Wink Lookout review: Do you want total control of your home security system?

As one of the more popular smarthome hubs, it makes sense that Wink recently got involved with home security by introducing its $ 199 Wink Lookout bundle aimed at first-time buyers. The bundle includes a siren, some sensors and a Wink hub.

Even those of us — like me — who already have a Wink hub can add some of the individual security components of Lookout, which are available separately.

This two-pronged strategy is a smart play by Wink but the question is: How well does Wink Lookout work? That’s a trickier question to answer because it depends on how you expect a self-monitoring home security system to behave. More on that later.

A modular system that includes a smart home hub

So what do you get for $ 199 in the Wink Lookout package? There’s a standard Wink Hub 2, a pair of Z-Wave door/window sensors, one Z-Wave motion sensor and one Z-Wave siren/chime module. All of these can be attached walls, doors and windows with included screws, or can be mounted with double-sided tape, also included. Additional motion sensors or siren/chime units are $ 39 each while another door/window sensor costs $ 29, so you can build out your system as needed.

I love the design of the motion sensor. I call it the eyeball because that’s what it looks like, and it blinks a pleasing blue when it sees movement in its 110-degree field of view. The sensor attaches magnetically to its rounded base plate so you can easily adjust the angle. And there’s also a flat spot on the sensor back so you can stand it on the floor, a shelf or table if you’d like. In the Wink app, you have five different sensitivity settings for the motion sensor; helpful if you have pets.

The siren/chime module also looks nice but how it sounds is more important. There are three volume levels for both the siren and the chime function and you can choose from 10 different siren alert sounds. I found that automating the chime with a Wink Robot is useful: Play a pleasant sound when someone opens the front door or garage for example. The siren is really meant for a different purpose, but again, more on that in a minute. At the highest volume level though, you don’t want to be standing next to it.

Easy installation

Lookout devices (click to enlarge)

Installation for the base products was generally easy although I used my own Wink Hub 2 to set things up. I did have a few struggles pairing the motion sensor and siren/chime until I remembered that I typically have to get very close to my hub when pairing Z-Wave devices. Once I did that, the pairing was successful. For folks without a Wink Hub, the products come pre-paired so you don’t have to go through this step, which is a nice touch.

Note that other supported Wink products can feed into Lookout as well: I was able to add my Nest Camera for motion detection as well as my Z-Wave front door lock to the Lookout system.

This is a huge benefit for those with existing smart home products, although I’d caution you before using a webcam, as any detected movement will set the system off: Again, a challenge if you have pets.

A modern twist on home security

Lookout actions (click to enlarge)

Once I had everything paired and connected, I started to scratch my head a little. Wink says that Lookout provides actionable alerts and control. And it pretty much does exactly that because there’s no traditional arm/disarm feature. Instead, in the Wink app, there’s an Alerts On or Alerts Off button. That doesn’t stop the sensors from monitoring, it simply stops sending you notifications from them.

The idea here is that whenever Lookout detects motion or sees that a door or window is open, it will send a notification to your phone. Tap the notification and your phone will open the Wink app where you can choose to dismiss the alert or take action. If you choose the latter, you get another in-app screen with three options: Turn siren on, Call someone in your contacts list or Call 911. Essentially Lookout works as advertised in this regard.

Is that how you want your home security system to work though? There’s no right answer here and for some folks, particularly those that live alone, Lookout should be a perfect fit. I’m not so sure about how it fits me, however.

Your smartphone is the control panel

Since the entire system is smartphone based, I’d need to add my wife, son and daughter as users to my Wink account. That’s not difficult to do, and I probably should have done so a while ago. But I also have to convince my family to then install the Wink app and use it as the “security control panel” for the house.

They’re not likely going to do that: It’s taken me two years just to get them to use the multiple Amazon Echo devices in the house to turn lights on and off. In fact, because they use voice control for the lights, they’re less likely to use the Wink app for the same feature. But if they don’t use the Wink app, how will they know when the Lookout Alerts are on or off?

