IOT Startup Bricks Customers Garage Door Intentionally

Internet of Things startup Garadget remotely bricked an unhappy customer’s WiFi garage door for giving a bad Amazon review and being rude to company reps. Garadget device owner [Robert Martin] found out the hard way how quickly the device can turn a door into a wall. After leaving a negative Amazon review, and starting a thread on Garadget’s support forum complaining the device didn’t work with his iPhone, Martin was banned from the forum until December 27, 2019 for his choice of words and was told his comments and bad Amazon review had convinced Garadget staff to ban his device from their servers.

The response was not what you would expect a community-funded startup. “Technically there is no bricking, though,” the rep replied. “No changes are made to the hardware or the firmware of the device, just denied use of company servers.” Tell that to [Robert] who can’t get into his garage.

This caused some discontent amoung other customers wondering if it was just a matter of time before more paying customers are subjected to this outlandish treatment. The Register asked Garadget’s founder [Denis Grisak] about the situation, his response is quoted below.

 It was a Bad PR Move, Martin has now had his server connection restored, and the IOT upstart has posted a public statement on the matter.– Garadget

This whole debacle brings us to the conclusion that the IoT boom has a lot of issues ahead that need to be straightened out especially when it comes to ethics and security. It’s bad enough to have to deal with the vagaries of IoT Security and companies who shut down their products because they’re just not making enough money. Now we have to worry about using “cloud” services because the people who own the little fluffy computers could just be jerks.

201 thoughts on “IOT Startup Bricks Customers Garage Door Intentionally

    1. I have the Liftmaster version of the concept. It’s actually nice to be able to open the door from away from home for folks we trust who need access to the garage or house.

      Now, to head off the most obvious replies:

      1. There are lots of ways we can establish the list of folks we trust and how we authenticate when they are in front of the door so we can open it. None of that is interesting for the purpose of this comment.
      2. Did Liftmaster do it right? I don’t know. If I find that they didn’t do it right, I can pull the Internet connected part of it and throw it away and make a relay closer hooked to a Raspberry pi and then fill in all the rest of the solution myself, but it’s a far less efficient use of my time (which, at the end of the day, is the only thing we all truly own outright).

          1. that ones easy, just let your hand rest over the entire keypad while your at the atm making sure that your fingers touch each of the buttons.

            OR

            have a pin long enough that it uses up all of the numbers, Bank pin codes should not be a 4 digit combination any more.

        1. Now make the dog walkers forget the code when you fire them.

          Most keypads have a too small number of codes you can program, and programming them is such a pain in the ass most people get lazy and just give the same one out and never change it.

          1. Most of the ones I’ve used have you hold down a magic button and then enter a new PIN. My laptop’s combination lock has the same user interface, even though it is purely mechanical.

      1. A few scenarios.
        1. Replacing the remote can be expensive.
        2. For the technologically unfriendly, handling multiple people with an app can be easier than setting up a second or third remote.
        3. “Did I close the garage door? I closed it right? You saw it close?” If you’re a worrier, this is great tech.
        4. Granting access to your garage for a friend while you are away is simple. You just open the door from your phone.
        5. You know who used the garage to open or close and when. That can be a problem or a solution depending on who is looking at whom.

        1. all of which could be solved with a keypad and unique access codes, combined with an rfid FOB for 2 factor authentication.

          so why would you add a third party in the loop with unsure trustworthiness.

        2. I install garage door openers. Setting up an additional remote on the most common models is extremely straightforward. You press a setup button on the wall panel, then you hit the button on the remote you want to pair. Done.

          1. Mine does and it tracks which remote or keypad opened it I’ve even thought about adding a keypad camera. Oh wait that doesn’t count, I built it myself…

          1. Hahahahahahaha

            From personal experience: you can show the police a video of the burglar’s face and they won’t do a thing. Gonna go all CSI with fingerprints and DNA over a garage breakin? No. In my case I even had the crowbar used to smash the window (they left it behind and didn’t wear gloves) and the police didn’t want it. Your best bet is a good alarm system and reinforced entries that make it physically difficult to get in. Every single one of these IoT security systems are good for only one thing: proving to the insurance company that there was a breakin.

