from the internet-of-things-that-shouldn't-need-internet dept.
The Internet of things — aka the tendency to bring Internet connectivity to devices whether they need them or not — has provided no shortage of both tragedy and comedy. "Smart" locks that are easy to bypass, "smart" fridges that leak your email credentials, or even "smart" barbies that spy on toddlers are all pretty much par for the course in an industry with lax privacy and security standards.
Even your traditional hot tub isn't immune from the stupidity. Hot tub vendor SmartTub thought it might be nice to control your hot tub from your phone (because walking to the tub and quickly turning a dial is clearly too much to ask).
But like so many IOT vendors more interested in the marketing potential than the reality, they allegedly implemented it without including basic levels of security standards for their website administration panel, allowing hackers to access and control hot tubs, all over the planet. And not just SmartTub brands, but numerous brands from numerous manufacturers, everywhere [. . . .]
For those who need reminders, let us not forget prior SN (horror) stories:
- IoT Pet feeders that stop feeding pets
- Peloton treadmills
- Insteon smart home lighting and other controls
- Smart male chastity devices that won't unlock, need metal grinder to remove
Cloud-connected, "smart" automated pet-feeder system Petnet has had a rough spring. The service not only went offline in February, but all its customer service vanished, too, leaving users in the dark until the company apologized and pushed a patch more than a week later. The service briefly returned for some users but fell off again in March. Now, after weeks of silence, the company is blaming COVID-19 for driving it offline for good—even though its problems started weeks or months before the novel coronavirus became a significant concern.
[...] "Last week on April 14, 2020, we briefed all of our customers regarding one of our third-party connected vendor's inability to fully resource their company and stay functionally online," the message reads. "As of this writing, this situation remains unresolved but we are confident it will be overcome soon."
But due to the exceptional circumstances the COVID-19 pandemic has created, Petnet went on, many of its vendors—largely startups like itself—were "severely and negatively affected in their day to day operations." In short: the funding dried up. Due to a lack of funds, Petnet said, it "re-prioritized and reorganized [its] resources," including:
- We have furloughed 100% of our remaining staff
- We have ceased all future product development, including bug fixes
- We have turned off all non-infrastructure related expenses
- We have terminated our office lease and are working remotely
- We have applied for all available CARES stimulus funding
(2020-02-28) Petnet's Smart Pet Feeder System Back after Week-Long Outage
(2016-07-30) Cats, Dogs Go Hungry as Internet-Connected PetNet Plays Dead
A security flaw in a hi-tech chastity belt for men made it possible for hackers to remotely lock all the devices in use simultaneously.
The internet-linked sheath has no manual override, so owners might have been faced with the prospect of having to use a grinder or bolt cutter to free themselves from its metal clamp.
The sex toy's app has been fixed by its Chinese developer after a team of UK security professionals flagged the bug.
This could be useful to anyone still using the old version of the app who finds themselves locked in as a result of an attacker making use of the revelation.
Any other attempt to cut through the device's plastic body poses a risk of harm.
[...] The security researchers said they discovered a way to fool the server into disclosing the registered name of each device owner, among other personal details, as well as the co-ordinates of every location from where the app had been used.
In addition, they said, they could reveal a unique code that had been assigned to each device.
These could be used to make the server ignore app requests to unlock any of the identified chastity toys, they added, leaving wearers locked in.
Peloton hasn't been having a great run lately. While business boomed during the pandemic, things have taken a sour turn of late on a bizarre host of fronts.
[...] adding insult to injury, connectivity issues this week prevented Peloton bike and treadmill owners from being able to use their $2000-$5000 luxury exercise equipment for several hours Tuesday morning. The official Peloton Twitter account tried to downplay the scope of the issues:
We are currently investigating an issue with Peloton services. This may impact your ability to take classes or access pages on the web.
We apologize for any impact this may have on your workout and appreciate your patience. Please check https://t.co/Dxcht2tQB0 for updates.
— Peloton (@onepeloton) February 22, 2022
[...] For much of Tuesday morning the pricey equipment simply wouldn't work. While the company's app still worked (For some people), Bike, Bike+, and Peloton Tread owners not only couldn't ride in live classes, they couldn't participate in recorded classes because there's no way to download a class to local storage (despite the devices being glorified Android tablets). The outage (which occurred at the same time as a major Slack outage) was ultimately resolved after several hours, but not before owners got another notable reminder that dumb tech can often be the smarter option.
Perhaps one day in the future, scientists will invent a way to make exercise machines that do not require internet access. Such a fantastic invention would be locked up behind patents.
Peloton Admits It's in Hot Water With DOJ, DHS, and SEC Over Its Treadmill Mess
Peloton treadmill owners will be able to run again without a subscription
Peloton disabled a free running feature on its treadmills, forcing owners to pay up
Peloton disabled a free feature on its $4,000 Tread+, forcing owners to pay a $39 monthly fee to use the machine
Peloton faces backlash after disabling free running feature on its $4,000 treadmills
Music Publishers Say Peloton Stole Even More Music, Ask for $300 Million
Peloton's Countersuit Against Music Publishers Over Song Copyrights Just Got Thrown Out
The app and servers are dead. The CEO scrubbed his LinkedIn page. No one is responding.
The entire company seems to have abruptly shut down just before the weekend, breaking users' cloud-dependent smart-home setups without warning. Users say the service has been down for three days now despite the company status page saying, "All Services Online." The company forums are down, and no one is replying to users on social media.
[....] Insteon is (or, more likely, "was") a smart home company that produced a variety of Internet-connected lights, thermostats, plugs, sensors, and of course, the Insteon Hub. At the core of the company was Insteon's propriety networking protocol, which was a competitor to more popular and licensable alternatives like Z-Wave and Zigbee.
[....] With its servers down, the Insteon app appears worthless, and users' automations and schedules have stopped working. Many of Insteon's wall switches were actual electrical switches, so the worst that will ever happen is that they become dumb switches.
Every dark internet cloud has a cat 6 lining. This isn't as bad as cloud connected pet feed fooders no longer working. Or cloud connected exercise machines not working or restricting features with new pay walls. Or Smart TVs spying on you and displaying ads during a live sporting event.