A perfect example is me going to bed and turning Alerts On. My son often works late shifts nearby and sometimes he drives back to his mom’s house after work. Occasionally, he drives to my house because it’s closer and he’s tired. I can easily envision the entire house woken up by the Siren when he comes in at 1am. Of course, you don’t have automate the Siren like I did in my testing. You can simply be woken by the Alert notification and decide what to do next.

Unfortunately — and maybe it’s just me, although I doubt it — I turn my phone’s Do Not Disturb (DND) function on before going to sleep. And that means I won’t get the alert if my son, or a random stranger, comes in. I suspect most people in that regard are like me, either manually enabling DND or scheduling it during sleep hours: The time you most want your home monitored for any break-ins.

The system works, but will it work the way you want it to?

Again, Wink Lookout works as advertised and it’s very possible that my use case is uniquely different than most other peoples. However, I think there’s a missing piece here for a more appealing product: Some type of connected keypad with a 10 second delay so you can get in the house and disarm the system, or even an NFC swipe tag and reader to accomplish the same thing.

Regardless of my own home, if you’re looking for an inexpensive smart home security system that provides you with total actionable control, Wink Lookout is worth the look. There’s no monthly service fee and the sensors work well at detecting motion and creating notification alerts. And there’s the added bonus of being able to build out your smarthome system with all of the other Wink-supported products, so in some regards, this is a nice two-for-one kit.

Stacey on IoT | Internet of Things news and analysis

Wiliot harvests energy to make beacons without batteries

The Wiliot tag is small, but contains many components.

A few weeks ago I harped on the lack of new energy harvesting technologies because I am a big believer that having to change batteries or hard-wire every connected sensor out there will severely limit the spread of the internet of things. So I was so excited to learn about Wiliot, an Israeli company that is building location beacons that don’t require a battery.

Wiliot is a semiconductor company that harvests energy from wireless signals to power a Bluetooth tag. The tag contains a Bluetooth radio, a tiny brain (it’s an ARM M-0 processor) and sensors. The entire package should cost less than a $ 1 and find its way into physical goods so they can be tracked or so people can interact with them.

The startup was formed in January and has since raised $ 19 million from investors that include Qualcomm and Merck. Steve Statler, VP of marketing and business development at Wiliot, says the company has signed pilot projects with companies in the asset tracking and packaged goods sector to test the tag in the second half of next year. The actual tag will be available in 2019.

This is a long-term bet on passive Bluetooth as a replacement for RFID or as a new way to connect products to consumers. In a manufacturing setting, companies currently use RFID to scan parts or materials at various points in the manufacturing process so the plant managers know how production is going. With passive Bluetooth tags, each product could communicate with a hub on the floor to broadcast its location and state.

Statler says he’s working with an automotive parts company to implement such a project. These passive Bluetooth tags would also be handy in hospitals where companies like Cassia are trying to use Bluetooth beacons to track important (and expensive) equipment. Use of the tags replaces battery-powered beacons that cost more and require someone to change the batteries.

In packaged goods, the big opportunity is in connecting consumers with product companies and assuring that a particular product is authentic. Statler expects lower-cost passive Bluetooth tags could be embedded in products like the lid on your prescription drug bottle or even your expensive anti-aging cream the data from that tag communicates its authenticity to an app. In medicine it could also be used to determine if a person is adhering to the drug regime.

For consumer packaged goods, the Bluetooth sensor tag might convey information to the product maker about how often someone uses the product, if it is being stored properly and even let them know if it is about to run out. As a consumer I’m somewhat creeped out about my mascara telling Clinique to ramp up production because my tube is almost empty, but I can see why it would be exciting to companies. And I would like to know if my expensive skin products were exposed to formula-ruining heat or were counterfeit.

The competition to Wiliot in these use cases are RFID tags, QR Codes (on packages goods) or high cost of anti-counterfeiting devices.

