Looking for an in-depth look at the Smart Home trends of 2017? Look no further than this new webinar!
Join our User Experience Designer, Joe Sullivan, as he talks about six product categories making waves this year. Joe has a lot of great information on current smart devices, including a look at what each product does, the benefits of incorporating them into your current lifestyle, and some questions buyers and sellers may have about homes with smart home fixtures. Joe also goes over some tips for REALTORS® when working with smart home tech during the listing process. The webinar covers three security and three lifestyle smart home product families – smart locks, smart security cameras, smart doorbells, smart lights, smart thermostats, and smart air quality monitors. If you’re interested in this webinar, head on over to the product page at the REALTOR® Store and check it out! And let us know what other topics you’d like to see covered in webinars – we’re always excited to help our members learn more about technology and its impact on real estate.
Almost three years ago, Chad wrote a post about the beginnings of what he called the Iterative Smart Home. Smart home technology was just beginning to break out into the mainstream, and the need for a common, unifying system was coming to the forefront. Several players emerged (and I’ll cover their fates later in this post) with each vying to become the central hub of a smart home. Where is this technology now, what have we learned in the past three years, and what’s next for the iterative smart home?
The iterative smart home that Chad wrote about seems simple now, but was revolutionary even three years ago. You chose your own devices – which could span multiple product categories, brands, and even protocols – and put them together in a system that you, ultimately, would design yourself. Central to this concept was a smart hub that would talk to all these devices without you having to program anything on your own. There were four companies that Chad pointed out were creating hubs with this in mind: SmartThings, NinjaBlocks, Revolv, and Staples Connect. As of this post (December 2016), three of these four technologies no longer exist; only the SmartThings hub, which was bought by Samsung and is the cornerstone of their smart home product line, can be purchased today. And while covering the fleeting nature of some technology is a post all on its own, I have to acknowledge that in technology, especially in such a relatively new platform like smart home devices, companies will come and go quickly. This, of course, poses a problem when you tie it to devices that typically have long lifespans, like thermostats, refrigerators, and other home appliances; but it also highlights the need for a unifying and iterative smart home platform to emerge.
As I mentioned, SmartThings is one of the hubs that existed in 2016 and is still going strong, along with the Wink, which I covered in a previous look back at some of our old predictions. I personally have a SmartThings hub in my home, and it really brought me around to making that space “smarter.” I decided to use smart products to solve a problem that my apartment’s layout has – a lack of easy-to-access lighting. By replacing my regular CFL bulbs with Hue and GE Link bulbs, I can now control a variety of lights all from my phone; and to handle the bulbs that I couldn’t replace outright, I hooked up some WeMo Insight Switches. The Hue and GE Links can speak to each other with the bridge that Hue requires for use of its bulbs; but the bulbs had no way of speaking to the WeMo switches. On top of this, my new Google Home can only natively speak to the Hue bulbs – so asking Google to turn my lights on and off only worked with those bulbs, and again not the switches. I could create a series of programmed actions through a service like IFTTT; or I could have a hub do the legwork. I picked up SmartThings since it worked with the devices I had just installed as well as Google Home. It was easy to set up – I just plugged in the hub, ran the setup through an app on my iPhone, and within minutes the hub had discovered all my devices and I was up and running. Now, Google can turn on and off all my lights, not just the bulbs. Using SmartThings, I was also able to set up an automation – when my home network detects my phone is close to home, my hallway lights turn on, which is great since I have to fumble in the dark when I open my front door just to turn on my lights.
This iterative thought process is intuitive – I identified a problem, began breaking it down into small solutions, and by taking steps on my own, was able to completely change the way I interact with the lights in my home. Before coming to CRT Labs, I was a bit skeptical on the usefulness of this technology; but now I know I have the flexibility to create a home that works the way I want it to. This is possible because companies are working together to make their products work together, instead of closing off their ecosystems so that you have to buy in to one brand and stick with it.
