Tag Archives: z-wave

Proprietary home automation platforms spring security leaks

by Steve Blum • , , , ,

Open source makes it harder to open doors.

The open source versus proprietary platform debate is moving into the home automation sector. Z-Wave is a proprietary protocol for wirelessly managing home devices, including locks, sensors and security cameras. It’s been hacked by two network security professionals who wanted to see if it’s really as secure as advertised.

It is and it isn’t.

Behrang Fouladi and Sahand Ghanoun took over a Z-Wave motion sensor using an idiot-simple trick – intercept a wireless command, record and replay it – and defeated a lock with only a little more effort. They didn’t say which one they electronically picked, but from the description I’d guess it was a Yale Z-Wave lock.

However, the exploit didn’t seem to rely on a vulnerability of the core Z-Wave protocol. Instead, it appears that the manufacturers were lazy in the way they implemented it. It’s hard to tell, though, because Z-Wave specs aren’t published.

Which is where the debate begins. Keeping the details as secret as possible means the bad guys have to sit patiently and take one guess after another as they try to crack the protocol. Which many are willing to do. Publishing the details – which doesn’t mean giving it away for free – gives the good guys a chance to comb through the code and find weak spots.

The classic example is proprietary Microsoft Windows versus open source Linux. Historically both have had vulnerabilities, but any problems with Linux have been quickly found and fixed, while Windows has fallen prey to countless attacks. The Linux community reliably treasures people who find problems and tell the world, Microsoft’s response is unpredictable.

The commercial advantage to a proprietary system is that the code is an asset and investing in developing and marketing it can bring a big return on investment – that’s how Bill Gates became the richest man on the planet. On the other hand, given an even start, open source operating systems can be quickly adopted and enthusiastically backed by manufacturers and services providers. That’s why Android is the world’s dominant smart phone platform.

Home automation has been held back by its reliance on proprietary technology and attempts at vertical control of the market. Removing the mystery and attaching familiar brand names will build consumer comfort and confidence, and reduce confusion. What this market sector needs is an open source platform nurtured by geeks and productised by mainstream manufacturers.

A sugar daddy for home automation

by Steve Blum • , , , , ,

MiOS/MiCasaVerde’s Vera 3 multi-mode gateway. No assembly language required, but you’ll need pretty much everything else.

CES – the Consumer Electronics Show – opens in Las Vegas next week. Among other things, it’s an opportunity to take a second (or third or fourth…) look at industry segments that held breakout potential at one point, only to fade off into a niche.

Home automation is one sector that has never lived up to its hype. Several technologies, notably including the X–10 standard, have been promoted as one-size-fits-all solutions for remote control and monitoring of thermostats, lighting and appliances. Some use existing electrical wiring for connectivity, others are wireless.

Sheer geekiness has been the biggest obstacle to its widespread adoption. No one has come up with a simple and reliable user interface that manages several different kinds of devices. Consumers will embrace a push button that opens and closes a garage door, buy a programmable thermostat and sometimes use it, and even master a four-setting mood lighting switch for the living room. But they won’t tie those functions together or try anything more complicated.

You have to enjoy messing around with gizmos and programming languages to get more out of home automation than you put into it. Changes are are in the works, though.

Second-tier consumer brands, such as Schlage, are starting to offer hosted management platforms that control a limited range of devices via a in-home gateway device and do the heavy geeking on a secure, consumer-friendly website for a monthly fee. Startups, such as MiOS, are developing gateways that can be likewise supported for free or a very low annual cost and are able to manage a broad range of devices and connectivity technologies.

The hosted platforms offer limited choice at a premium price. The newer, more open gateways don’t work well enough to appeal to anyone other than a hobbyist. The missing piece of the puzzle is a clear, consumer-simple economic case that supports subsizing the service, putting serious development resources into cross-platform gateways and provides an incentive for the average homeowner.

That piece might soon be provided by electric utilities. They’ve taken the first step with smart meters which can provide detailed data about energy consumption. The next step is to use that information to control home heating and air conditioning, lights, appliances and entertainment systems. Particularly devices that are either always on but not always needed or use “wall wart” adaptors that constantly draw power.

It’s a Big Brother scenario, but consumers have been willing to trade hands-on control of technology for better performance and lower cost in the past. Cars are maintained by computer chips and datalinks, cable television companies host DVRs and Apple built one of the world’s most valuable brands inside a maximum security walled garden.

The opportunity is on the horizon. Next week we’ll see if anyone is serious about riding out to meet it.