HomeTech.fm - Episode 285 - A New Decade
Episode Date: January 3, 2020On this episode of HomeTech: While Jason travels Seth takes the reins of the sleigh and drives the podcast into the next decade. Big news stories about internet outrage over recycling, Ring getting hi...t with a lawsuit over their security practices, a cool new idea to charge devices remotely and more…
Transcript
Discussion (0)
The Home Tech Podcast is supported by you. To find out more, go to hometech.fm support.
This is the Home Tech Podcast for Friday, January 3rd, 2020. From Sarasota, Florida,
I'm Seth Johnson. Driving solo today. No Jason Griffin. Jason's out traveling still as part of
his holiday break. We're letting him have one off, but I wanted to grab... there's been a couple of stories that have come up over the last couple of days.
And I kind of wanted to sit down and record a show.
I haven't done one in a couple of weeks because of the holidays and the crazy schedules that we both have had.
So I figured, why not sit down, record a show, get it out so at least we have something to listen to.
I know that podcasting typically slows down this time of year and we're
no exception. And I get bored kind of waiting for something to come out and my feet is pretty empty.
So I decided, hey, I should not attribute, I should not add to this problem of no podcast
during the holidays. I should, and repeated episodes, like I could just, you know, play you guys back a super old episode, you know, the highlights of the last, the decade, right? I
could, I could say this is the best of home tech for the last decade, but no, no, no, we're going
to get some fresh shows out, want to get something recorded and in the can. So, and there have been a
couple of stories that have come up over the last week I wanted to talk about and just haven't had a chance to.
So I'm happy to sit down and record a show.
Let's jump into some home tech headlines.
Sonos has a good reputation for building quality speakers, but its latest move has disappointed some buyers.
The outrage is aimed, I should say the internet outrage, is aimed at the company's new exchange program where users put older devices into a, quote,
recycling mode, which effectively bricks them at a software level in exchange for a 30% discount on new purchases.
We've talked about this in the past.
This angered recycling advocates who argued that Sonos is violating the recycling mantra of reduce, reuse, recycle,
and bypass by bypassing the reuse option. Sona suggested
responsibly recycling equipment that has been bricked as part of its new trade-up program,
thus completing the cycle. But this doesn't really make the internet outrage go away.
First off, I got a couple of thoughts on this. This is kind of the dumbest. It's slow news week,
right? So we get dumb stories like this. This is no
exception to the rule. This isn't a mandatory program. So if you care about recycling,
you don't need to buy a new product. Just don't buy the new product. If you care about,
you know, reusing them, just keep using your old product. You don't need to do this. If you
feel it violates the terms of recycling and you believe in it that much.
Don't buy it. It's easy.
It also, you know, if you kind of ignore the first mantra there, reduce, which is part of recycling, don't buy a new product.
You don't have to. You don't need it, right?
Why get angry about reuse if you're ignoring reduce?
Just my thoughts there um or you
can here's another option you can buy a new product sell the old on ebay you probably get
better than 30 return on that too um for sonos in its part they said that 92 of their products
they've ever sold even those launched more than over 10 years ago which is part of this trade-up
program are still in use today that's incredible 92. 92%. You know, I joked a couple of weeks ago that they were doing
this to brick their products that don't brick themselves because they just never die. This
pretty much shows you that 92% of the products they've ever sold are still in use today. That
is incredible. I can't think of another piece of technology I've had in use that long at all.
Maybe a refrigerator? I don't know. I just
had one die the other day. So I guess that the Sonos is still kicking. And I guess, you know,
there you go. To me, this is a clear incentive to sell more product. It's Sonos is a publicly
traded company. This is a marketing angle to this. But also, I think this is a big, you know,
spray painted writing on the wall, Banksy edition, right?
That something new is coming.
Sonos wants to get rid of this older device support and be able to move on to whatever new platform that they have.
And this may just be kind of internally.
Now, they've supported these old products, these old 10-year-old products,
with firmware updates that have brought them up to date. Now, you can't use new features that require more horsepower under the hood, like AirPlay 2 and that kind of thing
with their older products, which you can with the new products. And I suspect that Sonos kind of
wants to move to whatever new platform they develop that has that more horsepower that
gives them the ability to introduce more features without leaving their older products in the dust.
So I think this is, to me, this is kind of like writing on the wall.