Wiliot is not the only company trying to break through with wireless energy harvesting or some kind of passive “smart tag.”  Psikick is another such company building energy harvesting radios and sensors. Neither of these companies are using wireless power, which is actually a different type of wireless energy harvesting that requires a greater power output.

So Wiliot isn’t alone in its effort, and we won’t see a sensor tag until 2019 for general use, but it’s certainly a product that brings the internet of things to humdrum reality.

Stacey on IoT | Internet of Things news and analysis

Who’s in charge of securing the internet of things?

So many acronyms to tell people “Security is not my responsibility!” Chart sourced from Forescout’s report.

This week several reports came out designed to strike terror into the hearts of companies using connected devices. Yes,  these reports were sponsored by security vendors. Amidst some of the terrifying data points and an amusing chart that claims that business leaders aren’t worried enough about IoT security, there was one worthwhile point.

In many cases enterprise respondents said there is real confusion about who is responsible for securing the internet of things. That may be because IoT is just a fancy way of describing devices connected to your network, and traditionally some of those devices were not part of IT’s domain, but it’s also a organizational question we should be talking about.

Not only should enterprises ask this question, but every single player in the connected device ecosystem needs to ask this. It does no good if the CISO, the CIO, or the plant IT manager has taken over the responsibility of securing an organization’s network if the vendors have fallen down on the job. Or if their vendors’ vendors have.

The medical device industry is an excellent example of this failure of take responsibility for security at several stages. Let’s say a hospital has a competent CISO and can convince the medical equipment purchasing committee that security matters enough to factor hugely into the purchase of an infusion pump (this is a big if because doctors and nurses typically have a lot more say in these decisions and their concerns may be different).

But the CISO’s best efforts can easily be stymied by the vendors who might include old versions of Windows as the OS inside their machines or fail to encrypt patient data inside the pump (both are actual vulnerabilities that have been discovered). These vendors may blame the FDA or their own vendors for failing to secure their devices. They may also cite costs. In some cases companies that build physical products or offer cloud services may have their own outside vendors that contract work out to others. And those vendors aren’t always secure.

These supply-chain vulnerabilities have come back to haunt movie studios recently, as well as companies relying on silicon that’s running compromised firmware. So the question of who should ultimately be responsible is a good one, but a complex one. While I believe that everyone is experiencing a huge wakeup call associated with device security at the moment, the long time to develop a product  combined with the long life cycle of these devices can mean that we’re still 10 to 15 years out from having more secure devices in places like hospitals or factories.

And so when I read in a survey commissioned by Forescout that 59% of IT executives are willing to accept medium to high risk in relation to IoT security compliance because they seem to feel powerless to do anything else, I get it. They must feel like the lone hero in a movie when an entire alien civilization is about to attack. Only in the real world, there’s no strategically placed nuclear bomb or deus ex machina in place to save the day.

So what to do? I think everyone should be trying to take and apportion out responsibility for security around connected devices and services. And after that, there are some basic steps to take.

Your organization has to establish a baseline practice for security hygiene. This includes training employees about phishing, good passwords, not plugging in foreign USBs, encrypting data, thinking carefully about what data should be stored and evaluating the security of the place where it is stored. More suggestions can be found here.

Second, push your vendors to provide security by signaling that it matters. This may mean educating purchase committees and it most definitely means paying for security. As for the results of security audits, ask how long they plan to support software for the device and how many times a year you can expect security updates.

Third, monitor your networks and understand your risks. This is where the security vendors are right. You will need some of their products, although I’m not sure the security budget has to scale in a one to one ratio like the device budget. Companies that track network data, behavior of devices on your network and after data leaves your network are good. Another company whose approach feels useful is a startup called ShiftLeft.