          2. From experience, police only file a report unless someone was injured. I was home when someone broke in, the guy ran off and the cops just looked and said “wow”. Had I been away but with a security system, I could have called the cops while the guy was breaking my door, they could have showed up while he was in the process of stealing my stuff. Probably not, but it’s good for insurance claims.

      2. My garage has a handle and a keyhole for a physical key. Works fine. For some reason, opening it when I’m not there to go in or out has never been useful.
        Plus a physical key means insurance is happy. Very difficult to prove forced entry when an IoT device is hacked.

      3. Convenience. It’s easier to just push a button and have the door open for you, especially when it’s raining.

        Not that it has to be an Insecurity of Things device, regular RF remotes have come with garage door openers for decades.

      4. I bought the liftmaster version so I could remotely check to make sure the garage door is closed. Every other way of opening still works. I would never buy something that would be disabled if it can’t access a server. That concept is why it takes IoT to spell idiot.

      5. Not only is it connected to the internet, but it won’t work when not it seems, so not only is that grade A idiotic to the presidential level, but it also means that they can and will track all access to your house.

        People who buy such things should not have homes or money to be honest.

    2. I used my IoT garage door to catch my housekeeper leaving early on several occasions. She doesn’t do that any more after a little chat (we didn’t tell her that we know when the garage door opens or closes, only that we know she left early). I also opened the door remotely for a neighbour to take our dog out when we were unable to get back home at our planned time. Very handy.

    3. Geeks love to make things more complicated so they can have bragging rights,

      Look a IOT garage door is just asking to be hacked, same way with that IOT thermostat and internet accessible security system. Now you’re not only still vulnerable to B&E artists, but now you have to worry that that Chinese made piece of junk having a back door or just really badly written software that allows hackers to turn it off.

      Or worse that the company who sells it are run by total d-bags that may want to ruin you life for fun because now they control your home, not you.

      1. you dont need an internet connected garage door to get hacked, most older “manual” ones have a remote as well, those often have abysmal security and can fairly easily be sniffed.

        i even think there is an article on it here on HAD.

      2. What this is begging for is someone to do a system wide revenge hack. The management deciding that vandalizing a product and service they have received payment for remotely, as a punishment for their definition of ‘bad behavior’ is OK makes me sort of hope for overwhelming opposite bad behavior back. If we are to believe in a free market then this type of revenge against customer thing probably shouldn’t be one sided and the market should somehow crush this company badly enough to disincentivise anyone else with a company or business to loose from considering this sort of shenanigan.
        This is the result of stupid no-negotiation opening the shrinkwrap or booting up=agree contracts taking away the natural rights of ownership of the stuff we purchase. It only gets worse when we add ‘cloud’ to anything where the manufacturer completely owns the remote infrastructure which allows your precious gadget to even work and can reasonably set conditions where they can permanently disconnect you from cloud hardware ‘privileges’ like a club bouncer 86ing you because he doesnt like you despite having paid for the tickets to the show. Sure you can sue for loss of services in libertarian wonderland but in both cases but that is a big relative money and time risk and investment on your part to get a small settlement or refund, and since we are not in libertarian wonderland the bigger players probably have the purchased backing of the law and more money to hire lawyers and appeal to make an example of you.

    4. I created my own opener with a RPi and an android app. It really is convenient, especially because I built adjustable geo-fencing into it. When I’m riding my motorcycle, I don’t have to fumble around for the opener or stop in my driveway to open the door, it just opens as I get close and closes as I drive away. Getting alerts if the door opens when I’m not home is also really nice, not so much for security but because I occasionally use a dog-sitter and there’s a lot of peace-of-mind in knowing that she arrived and my dogs are being let out.

