Loading

Day: February 11, 2019

3 posts
On
Posted on
in category

Amazon looked to the past to build the future

21 views
Comments are closed Amazon looked to the past to build the future Comments are closed

Over the last 20 years, smart home gadgets have evolved from fantasy to commodity. Walk into Best Buy and there are dozens of products that take just a few minutes to set up. It’s wonderful. Even better, it’s easy. There are lights and locks and screens from big and small companies alike. And therein lies the problem. There isn’t a unified solution for everything and Amazon’s vertically integrated offering could be the solution for the consumer and retail giant alike.

Sure, most smart home gadgets work, but nothing works well together. The smart home has to be as easy as flipping a switch to control a lightbulb. Amazon’s purchase of the mesh WiFi startup, Eero, speaks to the problem. Assembling a smart home containing more than a couple of smart gadgets is hard. There are countless spots where something can go wrong, exposing a smart home as nothing more than a house of cards.

What’s best for the average consumer is also the best for Amazon. In order for the smart home to be easy and functional as possible, one company should control the experience from every entry point. This is Apple’s approach to smartphones and Apple has long offered the easiest, most secure smartphone experience.

In theory, Amazon will likely look to either bundle Eero routers with the purchase of Amazon Echos or build mesh networking into Echo products. Either way, Amazon is ensuring its Fire TV and Echo products can reliably access Amazon’s content services, which is where Amazon makes its money in the smart home.

As Devin explains in this wonderful article, mesh networking is the solution to the problem created by Amazon’s push into every room. Wifi is critical to a truly smart home, but there’s more to it. The smart home is complicated and it goes back over 20 years.

Before wireless networking was ubiquitous, hobbyists and luxury home builders turned to other solutions to add electronic features to homes. Some gadgets still use modern versions of these protocols. Services like Z-Wave and ZigBee allowed home security systems to wireless monitor entry points and control power to otherwise disconnected gadgets like coffee makers and lamps.

Later competing wireless protocols competed with Z-Wave and ZigBee. Insteon came out in the early 2000s and offered redundant networking through RF signals and power line networking. In 2014 Nest with the help of Samsung, Qualcomm, ARM, and others introduced Thread networking that offers modern network redundancy and improved security. And there’s more! There are gadgets powered by Bluetooth 5, Wi-Fi HaLow and line of sight IR signals.

This cluster of competing protocols makes it difficult to piece together a smart home that’s controlled by a unified device. So far, at this nascent stage of smart home gadgets, Amazon and Google have built a compelling case to use their products to control this bevy of devices.

Apple tried, and in some ways, succeeded. Its HomeKit framework put iOS devices as the central control point for the home. Want to turn on the lights? Click a button in iOS or more recently, tell a HomePod. It works as advertised, but Apple requires compatible devices to be certified, and therefore the market of compatible devices is smaller than what works with an Amazon Echo.

Meanwhile, Goole and Amazon stepped into the smart home with their arms wide, seemingly willing to work with any gadget.

It worked. Over the last two years, gadget makers took huge steps to ensure its products are compatible with Google Assistant and Amazon Alexa. Last month, at CES, this became a punchline when a toilet was announced that was compatible with Alexa.

Smart commodes be damned. All of these connected gadgets require their own setup process. Every connected light, thermostat and toilet demand the initial user be comfortable navigating several smartphone apps, knowing their network configuration and what to Google when something goes wrong — because things go wrong.

Amazon’s own Alexa app doesn’t help. The single app is loaded with several tentpole functions including voice calling, skill setup, remote operation and access to Alexa — it’s overwhelming and unwieldy once several Echos are configured under the same account.

Something has to change.

If the smart home is to reach new demographics, barriers have to be dropped and centralized control has to become paramount. A layman should be able to purchase a couple of voice control hubs, connected lights, and a thermostat and set them up through a single app even though the devices might use different networking methods.

Amazon has already taken a big step towards working with different smart home wireless protocols. In 2017 the company introduced the Echo Plus. This version of the Echo speaker included support for Zigbee (Philips Hue lights use Zigbee). Later, in 2018 the company upgraded the Echo Plus and included a temperature sensor and offline smart home networking so when the Internet goes down, the user can still control their connected products.

Amazon has a growing portfolio of smart home companies. Along with its own Echo products, Amazon owns Ring, a video doorbell company, Blink, a wireless video camera system, and recently purchased, Mr. Beams, an outdoor lighting company. Now, with Eero, it can offer buyers a WiFi solution by Amazon. The only thing missing is a unified experience between these devices.

In order for any company to win at the smart home, consumers need to fully trust this company and Amazon has so far only had several, relatively, minor incidents concerning the privacy of its users. A couple reports have surfaced reporting Amazon handing over voice data to the authorities. Other reports have taken issue with Amazon’s video doorbell company’s neighborhood watch system that could lead to profiling and discrimination.

Amazon can weather disparaging reports. Amazon cannot weather dysfunctional products unable to reach Amazon’s revenue-generating services.