The company deploys an agent on your production network and then instructs the agent to enact an attack. The agent goes through the steps of the attack documenting where it can attack and how it succeeds. Since this is an agent, no real harm is done, but it provides a trail of data that shows where an organization is vulnerable. That seems worth knowing and running as the threat surface gets larger because of more connected devices.

Finally, have a plan in place for vulnerabilities or problems before they happen. Obviously a company can’t plan for every potential vulnerability or attack, but having a plan to deal with a software vulnerability, a data breach, or a hack that threatens the physical integrity of a hospital or plant, seems like the bare minimum. It’s exactly like prepping for a fire by having an evacuation and safety plan in place.

As more of our physical infrastructure is tied to IT networks and the internet, the concept of fire drills for software breaches may not be so far fetched.

Stacey on IoT | Internet of Things news and analysis

IoT News of the week for Nov. 10, 2017 is really into IoT: First the entertainer’s investment firm bought the Wink smart home hub and now his company raised $ 117 million to build Omega, an enterprise voice platform. The startup’s first customer is Deutsche Telekom, which is using the Omega platform to offer customer support via an online chatbot. It appears that is comparing Omega to Siri or Amazon’s Alexa in press reports, but he also says that Omega will add a voice platform soon. So I’m not sure if this is really more like an Alexa effort or more like the dozens of startups building old-school interactive voice response software. (Fortune)

Logitech backtracks after bricking boxes: This week Logitech sent an email to customers telling them that on March 16, 2018 buyers of the Logitech Link box would see their devices stop working. It offered no explanation but it did provide a 35% discount on a newer Logitech hub. Customers were incensed and Logitech has since backtracked, telling the affected buyers that they will get a replacement Harmony hub instead. Logitech explained that it was going to brick the device because of an expiring security certificate. Bad PR aside, this sort of thing is going to continue happening and manufacturers would be wise to create some type of expiration date or service support agreement for buyers of connected products. (The VergeArs Technica)

Google wants to patent unique chimes: Google has filed for a patent on a series of unique notification noises for people, zones and events that could signal when events or actions have taken place. This sounds perfect for the Google Home so I can tell the difference between needing to head out the door earlier because of traffic and a notice for my daughter telling her that her egg timer is done. (The Spoon)

Fancy a fat report on business transformation? I love my OECD reports on various topics and this deep dive into the effects of technology, rising labor rates and demographic changes on global supply chains is worth checking out. Yes, it offers a take on how IoT will impact manufacturing, but it’s also an admission that between tech and some structural changes in labor costs, the future of manufacturing is murky at best.  (OECD)

Let’s encrypt data in memory! When discussing security for connected devices we’ve come a long way. Most firms know they need to encrypt data during transport across a network and “at rest” when it’s stored in the cloud. But every time the data needs to be used it has to be decrypted. That decryption happens in memory on a computer, and the idea of secure elements made popular on mobile phones and some connected devices is now moving to the cloud. Fortanix is a startup that has built software to take advantage of the secure enclave on Intel’s SGX chip to ensure that bad actors can’t get into the data during the encryption stage. (Data Center Knowledge)

There’s an easier way to program robots: I’m obsessed with figuring out how to redesign programming to make it easier and less glitch prone. It’s too abstract at the moment to trust our most complicated environments to and too difficult to do well, making it hard to find new programmers. That’s why this startup training robots by showing them physical movements in VR caught my eye. It’s such an obvious way to program a robot to do something humans currently do. (MIT Technology Review)

Do we want virtual testing? Last week SAP held an industry conference for its IoT business in the U.S. At the event, customers shared how they were implementing machine learning, using 3D printing and touted their business transformation stories. But at the event, an SAP executive sat down with a reporter to discuss the factory of the future. She discussed the ability to remotely monitor production so closely that remote inspections and virtual testing might be possible. I am not sure if a digital twin should be the only testing a product gets, but I was relieved to hear something outside of predictive maintenance. (Network World)