    5. I have INTRANET enabled my garage door so I can close it with a web browser. The close signal is interlocked with a proximity sensor that prevents it from being opened remotely.

      No way in hell would I buy and use any IoT device that requires it be connected to some internet based remote server to work. IoT in my books is “Intranet of Things” or nothing.

    1. Isn’t the “offline mode” of an IoT garage door opener to just push the button mounted on the inside wall of the garage or on a non-IoT traditional RF remote control opener?

        1. But no one will want to make an IoT garage door opener that can work without phoning home to know if the door should be actually opened or not, giving full control over the garage door to the manufacturer (and anyone which has either enough money to corrupt the company or enough skills to hack the servers).

          1. People are voting with their feet so to speak (or so to type about speaking about voting with feet).

            A lot of businesses have tried the “as a service” model and have been rejected by customers and this will only get worse as consumers become more aware of the traps.

            For example, I now only use the free version of Eagle as a *file viewer* only.

  1. I’m normally about as anti-litigation as it comes but I’d love to see a court case come out of this. We need laws in place that require devices like this to still be able to perform their basic function (open & close the door) regardless of any other features being enabled. Imagine if August did this and you couldn’t escape your house during a fire.

    1. August doesn’t prevent you from unlocking or locking the door from the inside. You just twist the lock body in the usual manner (usual except for the size difference of the “knob”).

    2. You need a law for what purpose when one can simply apply discretion in choosing to buy products that behave in the a manner to which the desire. It is almost absurd to suggest this requires regulation.

      1. I bought an eye-fi SD card and the software had server dependence. After the warranty expired they turned off the server forcing customers to go and repurchase.

        There was nothing in the purchase agreement that mentioned server dependence of that the functionality of the device could be switched off at any time. The device had no need for server dependence as it was not a server based product.

        And what about companies making and distributing products with server dependence and then going bust!

        We at least need a regulation that says that the customer must be able to re-configure the device to work with an independent or alternate server or service provider. And that if something is to be sold as “hardware as a service” then it must be stated so prior to purchase.

        We are seeing the start of a ‘wild west’ with companies / corporations doing what ever they can get away with.

          1. I am very luck in that we have very good consumer protection legislation in my country. The purchase transaction itself implies contractual obligations on the seller and consumer rights to the purchaser.

        1. Precisely, a lot of devices are made to operate in a push button > send command to server > server says turn light on > light turns on….. when it could have been made to push button > turn on light using local connection.
          But companies are greedy and want to charge for this as a service and gather data…

          1. Companies want to get full control over all your stuff. If they decide you shouldn’t turn off your lights, you won’t be able to turn them off, but you’ll still have to pay the electrical bill and the “cloud” service. And you couldn’t sue them because the 100-page EULA “explicitly” (page 99, small text at the bottom) says that your light switch is actually owned and controlled by its manufacturer, not you.

        2. Eye-fi doesn’t require their server. Mine works fine despite the server being turned off – Except that it’s too slow in transferring larger files from new cameras.

        3. Yah that is just piss poor design as it would be trivial to make it were it has a simple embedded file server in the device and the client side app just looks for the device on the network.

          1. It wasn’t poor design at all, it was intentional. The device can and did work directly from device to PC. The remote server dependence was created *specifically* so they can render the device unusable at will. If the software couldn’t log in to the remote server it just stopped.

      2. caveat emptor only works in extremely simple economies with limited people (think less than a million total), in a multi billion person economy caveat emptor is idiocy pure and simple, pretty much every western country knows and acts with that knowledge in mind, only in the US is this truly controversial.

  2. I have to wonder who had concluded that what looks like a mere one star review without any particularly viral-worthy writing was a bigger danger to their business than the sort of bad publicity that would come from deliberately shutting down a paying customer’s equipment. This may very well be the worst marketing move of the year, and it’s only April.

    1. When censorship does not work, companies use force and do whatever they can do.
      But this isn’t the worst marketing move ever: when force does not work, companies corrupt the government and/or propose a new law to get more power. John Deere just did that some time ago.

