves one to read the fine print and get an exact accounting of the company's responsibilities. Local customer reviews would be good, too.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by Angry Jesus on Saturday April 05 2014, @04:19AM
> I'm curious, why do you assume an ADT system would be more secure?
I don't. My point is that if I wanted that sort of thing, I would prefer it to be broken out separately and not a mandatory part of every single "smart" appliance.
(Score: 2) by n1 on Saturday April 05 2014, @06:44PM
I am concerned about the lack of control end users have with all of the 'smart' devices. More are relying on remote servers for functional operation. From my own experience in the business, the servers required can be run by all sorts of third-parties. There are varying results in high and low profile business but I don't trust any company with remote control of any hardware. Even if I have to accept it.
(Score: 2, Funny) by iwoloschin on Saturday April 05 2014, @02:45AM
So it sounds like the cloud is really just a bunch of smoke?
(Score: 0) by Anonymous Coward on Saturday April 05 2014, @02:46AM
If it's critical, I'm not "clouding" it. If it's closed source, it's going into any life safety applications.
My next smoke alarm will be a Kidde with the 10-year battery. I'll write "replace in 2025" on it with a Sharpie. I can buy six of them for the cost of one Nest device. If I'm travelling I don't really need to get an e-mail "Your house is burning down!"
Wait, what problem are they solving again?
(Score: 3, Insightful) by carguy on Saturday April 05 2014, @12:52PM
$$$ -->>> Nest
Or if you prefer the longer version: ......
5. Profit!!
(Score: 2) by TrumpetPower! on Saturday April 05 2014, @02:52AM
This sort of "feature" would be perfect for a fireman [wikipedia.org].
b&
All but God can prove this sentence true.
(Score: 3, Insightful) by Lagg on Saturday April 05 2014, @03:02AM
http://lagg.me [lagg.me] 🗿
(Score: 1) by Tork on Saturday April 05 2014, @04:37AM
I don't know the particulars of this product but recent events for me have inspired an answer to this question. The apartment building I live in has sensors out in the hallway that, if tripped, set off stupidly-loud alarms throughout the whole complex. Basically people burn something in the kitchen and open their front door to let the smoke out, a minute later we're all clutching our ears. If the smoke detectors were out in the halls they could trigger the apartment manager's computer (oh, hey, it's 2014, it could even be their smartphone!) and they could see which alarm went off. From there it'd be easy to have whatever security camera is near by visually assess the situation and, hopefully shut off that damn noise and cancel the Fire Department visit.
That's just one idea. Maybe it's stupid, maybe they already have something like that, I don't know. I do know that once a household has a network established then interfaces for devices get a whole lot simpler. Your smoke alarms, for example, don't need buttons anymore. Just a network port, a sensor, and chip running some software. It's a simple build!
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by mhajicek on Saturday April 05 2014, @05:43AM
Sure, but that's outbound data flow. The few advantages to inbound data flow are dwarfed by the disadvantages.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 1, Informative) by Anonymous Coward on Saturday April 05 2014, @05:45AM
Actually, this already happens. In (most?) large apartments, there is a control panel that monitors all hard-wired smoke alarms. This control panel is accessible to maintenance and fireman so they know where the alarm was triggered, when, etc.
This has nothing to do with IP networks though.
(Score: 0) by Anonymous Coward on Saturday April 05 2014, @08:13AM
When your life depends on proprietary software... there's nothing scarier I can think of. The author of this paper Karen Sandler is in that situation.
https://www.softwarefreedom.org/news/2010/jul/21/s oftware-defects-cardiac-medical-devices-are-life-/ [softwarefreedom.org]
(Score: 0) by Anonymous Coward on Saturday April 05 2014, @03:10PM
What the hell drives people to think having a smoke alarm, that is write to/network capable, is a good idea?
How freaking stupid can people really be?