The Internet of (Somewhat Insecure) Things

A little backstory: I was in my first ever car accident a few months ago. On my way to go camping I was rear ended when traffic stopped. I was okay but my poor car was not. Fast forward a few months and my car needed to go back to the shop. This led to me being up in Boulder, CO where I moved from recently, working at a coffee shop while they looked at my car.

One thing we’ve been putting extra effort to make excel at is automatically discovering and working seamlessly with the smart connected devices in your home. Well a coffee shop isn’t usually a home, but today it was for me. I fired up Josh and took a look at what he found. No surprise, there were about 200 Apple iPhones and laptops (we can’t control those), but there was also a Sonos system that appeared to be piping loud trendy music throughout the place. Sonos speakers are a great product, and one that we have awesome support for (see our post about Sonos here).

The fifty or so people in the coffee shop were completely unaware that soon they would no longer be listening to what I can only describe as jazz hip-hop. Or maybe it’s hip-hop jazz? Unfortunately to avoid suspicion I couldn’t use Josh’s voice control functionality, so I typed “Play some Backstreet Boys” into our interface. Instantly the boyband’s sweet sweet voices were filling the coffeeshop. It only took one song before I heard someone nearby proclaim, “Is that song seriously just playing here?!?”. Halfway through the next one, an employee changed things back.

While we have done a lot of work to make the control of Sonos (and other music players) an incredibly satisfying experience, I certainly didn’t hack their system. In fact, anyone with the official Sonos app could pull it out and control these speakers themselves. This exemplifies one of the continuing struggles that smart connected device manufacturers have to deal with: How do you create an experience that is secure, and yet still allows guests to interact in a meaningful way?

Sonos has obviously taken the approach of just giving everyone physically present full control. This is great if you’re having a party and want your friends to be able to queue up a song. But what if you own a coffeeshop and a tech-savvy prankster happens to come by?

Other IoT companies take different approaches. The Nest thermostat, for example, requires you to authenticate yourself and log into its app. As a user, you can permit other applications access to certain permissions, possibly one by your car manufacturer that adjusts the temperature when you park at home, and revoke these permissions at any time. It doesn’t allow an easy way to give guests to your home access to control the thermostat through an app though, and they will have to go physically turn the dial if they want to change the temperature.

LIFX, on the other hand, makes connected bulbs with an approach similar to Sonos. By default, anyone physically present can control the state of the bulbs, turning them on or changing the color, however they don’t have access to everything like Sonos grants. Users can’t, for example, change the name of bulbs or edit the room that they are in. Guest access can also be disabled completely.

Obviously manufacturers are still figuring out the right security model to use for the connected devices they are making. As almost always the case, there’s a tradeoff between security and ease of use. For now though, I’m enjoying the Internet of Somewhat Insecure Things, and my power trip of being able to control what 50 or 60 people are listening to. Up next I’m thinking some Brittney Spears or maybe Rebecca Black :)

Image for post
Image for post

This post was written by Tim at Previously, Tim was an engineer at NetApp before joining the Josh team where he works on interconnected device control. Tim has a masters degree in Electrical Engineering from CU Boulder, enjoys microbreweries, rides his bike to work, and loves everything outdoors. Did I mention he really likes beer?

Josh is an AI agent for your home. If you’re interested in following us and getting early access to the beta, enter your email at

Like Josh on Facebook —

Follow Josh on Twitter —

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store