I talked a bit last week about voice control and the future of IoT; I believe that an iterative smart home will be part of why voice control will become more popular. By allowing a homeowner to chose their products, including the voice controller that works best for them, the owner gains a level of control and familiarity with the system they are creating for themselves. And that DIY mentality is something that we noted in our Smart Home Survey as important to REALTOR® clients when talking about smart home technology. With voice control becoming more common, I think that device manufacturers will begin creating their products with voice control in mind; for example, I could have even more voice control of my lights than I currently do with my Google Home, being able to set lights to exact colors that I save as favorites. We’ll also be seeing a move to have more devices interact with each other out of the box – if your thermostat kicked on in one room, it could trigger a light in the room you’re in to let you know that you’ll be using HVAC at that time. This flexibility will allow us to begin seeing our homes as an entire ecosystem, not just a series of rooms.
After a lengthy summer and fall break, Things Thursday returns! Today, we’ll look at the battle of the smart speakers, and what smart home devices can mean for older homeowners plus much more!
- Amazon Echo v Google Home: Battle of the smart speakers (via Wareable)
Wareable looks at the pros and cons of the two best voice enabled smart speakers on the market. If you’re not sure which speaker to get, this is a good piece for you. Also, please note that Amazon makes the Echo Dot as well, and that goes for $50. I think it makes a great closing gift. As far as the article goes, personally, I think Amazon has the lead, but Google is gaining fast here. Today they released their developer API for Actions, which are like Alexa’s Skills. This allows for custom apps for voice interaction. By way of example, here’s an Alexa Skill for Tech Valley Homes Real Estate by Voiceter Pro. In my opinion, this is going to be the dominant way for controlling and interacting with our homes. It happens we wrote about this very subject and you can check out Adrienne’s post on the future of IoT and the role voice plays.
- What Bruce Schneier teaches us about IoT and cybersecurity (via IoT Central)
Bruce Schneier is a highly respected security expert and boy does he have opinions about IoT and security. They are solid ones at that. Recently he testified to the Congress Committee on Energy and Commerce on the topic of the DDoS attacks. What he does well in his testimony is simply define how we should think about smart home technology and the internet of things in general. Currently, we tend to trivialize the security concerns related to these replacements of everyday devices (smart lights = lights, smart thermostats = thermostats, etc.). In fact, what Schneier recommends is that we don’t do this and instead we see each item as an individual computer. Treat these devices as needing the same hardening as we provide for laptops and other computers. I recommend both the article and testimony above.
- Top 10 Smart Home Technologies for Older Homeowners (via Claims Journal)
SRES Designees take note. Claims Journal just published a list of devices that older homeowners will find useful. MIT’s AgeLab and The Hartford insurance company conducted the survey. Here’s something I found truly fascinating from the study:
According to the survey, just over half (51 percent) of homeowners over the age of 50 either have smart home technology or are interested in buying it. Of those who do not currently have smart home technology but plan to purchase it or are interested in getting it, about half (49 percent) are willing to spend between $101 and $500 on it in a year.
Pretty cool to see these numbers. This seems to align with previous reports and it also shows a great opportunity to provide these devices as closing gifts, as, according to our Smart Home Survey, only 2% of members are giving these devices as closing gifts.
- BONUS: If you haven’t already, check out our Smart Home Survey (via CRT Labs Blog)
Great segue to talking about our Smart Home Survey…We are really excited by our new survey as it’s helping us set direction and see where we can provide coverage. We’d love to get your feedback on it. Let us know how you’re using it too!!
That’s all for Things Thursday this week. Have questions? Want us to cover something? Let us know. You can follow us on Twitter @crtlabs or Facebook.
We’re really excited to write today about our new survey, which highlights the emerging technology needs of our membership and our work. We’re kicking things off with our first survey for CRT Labs: the Smart Homes &REALTORS® Survey. This is an insightful look into what our members and their clients know about smart home technology and where we can help you learn and grow your business in the smart home space.
