Smart devices

Notes published the
Notes updated the
11 - 14 minutes to read, 2763 words
Categories: android security web
Keywords: android antivirus battery bloatware data recovery security web

Smart devices are devices that connect over the internet for exchanging data with other systems.

I generally do not want smart devices.

I want dumb devices. Even better if those dumb devices are configurable. And programmable devices (ie devices that can be programmed by me, especially with ease) are probably the best.

Note 📝
there is no official definition of "smart device", but the most common feature of all devices that are labeled by marketing as smart requires being able to be reachable from other devices (through an internet connection).

What’s wrong with smart devices

While there are no requirements on what a device needs to be able to be (or not to be) smart, those are some common properties I see in most smart devices:

  • it needs an internet connection

  • it does not work offline, or only partially

  • it requires some sort of account

  • privacy and security are an afterthought

  • they are opaque, the user does not know how they work or what they do

  • they need updates

  • they have an expiration date

  • they have a kill switch

Internet connection

While it might be true that having an internet connection is not an issue, it does not mean that I want all my devices to be connected to it.

First of all, it consumes electricity for no good reason. Especially on battery-powered devices, this is a huge drawback.

Second, the internet connection might not be unlimited, thus without any control over what data is sent, it is hard to know if it might be a problem or not.

Third, even if electricity and data are not an issue, the server the device wants to reach might be temporarily (or for a longer period) unavailable.


Creating an account is most of the time straightforward, but often also annoying.

If lucky, only an email address (eventually a username) and a password is required. If less lucky, other pieces of information like phone number are required too.

This makes it harder to use the device of someone else (bought second hand, or lent by a friend) if some sort of registration is required, or if it is not obvious how to remove all associated personal pieces of information.

And even if there is no interest in those scenarios, often I would like to try something out before buying it, creating an account might be easy, but what about deleting it? Thanks to the GDPR, companies are more careful when handling personal data, but it is generally not a smooth experience.

Also, there are other complications, like data leaks.


Because those devices are connected to the internet, they are reachable not only by those who bought them but also by virtually everyone else.

For this reason, they mustn’t be usable by everyone.

Unfortunately, we do not know how to write secure software.

We know even less about how to write secure software that is also easy to use.

But even if we were able, there is always the human factor.

It is easy (as in does not cost nearly anything) to try to trick a million people over the internet with spam, and less easy to go home-in-home to one million of person and try to convince them to do something.

How does it work?

Physical devices, no matter how complex, are generally much easier to understand compared to a programmable device.

The hardware can reach only a given set of different states, no matter how big, it is probably nothing in comparison to the number of different states a minicomputer can handle.

Adding the possibility to interact with other devices or other smart features adds a lot of points of failure.


Because we do not know how to write secure software, smart devices generally need updates.

But updates do not only fix errors, they can also introduce new ones, and remove functionalities.

If you bought a smart device for functionality that is going to be removed, then you are in bad luck. A common functionality might be the integration with older devices, like older Android phones.

Being forced to buy a new, or compatible phone, for using another device is wrong, yet it happens all the time.


Testing if a toaster works reliably is easy. Testing if a toaster connected to the internet works is impossible.

Expiration date

No company is going to maintain its product indefinitely, as it will not make any money from it unless customers are paying for the updates.

Thus smart devices that depend on some external infrastructure have an unwritten and unpredictable expiration date.

Kill switch

For a smart device, having a kill switch means that the company producing it can disable it remotely.

The official use cases are often against theft, but obviously, it could be misused (by malice or accident).

Even devices that do not have a kill switch can be disabled remotely. If it is, for example, not possible to turn off updates, or if those are installed automatically, they can be used as kill switches too. Also if some activation or registration is required can be misused for "killing" devices.

Is it possible to do something against a kill switch?

At least in this case, you can contact the support and share proof of purchase if you still have it.

Are those drawbacks worth for having a smart device?

No, I do not believe so. At least not for most devices.