Amazon is not alone in its quest for smart home domination. Google, Samsung, and Apple take this growing market seriously and will not let Amazon eat the whole pie. Consumer electronic giants will likely continue to scoop up smart home gadget companies that have traction with consumers. Look for companies like Arlo, ecobee, Belkin, Wyze Labs, sevenhugs and Brilliant to be acquired. These companies offer some of the best products in their respective fields and would compliment the companies currently owned by the big players as they look to offer consumers a the most complete experience.

Article Source

 

On
Posted on
in category

Another fine mesh

18 views
Comments are closed Another fine mesh Comments are closed

Amazon’s acquisition of mesh router company Eero is a smart play that adds a number of cards to its hand in the rapidly evolving smart home market. Why shouldn’t every router be an Echo, and every Echo be a router? Consolidating the two makes for powerful synergies and significant leverage against stubborn competition.

It’s no secret that Amazon wants to be in every room of the house — and on the front door to boot. It bought connected camera and doorbell companies Blink and Ring, and of course at its events it has introduced countless new devices from connected plugs to microwaves.

All these devices connect to each other, and the internet, wirelessly. Using what? Some router behind the couch, probably from Netgear or Linksys, with a 7-character model number and utilitarian look. This adjacent territory is the clear next target for expansion.

But Amazon could easily have moved into this with a Basics gadget years ago. Why didn’t it? Because it knew that it would have to surpass what’s on the market, not just in signal strength or build, but by changing the product into a whole new category.

The router is one of a dwindling number of devices left in the home that is still just a piece of “equipment.” Few people use their routers for anything but a basic wireless connection. Bits come and go through the cable and are relayed to the appropriate devices, mechanically and invisibly. It’s a device few think to customize or improve, if they think of it at all.

Apple made some early inroads with its overpriced and ultimately doomed Airport products, which served some additional purposes, like simple backups, and were also designed well enough to live on a table instead of under it. But it’s only recently that the humble wireless router has advanced beyond the state of equipment. It’s companies like Eero that did it, but it’s Amazon that’s made it realistic.

Build the demand, then sell the supply

It’s become clear that in many homes a single Wi-Fi router isn’t sufficient. Two or even three might be necessary to get the proper signal to the bedrooms upstairs and the workshop in the garage.

A few years ago this wasn’t even necessary, because there were far fewer devices that needed a wireless connection to work. But now if your signal doesn’t reach the front door, the lock won’t send a video of the mail carrier; if it doesn’t reach the garage, you can’t activate the opener for the neighbor; if it doesn’t reach upstairs, the kids come downstairs to watch TV — and we can’t have that.

A mesh system of multiple devices relaying signals is a natural solution, and one that’s been used for many years in other contexts. Eero was among the first not to create a system but to make a consumer play, albeit at the luxury level, rather like Sonos.

Google got in on the game relatively soon after that with the OnHub and its satellites, but neither company really seemed to crack the code. How many people do you know who have a mesh router system? Very few, I’d wager, likely vanishingly few when compared with ordinary router sales.

It seems clear now that the market wasn’t quite ready for the kind of investment and complexity that mesh networking necessitated. Amazon, however, solves that, because its mesh router will be an Echo, or an Echo Dot, or an Echo Show — all devices that are already found in multiple rooms of the house, and seem very likely to include some kind of mesh protocol in their next update.

It’s hard to say exactly how it will work, since a high-quality router necessarily has features and hardware that let it do its job. Adding these to an Echo product would be non-trivial. But it seems extremely likely that we can expect an Echo Hub or the like, which connects directly to your cable modem (it’s unlikely to perform that duty as well) and performs the usual router duties, while also functioning as an attractive multipurpose Alexa gadget.

That’s already a big step up from the ordinary spiky router. But the fun’s just getting started for Amazon.

Platform play

Apple has powerful synergies in its ecosystems, among which iMessage has to be the strongest. It’s the only reason I use an iPhone now; if Android got access to iMessage, I’d switch tomorrow. But I doubt it ever will, so here I am. Google has that kind of hold on search and advertising — just try to get away. And so on.

Amazon has a death grip on online retail, of course, but its naked thirst for an Amazon-populated smart home has been obvious since it took the smart step to open its Alexa platform up for practically anyone to ship with. The following Alexavalanche brought garbage from all corners of the world, and some good stuff too. But it shipped devices.

Now, any device will work with the forthcoming Echo-Eero hybrids. After all it will function as a perfectly ordinary router in some ways. But Amazon will be putting another layer on that interface specifically with Alexa and other Amazon devices. Imagine how simple the interface will be, how easily you’ll be able to connect and configure new smart home devices — that you bought on Amazon, naturally.

Sure, that non-Alexa baby cam will work, but like Apple’s genius blue and green bubbles, some indicator will make it clear that this device, while perfectly functional, is, well, lacking. A gray, generic device image instead of a bright custom icon or live view from your Amazon camera, perhaps. It’s little things like that that change minds, especially when Amazon is undercutting the competition via subsidized prices.

Note that this applies to expanding the network as well — other Amazon devices (the Dot and its ilk) will likely not only play nice with the hub but will act as range extenders and perform other tasks like file transfers, intercom duty, throwing video, etc. Amazon is establishing a private intranet in your house.