  3. A bad review and rude language?! Say it ain’t so. I remember my first time dealing with customers… But seriously… I have to wonder why it was so easy for the customer’s service to be turned off. It’s difficult for me to imagine that this would have happened if there was more than one person involved in this decision making process.

      1. Probably as much as your post wastes our time for being there. You could have however just ignored it instead of eating up serverspace showing the whole world how sensitive you are.

    1. I am the FIRST one in line to bitch about hipster millennials (I work in design in NYC, they’re ALL around me), but judging by the pics on indiegogo, this is a grown adult who flew off the handle. Sadly, Gen-why brooklyn transplants don’t hold exclusive rights on being insufferable.
      The problem with a lot of these startups is you’ve got a person or two who are great at their thing, but terrible at all the other things you need to do in order to bring a product to market, and to (ugh.. *shudder*) support it.

    2. https://www.youtube.com/watch?v=LD0x7ho_IYc
      do you really think this is based on peoples age and generation?

      how come every time there is something like this some unthinking idiot tries to blame a specific generation, nationality , religion or ideology?
      now before you get your knickers in a twist i am not saying those cant contribute to issues, but it is so rarely the sole or even primary reason, portraying it as such is just disingenuous

      i have met oversensitive idiots of all ages, pretty sure i am not alone in that, to some extent your posts here even prove that.

    1. THIS^^^ I always say if you have so much stuff that you need a computer to run it, it may be time to simplify.
      I also find that people that are into ‘timesavers’ as these things are slated, spend an inordinate amount of time dealing with keeping them working properly. Then there is also the problem of an OS upgrade breaking that app’s usability.
      Concerning the article, what happens when some enterprising hacker takes their boxxy and opens everyone’s doors as a PoC?

      1. It is not necessarily bad, to have computers run some of my own stuff. But it is necessary, that it is MY OWN computer and that it does not NEED an outside connection (except power, that can be substituted). No cloud-shit!

  4. So you have a door, that will fail to open if you have a local network issue (probably WiFi), or your ISP has a network problem, or the entire internet between you and the cheapest cloud provider selected by the company who own you IoT device has an issue, or the cheapest cloud provider has problems, or your mobile phone operator has a problem or ……… yea this Internet of Trash stuff sounds fantastic.

  5. I built my own, but you have to be either on the local WiFi or VPNed in to my network to open it. It’s main job was to close the door, if I forgot to close it myself, after 10 minutes. It also takes pictures of anyone who triggers the motion detector and ships them up to google, so don’t get any idea’s about breaking in.

    1. Thieves don’t care about cameras anymore. If they do a B&E and are halfway smart, they wear a hoody, mask and gloves and they’re in and out in under a minute.

      With a little luck you might be able to find your stuff on Ebay.

    1. It certainly seems so but I hope they build in some sort of redundancy, Hopefully they can push firmware updates out remotely and sort that issue if it ever creeps up.

      1. Despite what your professors have said, no one likes dealing with a company that is so sensitive after they have taken someone’s money and essentially denied support maliciously.

        The term is “optics”. Look it up.

  6. LOL, run your own server you dumb schmucks, a $15 SOC module has all the power you need for such banal tasks. Even if you have a task needing the cloud you can run a VM on the systems from any number of providers so if one goes down you can move the VM to another (or have it waiting ready to go if it is that important), just never, ever, put other people in control of your life so directly and completely.

      1. Right, it’s starting to seem like the internet of tomorrow, like hydrogen is the fuel of tomorrow… and for the last 15 years there’s been some fluff piece every 6 months about “OMG that’s all folks, no more IPv4 addresses available!”

      2. IPV6 has been a complete flop because it fails commercially.

        As a service provider (hypothetically) would I prefer to sell you an IPV4 for $2 to $10 per month (because they are rare) or give you and IPV6 for practically nothing because there is no shortage of IPV6.