A setback for self-driving cars: No, it’s not the minor traffic accident that the autonomous Las Vegas bus got into on its first day. This article discusses the Trump administration’s decision to set aside the requirement for vehicle-to-vehicle communications in cars. The first stage of the V2V and vehicle-to-infrastructure technology was supposed to get into cars this year. The idea was to use cellular or Wi-Fi signals to let cars exchange information on the road and with the roads to improve safety and traffic. The car industry blames the tech firms who are worried about the issue of valuable spectrum as the reason for the refusal to implement the technology. Now, it’s unclear what will happen and when. (USA Today)

Should Amazon buy IFTTT? My colleague Kevin Tofel thinks so. Go read it and give him your thoughts over at StaceyonIoT.

Want to sponsor this newsletter and my IoT Podcast? Click here to request a media kit.

Stacey on IoT | Internet of Things news and analysis

There’s a good case for Amazon to buy IFTTT: Data and a smarter platform

With the Amazon Echo Plus now available, Amazon finally has a hub of its own for the smart home. I’m still convinced the Echo Plus is really meant for folks that don’t already have a hub controlling devices in their house, mainly because Amazon opted not to include a Z-Wave radio in the hub. Folks who already have smart home hubs likely already have some Z-Wave products; my front door lock uses Z-Wave for example, as does the Go Control garage door sensor I recently purchased (stay tuned for the review on that).

Those of us with smart home hubs are also already likely familiar with IFTTT, the service that lets you easily create “recipes” for automating devices, communications and data. But folks who buy an Echo Plus as their first smart home hub probably haven’t heard of IFTTT. And that got me thinking: Perhaps Amazon buying IFTTT would be the perfect FIT, er…. fit.

Last I checked, much of IFTTT back end already runs on Amazon Web Services, so there wouldn’t be a large technical effort or change if such a deal were to happen. Here’s a diagram from the IFTTT engineering team back in 2015 illustrating all of the moving parts.

The thing is, Amazon today doesn’t get any of the data out of IFTTT’s AWS usage. At least not that I can tell from reading the AWS Data Privacy site, which says,”Customers maintain ownership of their customer content and select which AWS services process, store and host their customer content. We do not access or use customer content for any purpose other than as legally required and for maintaining the AWS services and providing them to our customers and their end users. We never use customer content or derive information from it for marketing or advertising.”

So any potential deal would provide Amazon ownership of the IFTTT data that’s flowing to connected devices, services, and notifications. That helps Amazon understand which “things” its customers are connecting.This could provide opportunities for Amazon to sell hardware or products that can assist with its customer’s home automation goals. Do we, as customers of IFTTT necessarily want that? Obviously, that’s debatable but for now I’m removing my “consumer” hat to think about this scenario.

And if I’m really doing that, I’m going to with a thought that the consumer me really doesn’t like, but here it goes: With a purchase of IFTTT, Amazon could make the service exclusive to its own devices. Again, that’s not something I’d want to hear as an IFTTT user but let’s think about it from Amazon’s standpoint.

This exclusivity could be the true third pillar of Amazon’s Echo plans as a platform, the first being Alexa Voice Services and the second being Alexa Skills. With a simple-for-the-masses tool to create unique automations, Amazon would have a powerful smart home ecosystem for both developers and everyday consumers. And that could be a huge advantage compared to Amazon’s rivals.

Would it be feasible for Amazon to purchase IFTTT from a financial standpoint? Absolutely. IFTTT has raised $ 33.8 million to date, and if the investors wanted a 10x return, as an example, it would only cost Amazon $ 338 million for the purchase. Amazon ended its last financial quarter with $ 12.8 billion in cash and cash equivalents, so the investment wouldn’t be held back by the balance sheet.

I’m betting someone buys IFTTT at some point, although the company could always go public before that happens. Regardless, Amazon would be well served to grab IFTTT before a competitor does, helping to keep building up on the momentum Amazon has in our smart homes.


Stacey on IoT | Internet of Things news and analysis