Member Interest in Smart Home Tech
One of the most exciting things we see in the survey is the amount of interest members have in smart devices and how they can use them in their business. Based on our data, it is not just new and young agents who are interested in this technology, but more seasoned members of the REALTOR® population. A prime example of this is seen in this question about interest in an NAR Smart Home Certification.
What we note is that almost half of those surveyed were interested in a certification program. The characteristics of those interested in a certification are surprising to me in a good way. Looking at the median experience, hours of work, and age, we see that members working full-time and near the overall median member age of 54 are interested in this type of certification; this type of certification appears valuable to industry veterans.
When we move to the second tier of characteristics and break down interest by years of experience, we see that over half of those who say they are interested in a certification had more than 16 years of experience. We also see that members aged 55 and up are very interested in this type of certification.
Currently, NAR does not offer such a certification or designation – but, if you are interested in gaining some knowledge on smart home tech and energy efficiency (and I suggest you consider it because younger buyers are very interested in these features), NAR does have the GREEN designation, with a section on smart home technology and advantages to clients with respect to energy efficiency as part of this designation. Also, if you are interested in getting a better handle on the terms and concepts behind smart home technology, check out our smart home glossary and our internet of things FAQ.
Client Interest in Smart Home Tech
One of the big reasons for NAR members to understand this technology is because your clients will be interested in what these devices can offer them.
These responses are insightful, and confirm that security and privacy are top priorities for clients. Concerns around these two topics have been evident for a while and have become hot topics since the Mirai attacks. Start with our
Smart Home Checklist (44 downloads)
to help clients with these concerns. What is surprising to me is that comfort remains in the middle of the pack as far as importance of functionality goes. That’s typically been a big selling point for these devices. If you look at the “Very Important” slice by itself, you get the top 5 in this order:
- Security 51%
- Privacy 45%
- Cost Savings 44%
- Energy Savings 42%
- Comfort 38%
When you combine the “Very Important” numbers with the “Somewhat Important” column, the functions shift:
- Security 81%
- Energy Savings 78%
- Cost Savings 77%
- Privacy 75%
- Comfort 71%
Energy Savings and Privacy swap places. I’m not declaring anything definitive here, just highlighting an unexpected shift. Privacy moves down the list and Energy Savings rise. It’s not a huge difference between that and Cost Savings, but could be an indicator of future importance for these areas. We’ll be keeping an eye on this.
For us, another interesting function-related finding was that Air Quality rated low. My personal opinion is that this will shift in the coming years as more devices and projects become available and consumers are more aware of the impact that air quality has on comfort and energy efficiency. This is a vertical we are going after with our Rosetta Home and PiAQ projects. Air quality will be key in the function of a smart home. We envision a home that reacts and self-regulates to keep you comfortable and safe. These metrics from air quality will inform decisions made by your house.
What You Can Do
So what can you take from this report and use in your business today? Well, a lot! First, the most surprising graph to me:
According to this, only 2% of you have given a smart home device as a closing gift. Most likely there are a few reasons for this:
- Not understanding what’s on market
- Concerns around privacy and security
Definitely start thinking about the potential of these devices, which are available at a variety of price points, as gifts. First, you can consult our gift guides here:
You can also look at our thermostat tear sheet for more options. Giving these devices as closing gifts are a way to keep the conversation going after closing. These devices last beyond a bottle of champagne and have the potential to offer improved living for homeowners. There is an opportunity for marketing yourself in a much different way.
I wanted to close by saying that there is a lot for us here to work with to offer opportunities for you to help clients navigate the emerging smart home space. Smart home tech is here to stay for these reasons:
- Devices are becoming cheaper and more feature-rich.
- Security for these devices is becoming more important.
- Other verticals (utilities and insurance among them) are paying attention and penetrating the market with offerings.
Knowing what you’re interested in, combined with the ever-changing tech world, helps us at CRT Labs with our primary goals: to educate, innovate, and advocate for the future of technology and real estate.