        IPV6 took so long to be accepted as a model that most of the IPV4 issues had been solved first with shared IP server hosting and changes to the DNS structure to reduce IPV4 usage. We are perpetually in a position where have *just enough* IPV4 because when availability gets lower prices get higher and less people then want an IPV4 creating a cost / demand stability.

        If someone were to make a certification system like (NS is to Name Space or block-chain is to Bitcoin) that allowed average people to OWN (rented or purchased) IPV6 and be able to move that IPV6 between providers using the certification system rather than having (chargeable) dependence on service providers then consumer demands and expectations would drive the market towards IPV6.

        At the moment the market is under the control of service providers who don’t want IPV6 implementation because they are profiteering from dependence on IPV4.

        1. Though the thought occurs, if there’s so many IPv6 that you don’t really need to “own” own one, because they’re practically disposable, why would you really wanna buy one.

          Though in server and data center land, wonder how many “islands” of IPv6 there are now that just NAT you across.

          1. Why does anyone own IPs now –
            – You want to run a server but you don’t want to reconfigure everything every time your ISP changes your dynamic IP address
            – You don’t want to pay for myfridge.com, mygaragedoor.com, mypeniswarmer.com
            – You want a hierarchical trust based encryption which is signed to an IP like (SSL) security certificates
            – You want to use a proprietary protocol over TCP/IP
            – You want to avoid DNS dependence associated with domain name space
            – You want a dedicated server
            – You want to hard code an origin or destination

      1. Ah well, least it’s got the JTAG pads. You could either start a service flashing new firmware to it, or maybe sell a gadget that presses onto the PCB and flashes it that way. That’s if there’s no backdoor into it through IP. This is for when the company goes bust, I mean.

        I can’t think why this even needs a separate server, except to be able to brick it. Should work fine with a simple HTTP server on the thing itself.

    1. Have you read the bad reviews on Amazon? I’m not talking about people who gave them a bad review after this started but bad reviews starting back in October 2016… Lots of them with similar complaints. I think they’ll do fine putting themselves into bankruptcy on their own.

  7. So if you’re actually familiar with the product, this device wires into the same terminals that the standard wall switch does. It’s just an iot relay that mimics the same momentary switch press. So his garage door still works fine, it’s just that he’s lost functionally of the garagadget.

    1. Who is to say that he kept the switch wired up? A lot of people just expect things to work and may choose to do away with redundancy (the switch), Or perhaps it was a new install of a garage door system and no physical switch was installed to begin with. The fact of the matter is they cut him off for complaining which may have left him with a non functionally garage.

    2. if thats the case then why not get an iot or even a bluetooth device like a xbee and arduino and use that run the door?

      in fact look at the post a while back where someone hacked a wireless kill switch to prevent the door from smashing into cars on the lift

      1. I have mine setup with a smartthings compatible smart plug and an AC sensing relay. The advantage to the Garagadget is that it includes a laser to sense if your garage door is open. Price point sometimes makes it cheaper than running two smart devices and it’s open source.

    3. He still bought and paid for their device, and when he was critical of it they cut his service off specifically.

      That’s incredibly unprofessional on the part of the company.

  8. As to “Why?”, I can say that having an Internet-connected door helps with the “is the garage door open?” question and allows you to check and to close it w/o having to be within sight of the door. I speak as one who has driven off and left my door open, then wondered about it 2km away.

    1. Probably the only use case I see is if you have a disability of some kind… in which case it could be helpful.

      That said, it should only respond to the open command from a device on the same network (after the appropriate authentication handshake). The close command could be issued remotely without issue.

      1. I believe most large and heavy objects should not move unless someone is there to confirm absence of innocent people/children in the travel path. I’d hate for a garage door to close on top of a child. That’s at least one reason I believe garage doors are best open/closed with the usual remote or wall-mounted push button.

        1. Presumably it’d be sensible to have the door remote also interface with a camera so you can check, but yes, probably better to be in visual range.

