Internet of Things (IoT) thermostat company Nest will disable the company's smart home product Revolv on May 15, sparking concerns over the future security of the IoT devices.
The decision to disable the £211 device was announced by Revolv founders Tim Enwall and Mike Soucie on Revolv's website. The founders will re-focus on building a platform of compatible devices that integrate into the Nest system called, Works with Nest. “Unfortunately, that means we can't allocate resources to Revolv anymore and we have to shut down the service.”
In speaking with SCMagazine.com, Online Trust Alliance (OTA) Executive Director Craig Spiezle said, “It is a reasonable expectation among customers that a company would commit to updates for the lifecycle of the product.”
In addition to the notable frustrations involved with owning a device that is suddenly rendered useless, the announcement raises an array of security and privacy concerns for owners of IoT devices. A primary concern is whether data stored on cloud services will continue to be secured. Last month, for example, security researcher Chris Vickery discovered an unsecured MongoDB database that contained information related to over 198,000 past customers of a defunct iPhone app.
Nest was acquired by Google in January 2014, then acquired Revolv nine months later in October 2014. At that time, the Revolv device was taken off the market. Nest is now owned by Alphabet Inc., the parent company of Google.
Revolv's announcement contained a FAQ section that included just four questions. The answers bluntly informed customers that their devices would no longer function after May 15th, and there will be no reimbursement. “Our one-year warranty against defects in materials or workmanship has expired for all Revolv products,” the founders wrote.
Spiezle, reacting to that statement, told SC, “It's certainly going to bring on class action suits against Google in this case.”
Nest is working with customers “on a case-by-case basis to determine the best resolution, including compensation”, a company representative told SC via email. The representative said Nest will delete all customer data from the service once the service is shut down.
In January 2015, OTA established an IoT working group to focus on IoT security and privacy in connected consumer devices. The group, IoT Trustworthy Working Group (ITWG), published a trust framework to strengthen security practices for IoT devices.
“It is my hope that Alphabet/Google rethinks the impact here, and does the right thing for consumers,” said Spiezle. “If they don't, this could have a huge ripple effect for consumers of IoT devices.”