There's something, you know, device support is going to be like dropped off or something
at some point within the next year or two where you won't be able to utilize these older
Sonos products the same way that you had or something new comes out and these don't get it. Just like AirPlay 2,
right? You can't use AirPlay 2 on these devices because you need a new one. In more strange news,
again, it's been a couple of slow news weeks, so people have kind of rolled out some crazy stories.
A security researcher has found several vulnerabilities in a number of Ruckus
wireless routers, shocking the tech community who didn't realize that Ruckus even made routers.
Because they don't. They make access points.
Galzorar, I'm sorry if I mispronounced your name, sir,
told TechCrunch that the vulnerabilities he found lie inside the web user interface software
that runs on the company's unleashed line of wireless access points.
The flaws can be exploited without needing a password and can be used to take complete control of affected access points. The flaws can be exploited without needing a password and can be
used to take complete control of affected access points and controllers if they are exposed to the
internet, which would be horrible security practice for any Ruckus engineer out there who knows
how to set up a Ruckus system. Again, my commentary being tacked onto this. Ruckus told TechCrunch it
fixed the vulnerabilities in a previous software update, but said customers have to update their vulnerable devices themselves.
As a quote, by design, our devices do not fetch and install software automatically to ensure customers can manage their networks appropriately.
This came from a Ruckus spokesperson.
You know, I think Ruckus is used mostly in commercial settings and maybe some bigger homes. But the simple fact of the matter is that those
environments, you may not want to have a patch pushed out onto your production hardware because
you aren't the customer for that. Like if this was a Linksys router or something and they pushed out
a security patch, you may be thankful for that. But if it made your Linksys router stop working,
they might be able to push something else out that fixes it. In this case, if there was a problem
with whatever patch they made, it made some bug or some configuration changes that you didn't want
to have happen in your enterprise situation, that could lead to a bunch of other issues. So
Ruckus, I think, has done the right thing. This has already been fixed. But because they don't
have the automatic patch, there's still a bunch of these devices out there. So if you know, Ruckus, I think, has done the right thing. This has already been fixed. But because they don't have the automatic patch, there's still a bunch of these devices out there.
So if you do manage any Ruckus networks, you probably already know about this.
But go ahead and get these updated so you don't have these remote code execution and vulnerabilities things that exist in the older software.
Ring and Amazon have come under fire in recent weeks due to the rise of incidents which hackers gained control of a Ring's user security camera and even up in some situations began to speak through it.
We have talked about these in the past, but over the like right before the holiday, we saw a number of these stories hit, including some kind of shocking ones where someone claimed that their ring camera was hacked and some weirdo was
talking to their daughter in their room, kind of trying to, I saw one that said that there was a
$400,000 Bitcoin extortion plot attached to one of them. There was a bunch of these like
scary stories that came out revolving around rings specifically right before the holiday.
But what ended up coming out of those is that people had
bad passwords or they had good passwords that they reused for the Ring website. And those
passwords get leaked out somewhere else. And, you know, it's the same password. You get your
email address, you get a password, put them together. If you use them on two different
sites, one of them gets hacked. Well, guess what? Somebody else can come along and try it on site number two, and they're into your account.
Now, a class action lawsuit filed in the U.S. District Court of the Central District of California
targeting Amazon and Ring's alleged negligence in regard to security practices has been filed.
The lawsuit holds Ring responsible for damages due to negligence, invasion of privacy,
breach of implied warranty, breach of implied contract, unjust enrichment, and unfair competition.
After the rise in hackings, Ring released a statement saying the incidents were in no way related to the breach or compromise of the company's security.
Instead, it blamed security breaches on poor password practices and the lack of utilizing two-factor authentication. Now, I know before, and I think still now,
Ring doesn't require you to have two-factor authentication,
which I think is a good default.
Like, you can have a strong password.
You can use a password manager.
Jason and I have, over the years, highly recommended this.
Literally, if you're not using a password manager right now,
get LastPass or 1Password.
Both of those are great programs.