As I do not know how a smart device works, I do not know how much I can trust it. Will it work every time the same way? Or does it have some "smart" functionality trying to help me and change the interface every time or pop-up suggestions all the time? Are all features available all the time, or do some expire after some time?

Many times a dumb device, because it is simpler, not only costs less, and is easier or more intuitive to use, it might also be much more efficient.

Note 📝
It is not true that smart devices always cost more money to the end user. For example in the case of televisions, apparently, the smart one would cost less than the non-smart one because the company can make money from the data it can collect through the "smart component".
Note 📝
Even if dumb devices are easier to assemble, many are more or less impossible to build by ourselves from scratch.

A cheap analogical kitchen timer is, for example, often much more comfortable to use compared to a phone or a smart home assistant.

It will work anytime unless it breaks apart.

It does not consume electricity, so you never need to charge it or replace batteries. It is also not a problem to use it with dirty hands and wash it afterward.

Also, it is much easier to constantly see how much time is left on the timer, whereas with a smart assistant, you have to ask it to tell you how much time is left, and with a smartphone to unlock the screen and open an app to see the remaining time.

Adjusting the timer might be more or less complicated, while with the kitchen timer, it’s trivial.

Obviously, an analog kitchen timer cannot be compared to a smartphone or home assistant, it has a much narrower scope. It is a "specialized"/"optimized" product for a single task.

Another example would be smartwatches. They offer multiple functionalities, but a wristwatch is currently much more practical for checking what time it is. First, it does not need to turn the screen on and off to consume less energy. When using a smartwatch one needs to touch the screen, which is not always practical, for example when having the hands full, driving or riding a bicycle, or during a meeting flicking the wrist isn’t very subtle

Also, it is annoying at night to touch the clock by accident and blind yourself.

And there is the battery issue, wristwatches have it too, except that the battery lasts much longer, and there are also "self-winding" watches; they recharge themself through the movement of the wearer’s wrist.

Like the analog kitchen timer, a dumb watch is an exclusive device optimized for tracking time.

One common property of all dumb devices is that they do not have security issues simply because they are air-gapped. They cannot be accessed remotely, and even if accessed directly, there is not much that can be done (except breaking them). Because there are no security issues, and because the scope is much narrower, it is easier to test them thoughtfully, and there is generally no need to update something.

They also do not have an expiration date, those devices will work until they break apart, and there are no kill switches or automatic updates that can remove some desired functionality.

Of course, planned obsolescence was a thing before smart devices, it can even be observed with something as simple as school books. Often a newer revision of a book comes out after a couple of years with only marginal differences in content, maybe a slightly different layout or chapter orders. Teachers (even rightfully) might want every student to have the same copy of the book.

Might not seem a big issue, but school books are expensive, especially for families with more children, and not being able to use them for more than one year, even if in perfect condition, is frustrating. But smart devices (in general the software industry) made planned obsolescence a much more common issue. Self-repairing is nearly impossible (in the meantime dumb devices are getting harder to repair too).

Are smart devices always bad?

Just like it was hard to imagine why we would need an internet connection on our phones, or why we would need portable phones at all, I currently find it hard to imagine the need for many devices available over the internet.

So there are surely valid use cases for smart devices, the issue is that the choice between a smart and a non-smart device is disappearing for some types of products.

For example, I am unable to find (locally) an analog bathroom scale. I want one that does not need batteries, lasts 50 years like the one my parents owned, that just shows how much I weigh when I step over it, without touching it to turn it on and waiting to power up.

I would also like smart devices much more if they were less opaque to the end-user (like being able to disable unwanted features) and easier to customize.

For example, writing simple programs for Android with Termux made my phone much more enjoyable.

Data Interoperability between smart devices is also a big issue. Often one needs to use custom programs for interacting between different devices, if there were an open protocol, and no need to depend on external servers (or on having an internet connection in general) it would make many devices much more interesting.

Smart failures

Warning ⚠️
This section is in progress. I generally do not search for issues that IoT devices have, but sometimes it happens that I notice something, and I’ll add it here.