CRT Labs has come a long way in a year, and the lab is always excited to look ahead at future technologies and what they’ll mean for the real estate industry. However, it’s also important to look back at some old posts and see how our technology predictions panned out. In this post, I’ll be examining an old Bits & Bytes post about the Wink Hub from June 2014. In that post, Chad took a look at one of the early smart home hubs, the Wink Hub, and mused on the future of the smart home (including a couple guesses about Apple and Google’s smart home offerings).
The Wink Hub in our Chicago lab
First, let’s take a look at the past two years of smart home development and the Wink Hub itself. In 2014, the Wink Hub was a new device, created in collaboration with corporations like GE and Honeywell, by a startup called Quirky in New York City. The Wink Hub was a huge step forward for smart home technologies – large companies, already with their toes in the IoT waters, were beginning to think about interoperability and the lifespan of their devices. Quirky was a successful incubator that looked at thousands of ideas a month from inventors, carefully curating their offerings and facilitating the research, development, and production of dozens of products. The Wink was their first major foray into the IoT marketplace, a hub that promised the beginning of the easily automated smart home.
Did the Wink live up to that promise? Well, in 2015, Quirky filed for bankruptcy, which for some seemed like it would signal the end for the smart home hub technology. But Flex, a manufacturing company, bought Wink from Quirky, and Wink soldiered on. As of April 2016, Wink has 1.3 million devices on its network, with 20,000 more coming online each week. That bodes well for the technology, and Wink combining multiple standards into their device (in a world that still hasn’t standardized protocols) means that there will likely be an interest, at least in the near future, for people who want to centralize their smart home devices without feeling encumbered by the restrictions of only working within one company’s ecosystem.
We’ve seen a couple hubs come and go (and I’ll talk more about that in upcoming post), but Wink and Samsung’s SmartThings seem to be in it for the long haul. So that leaves us with the question – what about the future of companies like Apple, Amazon, and Google, who have recently extended their offerings to include voice assistants that can act as smart home hubs?
In his post, Chad mused that if these companies getting into the smart home – and smart home hub – game, would that mean that the Wink (and others like it) would become obsolete? I think instead of watching the hubs get pushed out of the market, the Big Three are embracing what hubs bring to the table. Google Home came to market with support for SmartThings; Apple’s HomeKit currently integrates with the Insteon Hub; and Alexa works with not only those hubs, but the Wink as well. Device manufacturers are creating their offerings for all the major hubs, and while there still isn’t a central standard protocol yet, it’s clear that the manufacturers are interested in allowing their devices to be part of these types of networks in order to get their products in the hands of more consumers.
Wink just announced an upgrade for their hub – the Wink Hub 2.0 began shipping late last month. Does this mean the company has legs? I don’t know if we can ever be confident in predictions in such a rapidly changing marketplace, but I do think it’s easy to see that, for now, hubs have a major place in unifying the internet of things and allowing consumers a wider variety of options when it comes to customizing their own smart home.
Back to the drawing boards.
NOTE: This is part 3 in a series about the recent DDoS attacks using Internet of Things enabled devices. We look at where manufacturers are culpable in this latest attack.
The Insecurity of Things:
– Look into the Mirai
– An overview of what happened
– Wagging the Dog
– What Mirai is really about – security and secure passwords
– A Manufactured Problem – The ‘root’ of this lies with the manufacturers – Here’s what they’re doing, and what they need to do
This is the final piece in my three-part series about the Internet of Things and the DDoS attacks that have taken place in the last month. I’ve saved this post for last because I feel it’s the most essential. As I’d said in my last piece, we, as users, need to create secure passwords and credentials for all aspects of our online life. I focused on what consumers can do to improve their security, but it doesn’t stop with them. We need to hold manufacturers to account. Manufacturers have the biggest responsibility in this.
