Why WiFi is a Bad Idea for IoT

IoT and Smart Home are two trends that do not need to be explained today. The proof I've found in the recent Time Magazine (May 5th, 2014): Tony Fadell made it to the 100 most influential people. And now almost everybody wants to back these trends, making the ordinary things in our life smart and connected.

Suppose you are an appliance manufacturer and you want to launch a "Smart / Connected" line of products. What communication protocol would you select? There is plethora of them but there are two most likely candidates: WiFi and Bluetooth. The reason is they are the only two on board every smart phone, meaning a phone can connect directly to a WiFi or Bluetooth appliance an control it. All other protocols require an extra gateway in the middle. A gateway translates protocols (for example Philips Hue bulbs use ZigBee and they come with a bundled ZigBee gateway). But gateways add complexity and if you are a water kettle or a coffee machine or a door lock manufacturer, a gateway is an added cost with no added value. That is why your first choice would be WiFi or Bluetooth.

But WiFi is a bad idea for many reasons (I will be discussing them here down the road). The first and foremost reason you should not select WiFi to connect your appliances is security. Or problems with it. It all started back in 2008. Jura released F90 - the first Internet - connected coffee machine (with a price tag of $2000 - ouch!). And soon after they had to withdraw the connectivity kit option from the market. Craig Wright, a risk advisory services manager at professional services firm BDO, found several security holes, including a buffer overflow. Jura (or the subcontractor who designed the connectivity module) was unable to fix them. System administrators put the F90 on their black lists. No more connected coffee.

The risks demonstrated with the F90 are even higher today. How often do you upgrade the firmware in every kettle, coffee maker, door lock or a light bulb? Certainly not often enough to be sure the latest vulnerabilities, like the Heartbleed do not remain unpatched. Each unpatched appliance becomes a security hole drilled straight to your home or office, bypassing the most sophisticated firewalls you might have.

As a user you simply have to keep your smart things out of your network. As a manufacturer you cannot force your customers to create security holes in their networks by connecting your products. As a rule of thumb, the IoT devices should be on a separate network, not on the same you connect your NAS servers, your laptops, your printers. As a manufacturer you have to select a communication protocol that does not expose users to security issues, at least does not compromise the security of their existing network setup. And as a manufacturer you have to select a protocol that is most widely adopted and simplest to set up. Which leaves us with just one choice: Bluetooth Smart.