“Smart” garage door opener manufacturer remotely disables customer’s equipment over dispute

Brave New World, indeed. One of the drawbacks to the Internet of Things (IoT), enabling devices to communicate with other devices, is that connected devices could be compromised and controlled by folks with nefarious motives.

But what if that nefarious actor was the device’s manufacturer reacting poorly to a customer’s negative review?

According to the investigative reporting of Sean Gallagher, writing for Ars Technica, the scenario described above is exactly what happened to a disgruntled purchaser of one of SoftComplex’s Garadget smart garage door opener products:

Denis Grisak, the man behind the Internet-connected garage opener Garadget, is having a very bad week. Grisak and his Colorado-based company SoftComplex launched Garadget, a device built using Wi-Fi based cloud connectivity from Particle, on Indiegogo earlier this year, hitting 209 percent of his launch goal in February. But this week, his response to an unhappy customer has gotten Garadget a totally different sort of attention.

On April 1, a customer who purchased Garadget on Amazon using the name R. Martin reported problems with the iPhone application that controls Garadget.

That customer left an angry comment on the Garadget message boards. When the manufacturer failed to respond to the customer’s comment, said customer then posted a 1-star review of the product on Amazon.

Grisak’s response was to remotely disable the customer’s product, and then to publicly reply to the customer’s message board posting with the following:

The abusive language here and in your negative Amazon review, submitted minutes after experiencing a technical difficulty, only demonstrates your poor impulse control. I’m happy to provide the technical support to the customers on my Saturday night but I’m not going to tolerate any tantrums.

At this time your only option is return Garadget to Amazon for refund. Your unit ID 2f0036… will be denied server connection.

Continue reading the Ars Technica article for more info on the fallout from Grisak’s ill-advised PR disaster.

What’s the Point?

As my old friend and former roommate Tony used to say, “you get the good with the bad.” The Internet of Things (IoT) promises so much improvement for our daily lives, but with all that goodness comes the opportunity for devices in our home or workplace to be taken over by others with malicious intent.

At least that is one of the fears that security experts have espoused.

Another issue with the “smartification” (my own term) of regular devices, like garage door openers, is that a manufacturer can remotely prevent a user from using their own device. In the software industry, the standard language in most end-user licensing agreements (the dreaded EULA) was changed over the years so that customers were no longer buying software, but instead being permitted to use that software.

In other words, paying for something grants you the privilege of being able to use that thing, but not necessarily the right.

End-user licensing agreements for IoT-enabled devices could empower manufacturers to punitively remove access to a device in the event of a dispute.

Something to think about…


garage_door_not_opening_large

Image courtesy GarageDoorCare.com