1966: Smart Home Security

2025-06-30T19:58:09Z

2600:387:4:803:0:0:0:36: /* Explanation */ similar - voting machines, dehumidifier

{{comic
| number = 1966
| date = March 12, 2018
| title = Smart Home Security
| image = smart_home_security.png
| titletext = If they're getting valuable enough stuff from you, at least the organized crime folks have an incentive to issue regular updates to keep the appliance working after the manufacturer discontinues support.
}}

==Explanation==

With the proliferation of smart appliances in recent years, there is a growing trend of hackers taking over smart "Internet of Things" devices and adding them to {{w|botnets}}. The hardware is then used for DDOS attacks, crypto mining etc. The "{{w|Mirai (malware)|Mirai}}" botnet, for example, made of over 500,000 compromised routers, refrigerators, TVs, DVRs, baby monitors, thermostats, and webcams, was used in October 2016 to take down DynDNS, one of the core infrastructure providers for the internet in North America.

With the constant potential threat, security updates must be constantly published, and vulnerabilities must be found by the original developers and "{{w|White hat (computer security)|white hat}}" hackers (the faceless team of engineers [[Randall]] describes), before they are found and exploited by "{{w|black hat}}" hackers (not to be confused with [[Black Hat]]). At any time, these defenders could step down from their jobs, leaving devices defenseless.

The graph shows the various cases of how well things go on the y-axis, compared to how long it has been owned on the x-axis. The probability of compromise briefly dips (indicative of first rounds of security fix updates & the time window when you can easily exchange the product if you find out it's faulty) within the 1st year, then rises: the older a device/software is, the less likely it is to consistently receive security updates for protection, so they are more likely to be hacked, even in the best case. After 10 years, the device/software is most likely outdated and is not being used anymore. Companies then no longer find it profitable to continually update the product. Thus, they pull the support out, even if people are still using the device, leaving customers vulnerable.

The title text suggests that there may be some silver lining to having your device controlled by organized crime professionals: they have a vested interest in keeping your device working well enough that you keep it plugged in. So, the more organized, pragmatic attackers will actually secure it against competing attackers, especially those of a more prankster-like mindset, who would cause more noticeably malicious changes. Advanced malware in the wild does frequently block and evict competing malware, so Randall is probably right. Some IOT malware may thus provide "regular security update services" after the original manufacturers give up, some at a conceivably acceptable cost of a few cents' worth of electrical usage for a crypto-miner. However, it could very easily go horribly wrong, for instance if that miner is hiding by letting a refrigerator run 2°C higher than its outputs allege and using the energy difference to max out the processor on mining operations.

Similar issues are mentioned in [[463: Voting Machines]], and [[3109: Dehumidifier]].

==Transcript==
:[A graph is shown inside a frame. There is one dotted line going from the middle of the left edge, then dipping slightly before rising slowly at first, then more rapid and finally slowing its ascend down as it nears the top right corner.]

:[Above the frame is the title of the x-axis, and from each end of this text, there is a small line going out and then down, to indicate a time range, which is shown below with four times:]
:How long you've had your smart appliance
:6 months     1 year     5 years     10 years

:[Along the left part of the frame there runs a double arrow and at the top and bottom of these arrows there are legends at the top and bottom of the panels height:]
:Best-case
:Worst-case

:[Inside the panel there is text above the dotted line to the left, and below the dotted line to the right:]
:You're constantly being rescued from peril by a faceless team of engineers who could wander away at any time

:Your appliance is part of a botnet run by organized crime

{{comic discussion}}

[[Category:Line graphs]]
[[Category:Virtual Assistants]]

3109: Dehumidifier

2025-06-30T19:51:49Z

2600:387:4:803:0:0:0:36: /* Explanation */ 1966: Smart Home Security, some of the useful things dehumidifiers can broadcast

{{comic
| number = 3109
| date = June 30, 2025
| title = Dehumidifier
| image = dehumidifier_2x.png
| imagesize = 295x327px
| noexpand = true
| titletext = It's important for devices to have internet connectivity so the manufacturer can patch remote exploits.
}}

==Explanation==
{{incomplete|This page was created WITHOUT INTERNET ACCESS. Don't remove this notice too soon.}}

In this comic, [[Randall]] mocks the recent trend of various appliances, such as stoves or juicers, that do not require an internet connection to work, being connected to the internet. A {{w|dehumidifier}} removes moisture from the air. There are no obvious ways to improve dehumidifier operation without changes to its hardware, so it's unclear what benefit being able to receive updates via the internet would confer. [[Cueball]]'s sarcastic reply underlines the unlikeliness of a situation occurring where an update would be necessary. The implication is that many of these internet-connected devices are examples of over-engineering a solution to do things 'because we can' or because it makes it sound advanced to the customer, rather than because it offers any real added value.

Dehumidifiers can provide information which it would be useful to access remotely. For instance, the level of water in the storage tank, the percent of time the humidifier is paused for deicing, logging the humidity level, and whether the humidity exceeds a certain limit (which could indicate dehumidifier malfunction, or that the dehumidifier is inadequate to the conditions). A local wireless network, like wifi, is a reasonable way to send this information to a user or to other local devices.

However, many devices like this now offer, or even require connections to a special app, or to the internet. They typically connect to servers run by the device's manufacturer. When that server goes away, often the devices stop working.

The title text says that authorized internet access is required to patch remote exploits (i.e. harmful unauthorized access from the internet). If this is the only use case that requires internet access, it would be much simpler to remove the attack vector for remote exploits by not having it connected to the internet in the first place. It is conceivably possible that remote access could be attained with a carefully crafted atmosphere, but seems unlikely. But more particularly, the most likely source of remote access, even given a different case for internet access, would probably be the remote updater itself.

A related device was previously referred to in [[3044: Humidifier Review]], and the issue of possibly considering online protection of devices that (arguably) should not be so easily exploitable was looked at in [[463: Voting Machines]] and [[1966: Smart Home Security]].

==Transcript==
{{incomplete transcript|Don't remove this notice too soon.}}

: [A salesman is showing Cueball a dehumidifier, with a "SALE" label on it.]

: Salesman: This dehumidifier model features built-in WiFi for remote updates.
: Cueball: Great! That will be really useful if they discover a new kind of water.

==Trivia==

Technically, there are many different kinds of liquid water, based on the possible isotopes of hydrogen and oxygen atoms that its molecules are composed of. There are 3 naturally-occurring {{w|isotopes of hydrogen}}, with 6 possible combinations for its two atoms in a water molecule, and 4 naturally-occurring {{w|isotopes of oxygen}}. This gives 6 × 4 = 24 kinds of naturally-occurring water molecules, which could be present in liquid water in any proportions, although 99.7% of all such molecules will be the 'normal' version of water. (The isotopic ratios in "natural" water are relatively stable, so there's very little variation in water found in nature.) There are also synthetic isotopes of each, all radioactive, most having short half-lives. How many of these could be used to constitute water would depend in part on one's definition of whether a molecule of water could be said to have been formed prior to the decay of its constituent atoms. Each isotopically-distinct version of water has very slightly different physical and chemical properties, though the differences are small and the versions hard to separate. There are also 26 known {{w|phases of ice}} (solid water), each of which could be made from any combination of the isotopically-distinct versions of water in any proportions.

{{comic discussion}}<noinclude>

explain xkcd - User contributions [en]

1966: Smart Home Security

3109: Dehumidifier