In the attack on Dyn, a majority of the devices used could be sourced back to one manufacturer, Hangzhou Xiongmai Technology Co Ltd. They make parts for cameras, DVRs and storage devices. You’ve may not have heard of them because they ‘white-label‘ a lot of their products. They also make components used in products and some of those components were open to attack. The reason I’m distinguishing here is I want to make clear that your devices are only as secure as your weakest piece. I should make it clear that Xiongmai has issued a recall for some of their devices, but this is complicated by the fact that, as a company who white-labels, you may have one of the devices and may not know it.
In order to provide perspective, let me cover some of the problems these manufacturers have.
In my second piece of this series, I covered what consumers can do with passwords. I called that piece ‘Wagging the Dog’ because, to me, IoT is the dog and credentials are the tail. Now, I aimed that piece at users and talked about what they could do to improve their security. I want to be clear, however, that for these DDoS attacks, a lot of the blame goes on the manufacturers. The devices in question had default or easy to guess credentials that users of the devices COULDN’T change if they wanted to. You might have seen the list compiled by Brian Krebs below:
From Brian Krebs’ follow up piece on the Mirai DDoS attack.
This list is compiled from the source code for Mirai, the software used to attack devices. It’s pretty shocking to me to see some of the passwords and accounts listed here, honestly. For those who may not be familiar with servers and deeper computer usage terminology, let me say to you that seeing the user ‘root’ on so many of these is scary. Root is the main user of a system. It’s superadmin with all permissions. That means that anyone with those credentials can do whatever they want to that device. But that’s not all, you’re note that at least one of these devices just required the username of ‘root’ and NO password.
The one that really got me though is Xerox. For almost all of their printers, the default user is ‘admin’ and the password is ‘1111’. I decided to see if I could find these listed in documentation on their site. I wanted to see if it would be hard for me to get this information. Unfortunately, it wasn’t. Here’s what I did:
- I searched from my search engine ‘Logging in as system administrator on your Xerox printer’.
- I found the first unpaid result to be the link very similar to the link listed above.
- When I got to the page, this is what I found:
- I clicked on the support page link and searched for a model number.
- I clicked on a link to a pdf for the model in question.
- I searched the term ‘password’.
- I found the username and password for the copier. Here’s a screenshot:
PDF containing this information was easy to find using a model number and searching the PDF for the word ‘password’.
Okay. That was way too easy. Now, I’m not divulging any secret here or hacking any system to get this information. Xerox is only an example of the problem. Their devices weren’t named in the Mirai attacks, BUT their credentials were found in the source code. I’m taking information you could get by reading an article, performing a search and voila! What can Xerox do about this? There are several things:
- Don’t use admin/1111 as the default credentials. Give each new customer a randomly generated way of authenticating.
- Password protect any system administrator documents on their website. Require a ‘customer id’ number along with credentials.
- Remove the display of ANY credentials from PDFs. Instead, put a ‘customer support’ number there, where a person has to call in to get credentials or have a remote authentication mechanism as part of the customer support.
So, I know what you’re thinking. Why doesn’t the user of this printer just change the password? In fact, in the screenshot from Xerox’s site, they encourage users to do that. That can be easier said than done. That password is required in multiple places for support and maintenance. Also, changing the password can be an onerous task. The keyboards on copiers and printers are not the friendliest to use, so creating a more complicated password can be time consuming and having to reenter it all the time could be a nuisance. I will say, though, end user, you should think hard about this. How often do you need to access admin for your system? What constraints does it put on you to change that password? My answer is, do it. Don’t think about it, just do it.
So, it appears to me that admin/1111 is used for convenience of systems support. This lies at the manufacturer’s door. To me, this type of thing is essential to customer care. Build security into your device and work to educate them as to why this is essential to their business. As a non-user of a product, it should not be this easy for me to get this information. Period.
So, now that we’ve looked at passwords, let’s move on to hardware.
Security expert Bruce Schneier first called out the issues with hardware in his excellent piece from 2014. In fact, this was the piece that inspired me to push CRT into the IoT space. He helped me see that we need to protect our members and their clients as these devices were ramping up for the home. He literally ‘peels back the onion’ on the hardware and software and all the challenges wrought. Briefly, I’ll try to paint a picture of the challenge using Schneier’s paints. In order to make an internet-enabled device, you have to pull together a number of smaller components.