          Ours needs someone to pull on a cord until the door is shut. Nothing electrical whatsoever, if you let go of the cord, two springs pull the door open again. The advantages being there’s no electrical components to not work in a black-out or get hacked.

          Others have brought up the fact that mechanical locks cannot be audited. If we wanted auditing, it wouldn’t be hard to add a simple detector to determine if the door is up or down and to simply log. Have a battery back-up, remain in sleep mode most of the time, wake up when the door moves. If there’s a network outage, store it locally in NVRAM until next time. That too, is fairly secure because hacking it will not gain you access to the house; it’ll just tell you when we enter or leave (though that is still useful information for a criminal).

  9. if the product requires a connection to their servers, then their servers potentially store the comings and goings of all of their customers. I wonder how good their security is? I also wonder why people feel that it is a good idea to give that kind of information to a third party with an unknown security track record?

    f all the solutions that an IOT garage door provides, i cant think of any solutions that being friendly with your neighbours wouldn’t solve. An added bonus is that they have a vested interest in making sure that your property is secure as a higher crime rate in the area would reduce the potential price of their house… Or are we already too far past that point in our draining humanity?

    1. Of course that’s a very good option, if it is an option. Depending on where you live, protection from the neighbors could be necessary. Not that this is a good situation.

      1. if your neighbours are unfriendly then adding in more possible attack vectors is probably not a good idea any ways.

        This was a solution looking for a problem and lots of people have created that problem in their own heads. It seems to be a prevalent problem in todays society (regardless of generation, race, gender or religion), the logical progression of solving problems is ass backwards. Now companies sell us solutions and a whole lot of people go looking for problems that those solutions can solve, constant phone upgrades are a prime example of this.

      1. Dont know, I’m Canadian. When we have a problem around here someone usually gets called out for a little bit of street hockey and maybe some gloves get dropped…. up here our guns are used for hunting and/or bear protection.

  10. This is utterly intolerable. Since when did IoT automatically mean it requires an Internet service to function? Especially in something so simple and binary (open/close). There is so much wrong with that stupid decision that it boggles my mind.
    What’s wrong with the unit hosting its own Web server with everything you need to operate it and query it built right in? Even if u need to access it from afar, What’s wrong with opening up a filtered port on your broadband modem firewall? Although for a garage door opener it boggles my mind why you’d want that if u could access it via your home wifi, from inside or outside <100 feet.
    It can still call the company for its own firmware updates, and it won't be rendered useless if you lose Internet connectivity.
    The current definition of IoT sucks donkey balls, it seems.

    1. come on … not everyone is able to do stuff like that! it’s one thing to set it up and configure WiFi and an app vs. connecting over ports and dynDNS and browsing to a page all the time. “Normal” people know how to open dedicated apps and push a button. You have to think of the below average experienced user.

  11. Am I the only one thinking that this is not the worst response to an annoying / rude customer? Customer is king is such an old fashioned way to do business. Customers can be assholes. Life is too short to deal with assholes. That’s also why I don’t read comments here :D

  12. The Internet Of My Things™ only depends on my own internal servers to work. There are a large number of ways such things can fail that have nothing to do with customer support having a thin skin.
    What if an (unbeknownst to me) Person Of Interest comes to my house, my Ring™ doorbell sends their picture to the local authorities, and the next morning at 4am jackbooted thugs break down my door and take me into custody for questioning? Well within the realm of possibility – in fact, it already happened – remember the guy who was arrested for child porn because his neighbor hacked his wifi?

  13. personally I understand to idea of a remote anything in the house, but what I don’t like in this case is it only works if you go through someone else’s server. I don’t even like using cloud based programs that force me to store my files on their server.

  14. Garadget sound like a bunch of assholes and should be boycotted. At a minimum the person who had the bright idea of kicking the customer off the server for a bad review needs to find another place to work. Or perhaps do society favor and not go back to work at all. There are some people we are just better off without.

