Balancing Value & Complexity: Q&A on the Internet of Things with Don Pancoe
8 Mar 2017
When you think “revolutionary,” an air conditioner is probably not the first thing that comes to mind – but Noria is just that. As part of the growing trend of IoT (internet of things) home devices, Noria has to balance consumer safety with convenience. Noria features innovative controls and an app for Android or iOS. Once you’ve installed the app, you can make energy-saving schedules while on the go, ensuring that the house is nice and cool before you get home. Last year, Noria raised over $2 million on Kickstarter and Indiegogo.
We chatted with Don Pancoe, the Director of Connected Services at Noria, about how his company is tackling IoT security and what he sees as the future of smart tech.
What was your motivation for building Noria?
Noria co-founder and CEO Kurt Swanson, a mechanical engineer with air flow and thermal management experience, wanted to see how small a cooling product could get. The window air conditioner seemed like a sizable market that was ripe for innovation. While the analogies feel a bit cliche, it is very much like how Nest disrupted the thermostat market or Dyson disrupted the vacuum cleaner market, both of which were pretty staid and mature before those innovations.
How does Noria work?
Noria isn’t radically different in a technology sense from window air conditioners already on the market, but nearly every component has been carefully redesigned to get it into our compact, ergonomic, and aesthetic form factor. We targeted specific pain-points of window air conditioner use, such as difficulty in installation and storage, that even other premium air conditioner designs were not addressing.
Why was it so important to build an air conditioner with smart controls?
While many “smart” or “connected” products seem to add features of questionable value just because they can, Noria users can see immediate and recognizable benefit in terms of improved comfort versus reduced utility costs.
Traditional air conditioners, even those with electronic controls, offer more modes and settings than the user really understands or wants to deal with. Our front-panel controls require the user to only worry about a single parameter: what temperature do I want it to be? If the user wants more sophisticated control such as creating or editing a schedule, those features are accessible through the app.
Back in 2015, a group of hackers exploited a vulnerability in a smart refrigerator to steal users’ Gmail passwords. What security challenges did you face in building smart controls into Noria?
While data from a user’s air conditioner isn’t as sensitive as financial transactions or medical records, we still aim to keep that information as confidential as possible, since you can never foresee how it might be exploited.
As such, we have three main security goals: first, that Noria products cannot be operated in an unsafe manner, whether accidentally or deliberately; second, that Noria products cannot allow unauthorized access to users’ networks, accounts, or other devices; and third, that a Noria product cannot be hijacked for purposes other than its intended use.
How did you overcome those security challenges?
We are constantly reviewing all of our designs and practices, but there are a few key issues we have already taken into account. Our units will ship from the factory with the WiFi disabled by default, so that units that are never used in conjunction with an app can’t be turned into a zombie army. And the onboard WiFi module will act as both TLS (https://) client and server, so that all communications between the app and Noria, or between Noria and the Cloud, are end-to-end encrypted. WPA2 authentication/encryption will be required for connection to the users’ home WiFi, and invalid or blank credentials will eventually disable the WiFi chip.
Tech companies are starting to realize that as their products get smarter, fraudsters are getting smarter, too. What changes will tech companies have to undergo in order to make their smart products safer?
I think that every tech-enabled feature has to be evaluated in terms of value provided to the user versus added complexity, loss of reliability, vulnerability etc. Users might accept some small level of risk in return for certain high-value features, but low-value / high-risk features should be avoided regardless of any seeming whiz-bang appeal.
What do you see as the future of smart tech?
Although it has been going on for a while, I feel the IoT is still largely in the hype phase or the “how can I get some of that into my product?” phase. As the value of certain smart features/products fails to be proven in the marketplace, they will eventually fade from the public eye. However, products that clearly benefit from smart features will then be expected to have them, and competitors that don’t offer them will also fade from the public eye.
Now for the most important question: Which smart device is going to cause the robot apocalypse?
I am actually less worried about the robot apocalypse than the Internet of Bricked Things. Also, I think that poorly-designed versus well-designed products is a bigger issue than what class of product is going to cause the problem (although data-intensive devices such as IP video cameras could certainly have an outsized effect, like in the Dyn DDOS attack).
Still, the thing that worries me the most is the idea of always-on microphones and always-on cameras throughout our homes in the guise of “intelligent personal assistants.” Whether or not that AI grows into Skynet, I think there is far more potential for misuse of that data than whether or not our milk is past its expiration date.