This example shows how much updates can be problematic; what happens if you update a microwave with the software of a steam oven? It won’t work anymore. This is exactly what happened to AEG Nederlan.

The cherry on top? Factory reset has no effect and Wi-Fi has stopped working too, so getting an update with the correct firmware is not possible.

Another example is a Blu-Ray player that does not play Warner and universal movies after an update.

And shoe updates can go wrong too!

Even tested systems, like Payment terminals, will have issues.

But probably the most common are printers with planned obsolency, and sanctions are evidently not enough.


3D printer Bambu connected to the cloud started printing, in some cases damaging the device itself.

I’m still wondering why we need smart urinals, and if the flush functionality worked or not while the display was stuck…​


Fridges that integrated with Gmail had some security issues, making it possible to steal the login credentials.

Unsecured devices, even if they do not give access to any personal information, are still little computers that can be used for doing "some work". In 2016 one of the biggest DDos attack has been orchestrated with IoT devices.

But making DDoS attacks is only one of the many possible uses for a device continually connected to the Internet. Using it as a web server, bot activities, mining cryptocurrencies, and so on. On KrebsonSecurity there is a nice graphic.

Some devices are designed with security in mind, like cameras or doorbells, but the risk of making the whole situation less secure is real.

Worst of all are security devices, like cameras, but you cannot even trust the manufacturer to make them secure.

Other devices, like coffee machines and smart lightbulbs, are not acknowledged as potential vector attacks by consumers.

And no, putting an antivirus on those devices is not a solution.

Other problematic smart devices are smart keys for cars, doors, and especially the garage doors of Nexx.

Even devices that need to be connected to the internet to do the job, like a router, can have serious security bugs.

Also when a device can be configured in a more secure way, it is not always easy for the end-user to understand the implications of an unsecured device, in some fortunate cases, the random people over the internet might help you.

Sooner or later all devices connected to the internet, unless maintained and monitored regularly, will get hacked:

One thing is certain: we do not know how to build devices that are secure, especially if connected to the internet.

How does it work?

Turning off some features is not always easy to understand, sometimes the hard way (like unplugging the affected hardware) is the easiest way.

Also, it is not obvious that phones, even when turned off, might still be communicating with other devices. Similarly, turning off Bluetooth from the control panel of the iPhone, does not turn the Bluetooth off.

Most systems, are unnecessarily complex, for example, a switch should be enough to turn lights on and off should always be there, and if it is missing, it can cause a lot of costs.


Once you give some data to someone else, you lose control over it.

It should be obvious, but it is hard to remember that anytime a microphone connected to the internet might be recording what you are doing, and eventually send this data to someone.

Just like this data is sent to someone else, deleting it might be hard, or impossible. I bet that on many devices, by taking them apart and using simple data recovery techniques, it is possible to extract most if not all data. At least on Android Phones, the internal storage is encrypted by default.

In Germany, the doll My Friend Cayla has been banned for those reasons. Similarly to smart assistants, it’s a microphone and camera that are always active and connected to the internet, with obvious consequences for privacy. In America, there have been concerns too.

Even a toothbrush can collect sensitive data, but fixing those leaks is not always the first priority, and you can find a lot of stories where toothbrushes can be accessed from someone else.

Cars have cameras too, and companies can access some of them remotely.

Expiration date

The company Insteon abruptly shut down their servers, without giving any notice to anyone.

Doing a factory reset, in this case, worsens the situation.

Through reverse engineering, it seems that it might still be possible to use some (or all) smart devices again.

In this case Samsung decided to drop support for many features.

And even bigger companies, especially Google will turn off smart devices.

Probably one of the worst offenders is a smart heated travel mug. When the battery dies, the official solution is to throw the whole device away, a normal thermos is much more environment friendly.

Phone manufacturers have been disabling remotely phones too, just because they were bought in a different country.

Do you want to share your opinion? Or is there an error, some parts that are not clear enough?

You can contact me anytime.