  15. The Internet of Things is great as long as I control all (most) of the things. If there’s no cloud involved, there’s no chance of a cloud failure (intentional or otherwise) ruining your day…

  16. Have Kids!.. they are the perfect garage door opener and get out, open gates etc when you are driving around on the farm as well as check the mail. If you train them well they will even make you coffee. Wife 1.0 can still change the Chanel on the tv and take phone messages :P (until she reads this)

    1. Somehow true. My parents installed electric garage door openers only some years after we left their house. :-) Same with motorized snowblower-machine for cleaning the driveway in winter and a pool cover which can be operated by a single person (with a simple mechanical crank device).

  17. Interesting. In the legal world this type of behavior is known as “Self Help” and is generally illegal (but I’m no lawyer). I just remember hearing about this from a lecture on software and the law. The example was given of a software company that leased a piece of software to a client and on lack of payment, the software destroyed the client’s data files created by the software. I believe that they lost a rather large amount of money in a lawsuit.

  18. Oh, c’mon, the article makes it look like they hard-bricked their customer’s garage door. There was a backdoor by design, no reason to complain. Plus, a running firewall will protect your gateway from soft-bricks, exposing the dark cloud of burnt foam… okay, I’ll stop.

  19. did not brick his door, the door still goes up and down, he just cant do it from his cellphone away from home anymore. IOT is not bad, Cloud based is what is bad. And that is the problem 99% of this crap is “cloud based” and every single cloud based system out there is unreliable at best. at worst you are held hostage.

    Oh and the company had every right to do this, he agreed to the EULA that said they could end his service for any reason. THAT is what needs to be talked about how EULA’s are evil and should be fought against.

    1. Normally you can not read this EULA shit before buying, if it is remotely read- and understandable without being a lawyer. I dare to say that most software-based companys would got out of business, if everybody reads their EULAs thoroughly, because they would not sell any more products.

      1. Well that and EULAs are generally so one sided as to render themselves unenforceable. However that isn’t going to stop a protracted uphill legal battle with a company that doesn’t have to be in the right, they just have to break (read: bankrupt) you.

  20. As said above, the problem is the cloud. The whole point of the original internet was that it was a peer to peer network that allowed any node to talk to any other node. Unfortunately, the Internet has morphed into an asymmetrical, centralized command and control network that put power in the hands of businesses and governments that control the cloud. Why does it need a central server to remotely open a garage door? It is because that is how businesses can make a lot of money by vacuuming up data and, maybe in the future, holding devices essentially to ransom. The solution is technically simple and required for IOT to fulfill its potential. Create open IOT systems where any device is technically capable of talking directly to any other device without intermediaries (unless you choose to use one). We know how to provide security and privacy in a peer to peer environment. If you own the User Interface (say smartphone) and you own the IOT device (say door opener) then they should talk directly to each other after mutual validation. The data should stay in your possession unless you want to sell it.

    1. Yes. And if I want to do so, what would be a good and easy to implement and use protocol and base for this? Probably a Raspberry- or OrangePi together with ESP8266 based devices? And what software base? MQTT? Home Assistant? Is there a good Howto for non-programmers? I mean I have a little C knowledge but not much.

      1. I mainly use ESPs at the endpoints talking to a Pi as a local server using MQTT. The application logic on the local server uses node.JS and Node-Red and, right now, I am using a local Blynk server to serve up the UI but I plan to find or build a more open UI server/generator. I use a DDNS service for accessing the server remotely but would like to change to using fixed IPv6 addresses when they become generally available. The ISPs seem to be trying to make that difficult. The plan is to have a completely open, secure, locally served IOT environment using standard open protocols and standardized object semantics but there is still a lot of work to do.

    2. Really it doesn’t the device could be made to use dynamic DNS and then that URL gets sent to the phone app and this could easily be implemented in a transparent manner.

    1. I think it was two decades ago when I first came across the weaselese in a warranty that defined “lifetime” in “lifetime warranty” to mean the manufacturer defined product lifetime, not yours. Immediate thought then was, “OMG, their wet dream is products they can remotely disable.”

