Beware: Previous owners of used smart home gadgets may still have access to them

used smart home devices may give previous owners access wink relay 02
If you bought a used convertible sports car in New York about four years ago, you might want to take it back to the dealership to have it remove the previous owners’ access. There’s a chance it belonged to Charles Henderson, Global Head of IBM’s X-Force Red. He traded in the convertible for something more child-friendly, but when he went to use the new car’s app, he realized the convertible was also showing up. “I actually still have access to that car today,” he told Digital Trends. “I can unlock the doors.”

Henderson did a factory reset on the car before he turned it into the dealership, but it didn’t revoke his access. It’s likely the new owner has no idea someone else has access, nor could they block Henderson without the dealer’s help. Though he calls it an industry-wide problem, it’s not just an issue for cars. Many smart-home devices have the same flaw, Henderson said. “They have all these great onboarding tools to get that first owner in, but there’s nothing to get the first owner out and the second owner in,” he said. “They’re not really concerned with the second owner who needs the first owner evicted.”

Charles Henderson can still unlock a car he sold four years ago, via an app.

Let’s say you buy a second-hand smart lock. You perform a factory reset and assume you’re the only one who has access. You fire up the app, connect the lock, and set up a profile. Chances are, you won’t have a screen that shows you who else has access. Even if you do, you’ll still probably have to call the manufacturer to have them remove the former owner.

That’s what happened to Henderson’s researcher, who bought a second-hand smart hub. Though he saw an unfamiliar phone still attached to the hub, he had to call the device maker to have them remove it. The person on the helpline first suggested the researcher do a factory reset — something he’s already tired twice. “They didn’t even know that it doesn’t remove the user,” said Henderson.

The problem becomes even more complicated when you start talking about selling smart homes, houses with tons of devices that used to belong to someone else. Chad Curry, Managing Director at National Association of Realtors’ Center for Realtor Technology, told Digital Trends that a realtor had a home buyer contact her because the smart thermostat that came with the house kept adjusting itself. It turned out the old owner was trying to adjust their new thermostat but was still linked to the old device.

GM new RemoteLink Key Fob Services

In response, the NAR has decided to work with the Online Trust Alliance to create a Smart Home Checklist that walks realtors, sellers, and buyers through the transfer of smart devices. The idea is to get realtors to ask the right questions of homeowners to identify any smart devices, such as, “Is there anything that will remain with the home that is connected to the home that is not a router or modem?”

The NAR is also working on an app that expands on the Smart Home Checklist. If the seller has a smart lock, the app would help find all the other devices associated with that lock, so the buyer would have a list of smart things to reset and revoke access from.

While many people are familiar with what a Nest smart thermostat looks like, not everything is as recognizable. “A smart light switch, it looks like a light switch,” said Henderson. “There’s nothing on it that screams, ‘This is a smart light switch.’” The app would also help home buyers tell if that new keypad lock is smart or just sophisticated.

But while identification is the obvious first step, there’s no clear second step.

“There’s no consistency across the industry with how access is revoked,” said Henderson. When realtors do get a list of devices, “We tend to point people to the websites for the manufacturers when we come across specific devices,” said Curry.

Some devices do have built-in protections, but it often takes more than a factory reset or a user unlinking the device from their account. A factory reset on a Wink Hub 2, for example, wipes the data, while a user removing it from their app unlinks from the account, but all the devices connected to the hub remain in its database, though without the user information. “If a Wink Hub was not removed by a previous owner from their account, the new owner wouldn’t be able to connect it to theirs, hence they’d never be able to see the previous owner’s devices or user profile,” Patrick Mahoney, the company’s communications director, told us.

To make things easier for users, and to ensure that they know whether a previous owner has access, Henderson suggests IoT and smart-home device manufacturers look to the mobile phone industry, which instituted a standard for what device reset means. That helped people feel secure selling their old phones without worrying the new owner would have access to their photos and contacts.

The smart-home industry isn’t there yet, said Henderson. “Right now we just sort of hope for the best and wish consumers luck when it comes to removing data or removing access.”

Product Review

Kwikset Kevo Contemporary review

Tired of carrying around keys? Make keyless entry so easy that all you have to do is have your phone nearby to open the door. It’s a little pricey, but sleek lines and simple features make the Kwikset Kevo Contemporary a great choice for…
Smart Home

Want a smarter home? Ditch the keys with these great smart locks

A good smart lock should offer a combination of security and convenience. Fortunately, these devices keep your home protected, your family safe, and your belongings secure from possible intruders.
Product Review

Gate’s Smart Lock is locked and loaded but ultimately lacks important basics

In a world of video cameras and doorbells comes the Gate Smart Lock, a lock with a video camera embedded. It’s a great idea, but lacks some crucial functionality to make it a top-notch product.
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they accumulate files and misconfigure settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Smart Home

Ring security camera catches man licking the doorbell for hours

A family in Salinas, California had their Ring camera capture something pretty unexpected: a man licking the doorbell outside of their home for more than three hours. The incident took place around 5:00 a.m.
Smart Home

GHSP makes a (back)splash with its touchscreen concept kitchen

One of the coolest concept kitchens from CES 2019 came from GHSP. It created a backsplash entirely made of touchscreens. That means the control panel for your kitchen is accessible no matter where you are.
Health & Fitness

In search of the fountain of youth, beauty companies turn to tech

Beauty tech is a fairly new concept, but at CES 2019, companies such as Olay, L’Oreal, and Neutrogena were fully embracing it with all kinds of gadgets that promise to give you glowing skin.
Smart Home

Airbnb says sorry to guest for how it dealt with undisclosed security camera

An Airbnb guest recently found a surveillance camera in his rental apartment that hadn't been properly disclosed in the listing. The firm admits its initial response to the guest's complaint was poor, but has since made amends.
Smart Home

Thinking of buying an Instant Pot? Here's what you need to know

The Instant Pot is a powerful kitchen appliance that does everything from pressure cook to to slow cook to steam. Heck, you can even make yogurt in it. Here's all you need to know about the magic device.
Smart Home

The best sous vide machines cook your food perfectly, every single time

Want to make four-star meals from the comforts of your own kitchen? Here are the best sous vide machines available right now, whether you prefer simple immersion circulators or something more complex.
Smart Home

Busted: Facebook Portal gets 5-star reviews from company employees

It's fair to say that Facebook's Portal smart display received a tepid response at launch, so it was something of a surprise to see lots of glowing reviews of the device on Amazon. Turns out some were written by Facebook workers.
Smart Home

Idaho mother says her child’s light-up sippy cup exploded

After a mother filled a Nuby insulated light-up cup with milk, the cup allegedly exploded. The incident caused burns to the mother's hand and face and a stinging sensation in her lungs that required a trip to the hospital.
Smart Home

Project Alias is a ‘smart parasite’ that stops smart speakers from listening

Two designers chose to do something about nosy smart speakers. The result is Project Alias, a "smart parasite" that whispers nonsense to Google Home and Alexa until it hears a specific wake word.
Smart Home

DS3 Clean water-free swatches could be the future of cleaning products

DS3 Clean swatches were on display at CES 2019. The small swatches come in several types, including shampoo and toilet cleaner. They're great for travel, but their real impact is in how such supplies will be shipped and stored.