androidhome

Android@Home – Now I’ll hack your house (part 2)

mobilephonesecurity9368433311 Comment

So in part one I introduced some of the reasons why home control hasn’t been a mass-market success, here I’ll discuss some of the potential uses and then cover some security points.

Uses of Home Control

To get your minds in gear, I’ve listed out some possible (and existing uses of home control). The idea of Android@Home will be to bring all this together. I’m guessing people are going to need to buy more network switches in their homes!

  • Curtain and window blind control
  • Electrical outlet control (timers and on/off)
  • TV control
  • Lighting control
  • Home CCTV
  • Burglar alarm
  • Motion sensors
  • Child monitoring
  • Garden lights
  • Pond waterfall and fountain pumps
  • Bath level monitors
  • Home cinemas
  • Thermostats and heating
  • Smart meters
  • White goods monitoring and control (fridges, cookers, washing machines etc.)
  • Doorbells

By Google open-sourcing the platform, this creates a defacto standard for people to kick-start the home control industry. If you look a bit deeper, the technology is a combination of a wireless protocol from Google and a hardware Accessory Developer Kit based on Arduino which means you can access USB devices too. Their software project is on Google Code . Arduino also have a ‘lilypad’ range  for wearable applications. This could even further extend the applications for Android@Home. There are some interesting Arduino projects around, including a combination door lock. I can see how Near Field Communication (NFC), touch tech fits into all of this, but not so much machine-to-machine (M2M) technology, but in theory it could easily be interfaced. The real cleverness in all of this will be in mashing up the data and applications – mood lighting for music, intelligent context based decision making – e.g. I am the only person in the house so switch to home monitor mode when I leave. I believe this will fly because home control has been quite a popular geek project with various methods tried by people such as PSP home controllers.

Security

Clearly, this technology is a hugely attractive target to hackers, good and bad. Being able to find out what your neighbours are up to is going to mean there is a generic consumer market for attacking these systems. This is bad news for your home network.

 
“you are relying on the developer to get it right”
 

Existing problems with Android Market come down to malicious software that has slipped through and plain old bad coding from developers. With home control solutions, you are relying on the developer to get it right. Not only for security, but also for safety. This is an untested area so is probably not completely covered by regulation but I would certainly be worried about my oven accidentally over-cooking something by 12 hours. Many of the goods that are produced with wireless control are going to have their own local safety interlocks but an intentional malicious attack or exploit to vulnerabilities with particular manufacturers could cause chaos. Suddenly your house has become part of critical national infrastructure! Imagine an attacker turning everything on in every house in the UK that was connected? It could easily bring down the national grid. The existence of a botnet of houses could be used to blackmail governments. Wireless, device and perimeter security are the main issues that need to be considered. A lot of this technology is built around the web, which in my view is simply not secure, nor web-runtimes robust enough for these kinds of critical applications.

At a much lower level, if burglars could remotely access your home control system, they could shut off all your security and lights enabling a much easier burglary. Conversely, it can be argued that the user is in much more control, so if their house is burgled in the middle of the day (the majority are), the user can be alerted immediately. This in itself may not be enough to prevent the burglary, but the simple fact that this function exists increases the chance of the burglar being caught. The deterrent that this creates could actually reduce burglary.

One other low level crime which could increase is handset theft. More people lose phones than have them stolen, but by putting home control onto the phone (perhaps it’s an NFC lock to the house too), you are making the user much more of a target.

I could go on and talk about other things such as further loss of privacy – think about the mountain of data Google will be sat on about your habits. There are some other projects which are studying this area – the internet of things. The EU-funded webinos project is also looking at the dangers of connecting real, physical things to the internet and how that can be secured, it’ll be an interesting one to watch. Wait for Google to make their next move in this space – automotive.

Android@Home – Now I’ll hack your house (part 1)

mobilephonesecurity9368433312 Comments

Very exciting news from Google I/O in San Francisco. Android@Home has been announced, a logical move and one which I would wager will be highly successful. With Google TV set to emerge in homes this year and a plan by Google to merge their phone, tablet and Google TV code into one build codenamed “Ice Cream Sandwich” at the end of the year, the company seem well positioned to take on home control. Google TV offers users the ability to control their TV from their Android phone amongst plenty of other features. This basic feature, to use your phone as a remote control for the TV has been something that users have been crying out for for years, with nobody paying any real attention to it. I do remember a great program called Nevo on the iPAQ on which you could control masses of IR equipment. I gained much amusement from changing the TV in the pub and works canteen to the confusion of the staff there.

Cost, Complexity and Fragmentation

Yet home control has never really caught-on. I put this down to a number of factors (which the mobile industry is well used to hearing): fragmentation, cost and complexity. The three factors have combined so far to prevent the market maturing in any sensible way. Yes, there are home control systems out there, but they are all pretty much proprietary. I’ve been considering whether to do some home control for years but the components are over-priced and I can’t interface with them with my own software. Take the example of a remote controlled socket kit from the UK’s B&Q or the control for remote lighting . Everything needs its own remote control. We want to use our mobiles! No doubt this is true of the designers and manufacturers of these products too, which is why I think Android@Home is going to be a roaring success. Others such as Bose may continue to sell the whole integrated system, continuing to target the niche high-end market but ultimately market forces will probably force them to ditch their proprietary system.

Setting up IP cameras in your home now also involves putting some software on your PC. A lot of users have switched to much better open source solutions such as iSpy just because of the poor quality and complexity of the setup of the proprietary (or badged) PC software.

So, in summary, as a normal person I don’t want to pay loads of money, I don’t want it to be difficult to setup and I want to run everything from the same software on my mobile phone.

In part 2, I will discuss some of the uses and why security is critical.