There’s a long history of device control on the Internet. The Coke machine at Carnegie Mellon University was (at least once upon a time) the most famous example, and it has a legitimate claim to be the world’s first IoT device.
Before trudging across the cold Pennsylvania tundra, mile after mile, to the computer lab for an all-nighter and finding the machine empty, students anywhere on (or off) campus could send a command to the machine to see whether or not it was stocked.
In a similar spirit, the University of Cambridge put a coffee machine online, and you can check its status until it was disconnected in 2001. In 1998, the IETF’s Internet Society published RFC 2324, the technical specification for Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0)
A few years ago, a resourceful Alaskan family connected their home Christmas lights to the Internet, and anyone anywhere could turn them off and on. A webcam was pointed at the house so you could see that it actually worked (low latency!). At the moment, they’re not up and running – it’s only October – but I will keep checking.
What it means
On a more serious note, I was curious when I saw this headline: “Security researcher gets access to all Xiaomi pet feeders around the world.” It turns out that someone found the API that controls more than 10,000 online pet feeders. And in turn, she was able to exploit a defect in the feeder’s chipset that would allow a hacker to install new firmware.
Situations like this provide sound argument for rigorous testing before a video provider announces support for any new device in their service. Not just testing of the user experience or the basic functionality, but also, thorough testing of communication security; to minimize the threat that end users become unwitting victims of piracy or that your content may be stolen.