They install on your phone. They install in your web browser and have it go around and just every website you come to
starting at the beginning of the year, this is good New Year's resolution, right? Start using
that password manager. It seems like such a pain to do and set up at first, but once you start
using it, I don't know how to live without
it. Like I don't know any of my passwords to any website I go to. I know they are huge, long
strings of random numbers, letters, digits, and symbols. And I have no idea what they are,
but they go in, I type in my one password, it spits out the password and my username and
automatically fills it in on every website. On my phone, it works with face ID. I mean, it's just a no brainer. So once you start using a password manager, you never go
back. And I, I suggested anybody out there, you're listening, you haven't decided, you know, that if
you're listening to this show, I know, you know, that you need it, go out there, get it, um,
start using it. Trust me, it will make your life a lot easier, especially if you're a dealer and like you have all these websites you have to go to to buy things. And you have these really
horrible passwords like, you know, password 1234 or monkey one or whatever. Yeah, those are pretty
bad. And if somebody gets into your account, you know, on some kind of distributor account or
something like that, you may never know, but they could be able to use those passwords elsewhere as well. So give that a thought. Passwords, good passwords are a
good thing. In Ring's case, there was tooling that was made explicitly to exploit Ring devices
on the dark web. This stuff started popping up and basically it allowed any amateur who had a list of usernames, in this case emails, right?
Everybody uses their email these days as a username and a password to bulk attack Ring's website and get into the devices if they had reused a password.
So unique passwords, every website, you should never know what your password is for a website and make sure that they're all strong.
On December 27th, smart camera maker Wyze announced on their community forum that it
was confirming allegations of a massive data breach that was exposed by a reporter for
IPVM.com the day before.
The breach exposed user data for 2.4 million WISE users, including customer emails, camera nicknames, Wi-Fi SSIDs, device information, and the personal health data of about 140 product beta testers, and also limited tokens associated with Amazon Alexa integrations. According to Wise, this data was exposed publicly by a misconfigured database
from December 4th through December 26th when the problem was discovered.
According to Wise, no billing data like credit card numbers or sensitive passwords
were exposed in this breach.
Wise followed up with a number of posts explaining what they're doing to protect user data moving forward,
along with other mitigations that they have implemented to improve security including
partner with third-party auditing auditing firm even though passwords were not part of this leak
wise is recommending changing passwords and implementing two-factor authentication
and unfortunately the way they've done their two-factor authentication it's not available for
international customers so i think they're using the sms two-factor authentication, it's not available for international customers. So I think they're using the SMS two-factor authentication. And while
that's an okay authentication, it is not the best two-factor. So if you have the option to use
anything other than SMS, like Google Authenticator or something like that for your two-factor,
I'd recommend using that. I do not like SMS because it's been shown pretty much that anybody can call up AT&T or whatever and take over your cell phone.
And then if they take over your cell phone, an SMS or a text going to your cell phone is going to go
to them. And they can reset your account and do all sorts of fun stuff if they have that two-factor
authentication, pretty much before you even know what's going on. So yeah that two-factor authentication, pretty much before you even know
what's going on. So yeah, two-factor authentication, SMS isn't the greatest. It looks like Wise knows
that and they're going to go ahead and set that up. I will say this is kind of one of those stories,
I don't fault Wise here. I think Wise, you know, they made a mistake and humans are behind these
companies and humans make
mistakes, right? I've sure made plenty of them in my days. Um, so that's not a big deal. I think
wise responded like appropriately. We're talking like the day after Christmas holiday, right? That
they found out about this and the next day they announced it and said it was patched. So, um,
okay. That's, that's excellent response excellent response time, especially when your team is probably
all at home with their families opening presents or sitting around doing nothing.
That is extremely well-received from me. What I don't like is how this reporter or security
research firm basically exposed this information without reporting it responsibly. I think they should
have responsibly disclosed it to Wise, saw what they did. You know, if they had told Wise,
look, you guys have had a database open. You guys need to do something about it. I think Wise would
have gotten on that and fixed the problem before anybody noticed. Instead, they published this
irresponsibly, allowing the data basically to be downloaded and, uh, and, and parsed through.
That's how we know all this information is out there. 2.4 million accounts are exposed. Um,
man, I, I really wish if, uh, if, if they find, I really wish they wouldn't do this kind of thing.
It gets the headline. It gets us to go over to their website and check out the, the, what,
what's going on there. But, uh, man, I, this But man, this is not done right.
So I really wish that they had handled this differently
for the sake of the wise customers out there
because now all the data is out and it's been released.
They have all the email addresses, which is not good.