As the product manufacturer, it’s most likely you don’t make those components because they require specialized equipment and knowledge. They are also relatively cheap, so, economically, it’s better to buy than build. When you put these components together from various manufacturers, you now have a mash-up of pieces. Some of these pieces are essentially mini-computers and have software running on them. Now, each one of these components with firmware or running some low-level software are a risk because, as we know from owning computers for the last 40 years, software has bugs. Once a vulnerability is discovered in the software on these components, you now have a chink in the armor. The question then becomes, how does one get an update for the firmware for a component in a device you bought and expect to just work? It’s not easy. Does the component manufacturer step up and release the patch? Does the manufacturer then deploy the patch? How does a user of the hardware know when there’s a needed critical patch? Why not just release an update over the air?
Manufacturers need to have a plan on how to work with components companies to deliver better, more secure products. I do understand this is much easier said than done. But, we need to get there. Getting a product to market before anyone else does shouldn’t happen unless you’ve considered all the issues and what you can do to fix them. One company I want to highlight as doing very well at the Internet of Things is Canary. They make a security camera for the home. We’ve been in contact with them several times and have talked about these issues and how they’re approaching them. Out of all the companies we’ve met, Canary strikes me as taking these issues the most seriously.
First, they take their devices to a hacker conference called Defcon every year. They want to see if they can be hacked so they can fix any problems before they make a large impact. We’ve spoken to several people there who’ve said that they work really hard to make sure this device is secure because it’s gathering sensitive data. It’s a video camera in your home. They want to make sure it’s as secure as can be.
Second, look at the security measures they are taking, including hardware encryption:
What that tells you is that they’ve looked at the potential vulnerabilities in their device and are making sure they are covered. More like this, please.
Apple’s Homekit is another example of taking encryption seriously. People get upset with Apple because of their ‘walled garden’ approach to their systems, but there is a method to their madness. In order for your device to become a Homekit certified device, you need to have one of their encrypted chips in the device. You also need to use some ‘bleeding-edge’ security protocols for connecting to their system. Now, we’ve spoken to several manufacturers who’ve said it’s a pretty intense process, both in time and resources. Mirai highlights the need for these measures.
The answer to making other companies follow suit really comes down to putting pressure on the manufacturers and their suppliers. Do we ask the government to intervene? Do we wait for hardware manufacturers to take action like Canary and Apple? The way we see it, there needs to be a way to either certify or validate these devices. At NAR, we are investigating how we could be a part of something like this. We’ve had conversations with companies like Underwriters Laboratories (UL, LLC) and Trusource Labs, public-interest groups like The Online Trust Alliance, Future of Privacy Forum, and Center for Democracy & Technology and some vendors, about how to proceed. We are actively working on setting up a certification/validation type system. We feel like we can help be a part of the solution as we have no economic interest in these devices, yet have interest in the best possible experience in owning or living in a home. As more of these devices are released, more issues will arise. We want to mitigate as many as possible, so a standardization of this process can help to clean this up.
But we have the problem now. What can we do in the meantime? To start, the US-CERT (United States Computer Emergency Readiness Team) provides a list of ways to mitigate and prevent these takeovers of IoT devices. At NAR, we worked with the Online Trust Alliance and issued a statement that 100% of IoT vulnerabilities are preventable in recent attacks. In fact, we released this a few weeks before the Mirai attacks. There are a number of simple steps manufacturers can take to improve their hardware security. What I recommend you do as a user of these technologies, before you buy any product, do a search of the product name along with the phrases ‘security issues’ or ‘hacked’. Search devices you have now in the home as well. Update software regularly. Also, keep following us. We are here for our members. So, if you’ve made it through the three pieces I wrote…what thoughts do you have? Share in the comments below.
RESOURCES FOR MORE READING:
Image from New Old Stock. Original source for the image here.