Skip to main content

Beware: Previous owners of used smart home gadgets may still have access to them

used smart home devices may give previous owners access wink relay 02
If you bought a used convertible sports car in New York about four years ago, you might want to take it back to the dealership to have it remove the previous owners’ access. There’s a chance it belonged to Charles Henderson, Global Head of IBM’s X-Force Red. He traded in the convertible for something more child-friendly, but when he went to use the new car’s app, he realized the convertible was also showing up. “I actually still have access to that car today,” he told Digital Trends. “I can unlock the doors.”

Henderson did a factory reset on the car before he turned it into the dealership, but it didn’t revoke his access. It’s likely the new owner has no idea someone else has access, nor could they block Henderson without the dealer’s help. Though he calls it an industry-wide problem, it’s not just an issue for cars. Many smart-home devices have the same flaw, Henderson said. “They have all these great onboarding tools to get that first owner in, but there’s nothing to get the first owner out and the second owner in,” he said. “They’re not really concerned with the second owner who needs the first owner evicted.”

Charles Henderson can still unlock a car he sold four years ago, via an app.

Let’s say you buy a second-hand smart lock. You perform a factory reset and assume you’re the only one who has access. You fire up the app, connect the lock, and set up a profile. Chances are, you won’t have a screen that shows you who else has access. Even if you do, you’ll still probably have to call the manufacturer to have them remove the former owner.

That’s what happened to Henderson’s researcher, who bought a second-hand smart hub. Though he saw an unfamiliar phone still attached to the hub, he had to call the device maker to have them remove it. The person on the helpline first suggested the researcher do a factory reset — something he’s already tired twice. “They didn’t even know that it doesn’t remove the user,” said Henderson.

The problem becomes even more complicated when you start talking about selling smart homes, houses with tons of devices that used to belong to someone else. Chad Curry, Managing Director at National Association of Realtors’ Center for Realtor Technology, told Digital Trends that a realtor had a home buyer contact her because the smart thermostat that came with the house kept adjusting itself. It turned out the old owner was trying to adjust their new thermostat but was still linked to the old device.

GM new RemoteLink Key Fob Services

In response, the NAR has decided to work with the Online Trust Alliance to create a Smart Home Checklist that walks realtors, sellers, and buyers through the transfer of smart devices. The idea is to get realtors to ask the right questions of homeowners to identify any smart devices, such as, “Is there anything that will remain with the home that is connected to the home that is not a router or modem?”

The NAR is also working on an app that expands on the Smart Home Checklist. If the seller has a smart lock, the app would help find all the other devices associated with that lock, so the buyer would have a list of smart things to reset and revoke access from.

While many people are familiar with what a Nest smart thermostat looks like, not everything is as recognizable. “A smart light switch, it looks like a light switch,” said Henderson. “There’s nothing on it that screams, ‘This is a smart light switch.’” The app would also help home buyers tell if that new keypad lock is smart or just sophisticated.

But while identification is the obvious first step, there’s no clear second step.

“There’s no consistency across the industry with how access is revoked,” said Henderson. When realtors do get a list of devices, “We tend to point people to the websites for the manufacturers when we come across specific devices,” said Curry.

Some devices do have built-in protections, but it often takes more than a factory reset or a user unlinking the device from their account. A factory reset on a Wink Hub 2, for example, wipes the data, while a user removing it from their app unlinks from the account, but all the devices connected to the hub remain in its database, though without the user information. “If a Wink Hub was not removed by a previous owner from their account, the new owner wouldn’t be able to connect it to theirs, hence they’d never be able to see the previous owner’s devices or user profile,” Patrick Mahoney, the company’s communications director, told us.

To make things easier for users, and to ensure that they know whether a previous owner has access, Henderson suggests IoT and smart-home device manufacturers look to the mobile phone industry, which instituted a standard for what device reset means. That helped people feel secure selling their old phones without worrying the new owner would have access to their photos and contacts.

The smart-home industry isn’t there yet, said Henderson. “Right now we just sort of hope for the best and wish consumers luck when it comes to removing data or removing access.”

Editors' Recommendations

Samsung reveals futuristic new smart home appliances for CES 2023
A person using the new Bespoke fridge touchscreen.

The first day of CES 2023 is right around the corner, but Samsung isn't waiting to introduce the world to its new lineup of smart home appliances. Specifically, the Bespoke lineup is now on full display, with new smart refrigerators, smart ovens, and smart washers making an appearance.

Samsung’s Bespoke lineup has long been a premium choice for smart home shoppers -- and that trend looks to continue throughout this year. One of the biggest upgrades is for the Bespoke 4-Door Flex Refrigerator with Family Hub+, which now offers a massive 32-inch touchscreen (up from a 21.5-inch display) that’s embedded directly into its glass panel door. The screen will support the new Family Hub software, allowing you to stream your favorite shows, share photos, or check the status of connected devices.

Read more
The truth about outdoor smart home gadgets and extreme cold
House buried in snow by blizzard.

Electronics and smart home gadgets bring convenience and automation to your home and often need minimal maintenance, save for the odd firmware update -- that is, unless you live in a place that gets an actual winter. While most shoppers are eager to set up and play with their new toys, they mainly worry about getting it with that luxurious same-day shipping and don’t think ahead to how that new device will operate when the weather turns harsh. The truth is, if you live somewhere it gets bitterly, extremely cold, your smart devices like wireless cameras, lights, and other components will likely stop working.
Pay attention to temperature range
When shopping for an outdoor device, we usually pay attention to the IP rating. Many people see this number and assume it means their gadget is impervious to any kind of weather. That might be true to some extent, but the IP rating doesn't extend to extreme heat or extreme cold. IP ratings only rate for water and/or dust ingression, not for how effectively cold or heat can penetrate. To know how a device might be able to withstand cold winters or hot summers, you need to check the temperature operating range.

Most outdoor devices will provide this operating range somewhere in the specs. If you don't see them, that's a bit of a red flag. It might be worth reaching out to customer service or checking user reviews to see how they’ve held up for others in real-world conditions.

Read more
The Arlo Go 2 can go beyond Wi-Fi, and that’s really cool
Arlo Go 2

I've reviewed a lot of security cameras over the years, but I've never gotten my hands on an Arlo. When the company offered the Arlo Go 2 for a review, I jumped at the chance. After all, Arlo comes with a stellar reputation and a lot of awesome features, and the Go 2 sets itself apart even further by working off an LTE network instead of just Wi-Fi. That, combined with impressive battery life, makes it ideal for monitoring areas of the home that might not have the greatest connection to the router -- a gap that few current cameras address.

That's its main draw, but the Arlo Go 2 does a lot of other things right. I've had it for a few weeks now, and I'm quite impressed with this little camera.
The Arlo Go 2 has a whopping 13,000mAh battery. Arlo says the battery should provide eight months of life if used on Wi-Fi, or about two and a half over LTE. The good news is that it also comes with a charging cable, and it's easy to snap the camera out of its socket and charge it.

Read more