So let's talk about some good news.
I ran across this a couple of weeks back.
A technology company called WeCharge, W-I-Charge, I guess it may be Y-Charge, is touting a new wireless charging standard ahead of CES.
The company claims its new AirCore technology will make it into smart home devices in the future, allowing them to be powered from up to 30 feet away from a transmitter. exactly how the technology works are limited, but the Nest thermostat-sized power puck, as it's
called, uses infrared to broadcast power to receiving devices. Kind of interesting, infrared.
So it implies to me that you're going to have to have a line of sight from the transmitter to the
receiver. Receivers are small and potentially could be embedded directly into devices like
cell phones. And even on their website, they have Google Home power supplies that you can kind of attach onto a Google Home.
Kind of interesting.
The company claims that this is completely safe for consumer use.
Of course it is.
It's infrared.
It comes from the sun.
So it's definitely completely safe.
Curious to how this works ahead of CES.
I noticed if you go to their website, you can see some of the technology partners they have. Alarm.com is on there. And I think like you think about powering
your cell phone with something like this, but think about instead of big devices like that,
that have decent power requirements, think about like a security motion detector or security
contact sensor. Those types of devices use very little power at all.
And if they had like little small rechargeable batteries built inside of them,
they could potentially receive this infrared signal that turns into power and kind of trickle
charges them all the time. So I really, I think that's really cool. It may, who knows, it may
make it into your phone and you can just kind of like have your phone out sitting on your desk or anywhere in the house that had this, you know, signal going to it.
The company, if you go to the website, they have like in ceiling broadcasting devices.
So it kind of like think of a light fixture that had this built into it. That light fixture would be exposed.
If your phone's kind of sitting on your coffee table or sitting on the couch next to you, it would be receiving that signal and converting it into power.
Maybe, maybe not like a fast charging. This is very low wattage from what I was seeing on here,
but at least it's enough to kind of trickle charge and, you know, at least keep the battery
up and going on your phone and those kinds of devices. But I think the bigger use would be for IoT type devices that, like security sensors and that kind of thing. And I'm encouraged to see
alarm.com being on their partner page because it indicates to me that they're possibly looking into
developing a product line around that too. All the links and topics we've discussed can be found
on our show notes at hometech.fm slash 285. While you're there, don't forget to
sign up for our weekly newsletter, which includes even further analysis, as well as other industry
news that may not have made the show. Again, the link is hometech.fm slash 285. Don't forget,
you can join us, usually, in the chat room live on Wednesday, starting 7, 7.30 p.m. Eastern.
You can find out more about that at hometech.fm slash live. Nothing in the mailbox this week, but I do have a pick of the week.
This is kind of funny.
It comes from a friend of the show, Cody Crossland.
This is Uncle Rob's Tech Tips.
It's an imager video where he is resetting a,
giving you some tech tips on how to reset a Comcast cable modem.
And from my general experience with Comcast recently,
again, I kind of like his advice.
So if you want to go check out that video, I'll put the link over in the show notes at
hometech.fm slash 285.
If you have any feedbacks, questions, comments, picks of the week, or great ideas for the
show, give us a shout.
Our email address is feedback at hometech.fm, or you can visit hometech.fm slash feedback
and fill out that online form.
I want to give a big thank you to everyone who supports the show by listening,
but especially those who are able to financially support the show through our Patreon page.
If you don't know our Patreon page, head on over to hometech.fm slash support
to learn how you can support Hometech for as little as a dollar a month.
Any pledge over $5 a month gets you a big shout out on the show,
but every pledge gets you an invite to our private Slack chat, The Hub,
where you and other supporters of the show can gather every day for
inside baseball conversations about all aspects of home technology.
If you want to help out,
but you can't support the show financially,
we'd appreciate a five-star rating on iTunes or positive rating in the
podcast app of your choice.
Five stars.
That's what we're aiming for.
And one more thing.
Home tech is a proud member of the technology.
FM collective,
a podcast.
You can find other great shows like home on the smart home show and DT and there at technology.fm pretty cool place go check it out that wraps up this week
uh i hope everybody is having a great decade so far uh we'll be back should be back in the saddle
next week with jason as our travel plans kind of level out after the holiday and new year here
uh hope everybody is having a great 2020, like I said,
and we'll talk to you next week.