  21. That supports my opinion: Absolutely no cloud based IoT stuff for anything that is remotely vital: power, heating, doorlocks. If I should consider buying such a thing it must work with a local server. Be it a tablet like device or a “Fruit”Pi solution. Of course with an open, non-proprietary protocol solution to avoid any vendor lock-in. If I really need outside access than something like a DynDNS service must be sufficient.
    Otherwise these gadgets can do more harm than good.

    1. I have a constant background level of disgust and loathing that I have to have internet that connects to the internet. If I could get internet without internet, I would. Therefore for random technology, the thought “I wonder if I should connect it to the internet” occurs about as often as, “I wonder if I should gouge my eye out with a screwdriver then pour drano in the hole.”

  22. This just means that the “Internet of Things” should be disconnected from the internet.

    TL;DR: stay away from any device that you only control using an “apps” — that is, something that connects to a remote server.

  23. I love Grisak’s comment to the customer about how his poor review “demonstrates your poor impulse control”. You know, because when you’re the head of a company that sells IoT devices the last thing in the world you should be expected to have any clue about is the kind of PR backlash that dickwad moves like this bring about…

  24. “It was a Bad PR Move”

    Or in other words “We’re not sorry we acted like pricks, but we wish it hadn’t caused all this bad publicity that’s now hurting our sales”

    1. There’s no apology possible really, when this has been done, there’s no “undoing” it. They’ve just proved themselves eternally and fundamentally untrustable.

      In that category I also place Kindle for their 2009 deletions of books off devices and as if they didn’t learn the first time, their 2012 disabling and deletion of a customer account. Done twice it’s no oversight, but an ingrained philosophical principle that if they can screw you over they should. Kindle will not see a cent off me ever.

  25. WHEN it is hacked, the first thing that will happen is all connected garage doors will open. For the lulz.
    Assuming that actually happens before he goes out of business or gets bored, stops paying the cloud service and they all turn off and stop working anyway.

  26. Nope, I don’t trust cloud services, I remember back in the early 2000’s all of those photo locker and sharing services that started up. Most (if not all) went belly up when people refused to pay the subscription fees quite a few even tried holding peoples photos for ransom.

  27. Well, they removed the review page and blocked the forum thread. I guess bad publicity wasn’t working well enough for them.
    Only the “remotely bricked” link works to get some quotes about the wording.

  28. That is why i use an opensource system based on mqtt and home assistant, (Opengarage). More so for notification when the garage door is opened and for auto closing if the door is open for x amount of time with no one home.

  29. Consumers should always prefer solutions that do not depend on 3rd parties to run. Consumers must own their devices, by selecting open devices that you can install with your own gateway at home nothing more.

    1. Right, if at point of sale there was a big notice up saying “This device seeks permission from a server on the internet to activate, should this fail to happen, the device is inoperable.” I bet they’d sell a hell of a lot less.

  30. “This whole debacle brings us to the conclusion that the IoT boom has a lot of issues ahead that need to be straightened out …”

    No. What does IoT have to do with it? This problem wasn’t in the IoT concept. It was in the “cloud” concept. An IoT device that doesn’t rely on some company’s server wouldn’t have this problem. A non IoT cloud service is susceptible to exactly the same problem. Somebody else has the keys to your stuff!

    I may very well one day connect my garage door to the internet so that I can open it with my phone and more importantly verify that it is closed. I’ll probably use an ESP or better yet WizNet Ethernet. I have rentors next door and it might be a good way to handle their garage door too so that I don’t have to worry about replacing lost remotes. They can just use their own phones.

    But… There is no way I am putting some strangers with a server located who knows where in charge of the biggest door to my house!

    1. To me it sounds a lot what banks are doing.We been using money to pay for our things, now we use the banks. (cloud server). There is talk about getting rid of money from the gov and banks.Wtf,! It s like we can’t or don’t know how to pay bills etc

Leave a Reply to MikeCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.