The rich data interplay of smart devices will soon become an important firehose. How much power is being used? How many people are at home and when? What podcasts are being listened to, at what times, and by whom? When did that UPS delivery actually get to the door? Amazon already gets much of this but building a mesh network gives it greater access and allows it to set the rules, in effect. It’s a huge surface area through which to offer services and advertisements, or to preemptively meet users’ needs.

Snooping ain’t easy (or wise)

One thing that deserves a quick mention is the possibility, as it will seem to some, that Amazon will snoop on your internet traffic if you use its router. I’ve got good news and bad news.

The good news is that it’s not only technically very difficult but very unwise to snoop at that level. Any important traffic going through the router will be encrypted, for one thing. And it wouldn’t be much of an advantage to Amazon anyway. The important data on you is generated by your interactions with Amazon: items you browse, shows you watch, and so on. Snatching random browsing data would be invasive and weird, with very little benefit.

Eero addressed the question directly shortly after the acquisition was announced:

Maybe they would have eventually as a last-ditch effort to monetize, but that’s neither here nor there.

Now the bad news. You don’t want Amazon to see your traffic? Too bad! Most of the internet runs on AWS! If Amazon really cared, it could probably do all kinds of bad stuff that way. But again it would be foolish self-sabotage.

Free-for-all

What happens next is an arms race, though it seems to me that Amazon might have already won. Google took its shot and may be once bitten, twice shy; its smart home presence isn’t nearly so large, either. Apple got out of the router game because there’s not much money in it; it won’t care if someone uses an Apple Homepod (what a name) with an Amazon router.

Huawei and Netgear already have Alexa-enabled routers, but they can’t offer the level of deep integration Amazon can; there’s no doubt the latter will reserve many interesting features for its own branded devices.

Linksys, TP-Link, Asus, and other OEMs serving the router space may blow this off to start as a toy, though it seems more likely that they will lean on the specs and utilitarian nature to push it with budget and performance markets, leaving Amazon to dominate a sliver… and hope that sliver doesn’t grow into a wedge.

One place you may see interesting competition is from someone leaning on the privacy angle. Although we’ve established that Amazon isn’t likely to use the device that way, the fear doesn’t have to be justified for it to be taken advantage of in advertising. And anyway there are other features like robust ad blocking and so on that, say, a Mozilla-powered open source router could make a case for.

But it seems likely that by acquiring an advanced but beleaguered startup that was ahead of the market, Amazon will be able to make a quick entry and multiply while the others are still engineering their responses.

Expect specials on Eeros while stock lasts, then a new wave of mesh-enabled Echo-branded devices that are backwards compatible, mega-simple to set up, and more than competitive on price. Now is the time and the living room is the place; Amazon will strike hard and perhaps it will set in motion the end of the router as mere equipment.

Article Source

 

On
Posted on
in category

Lenovo Watch X was riddled with security bugs, researcher says

22 views
Comments are closed Lenovo Watch X was riddled with security bugs, researcher says Comments are closed

Lenovo’s Watch X was widely panned as “absolutely terrible.” As it turns out, so was its security.

The low-end $50 smartwatch was one of Lenovo’s cheapest smartwatches. Available only for the China market, anyone who wants one has to buy one directly from the mainland. Lucky for Erez Yalon, head of security research at Checkmarx, an application security testing company, he was given one from a friend. But it didn’t take him long to find several vulnerabilities that allowed him to change user’s passwords, hijack accounts and spoof phone calls.

Because the smartwatch wasn’t using any encryption to send data from the app to the server, Yalon said he was able to see his registered email address and password sent in plain text, as well as data about how he was using the watch, like how many steps he was taking.

“The entire API was unencrypted,” said Yalon in an email to TechCrunch. “All data was transferred in plain-text.”

The API that helps power the watch was easily abused, he found, allowing him to reset anyone’s password simply by knowing a person’s username. That could’ve given him access to anyone’s account, he said.

Not only that, he found that the watch was sharing his precise geolocation with a server in China. Given the watch’s exclusivity to China, it might not be a red flag to natives. But Yalon said the watch had “already pinpointed my location” before he had even registered his account.

Yalon’s research wasn’t just limited to the leaky API. He found that the Bluetooth-enabled smartwatch could also be manipulated from nearby, by sending crafted Bluetooth requests. Using a small script, he demonstrated how easy it was to spoof a phone call on the watch.

Using a similar malicious Bluetooth command, he could also set the alarm to go off — again and again. “The function allows adding multiple alarms, as often as every minute,” he said.

Lenovo didn’t have much to say about the vulnerabilities, besides confirming their existence.

“The Watch X was designed for the China market and is only available from Lenovo to limited sales channels in China,” said spokesperson Andrew Barron. “Our [security team] team has been working with the [original device manufacturer] that makes the watch to address the vulnerabilities identified by a researcher and all fixes are due to be completed this week.”

Yalon said that encrypting the traffic between the watch, the Android app and its web server would prevent snooping and help reduce manipulation.

“Fixing the API permissions eliminates the ability of malicious users to send commands to the watch, spoof calls, and set alarms,” he said.

Article Source