Ever since trying a Google Home, I've been slowly getting more into the Internet of Things, or bringing the smart gadgets into our lives. Having a natural way to interact with devices makes it a lot more obvious how useful they can be, so I've been gradually adding 'smart' stuff where it fits.

One of the most obvious areas that the smart home focuses on is light bulbs. Everyone from Philips to IKEA is in on this, and I love the idea of it: automation based on external factors like weather, the sunrise, or just auto-on when I get home. Given it's as easy as swapping a light bulb, it's a no brainer when it's time to replace one.

Over the last two years I've gradually added Philips Hue to our home. These bulbs are expensive, but often sell for up to half price, so it's easy to just wait and get them whenever they're reasonably priced. 

After two years of slow addition, most of our rooms now have a Hue in them — I've got three color bulbs, the smart LED strip and four white ambiance (which are well priced all the time, and all you really need). 

What I noticed this week, however, is that while Philips Hue is a great system, the security model it uses is... weird at best, and I found out in the most confusing way: I lost control of my lights.

Enter the weird

Lately I've been trying to get up earlier to get some focus time in the morning: I've found freelancing really gets into your head, and it's good to make space for other stuff. Anyway, I am not a morning person, so I wanted to experiment with a wake up light to simulate the sunrise (it currently comes up at 8:40 AM in grey Europe).

After looking around at various wake up alarms and concluding they were junk, I decided to just make one. Philips actually has a Hue product that's made for this called Wellner but upon investigating I noted it was a great excuse to sell an overpriced lampshade alongside a White Ambiance (that's literally what's in the box) 

So, feeling proud I found a way to cheat the system, I ordered a single White Ambiance bulb, which has a full array of white hues, and a dirt cheap globe for dissipating the light a little. We have a few of these already, and I know they're bright enough to do the job.

After setting it up, and playing around, I noticed something weird: if I changed the brightness, it would change back to 90% brightness within a few seconds. This is extremely annoying, and defeats the point... given a wake up light should gradually fade in. Figuring some routine, or other automation was playing foul, I disabled everything in the app — no dice, still happens.

Stumped, I quite literally couldn't figure out what to do next. 

A few days later when I found time again, I clicked that perhaps an app integration could be responsible, so started hunting for some sort of API authentication screen where I could kill integrations until I figured out what was going on. 

As it turns out, there isn't a way to see the apps you've authenticated to your lights. Over the space of two years I had authenticated countless different apps, and forgotten about them, but Hue has no way to surface these! How the hell could I deauthorize something that broke, or worse, got hacked?

A quick Google surfaced this from Philips: there's no way to do this, but there is an API! Both perplexed, and curious, I hit the Hue Bridge IP address in my browser, and behold, I found a web server I didn't know about:

This is weird, but whatever. Philips then recommends you add /debug/clip to the URL to jump into the API, and you'll be presented with this definitely reassuring™ interface for something: 

Essentially, Philips Hue comes with a very handy little API reader built into the bridge. I can think of a bunch of reasons this is a Bad Idea, but that's for another day — I wanted to figure out who was overriding my light's brightness! 

First, you have to create your own API key which is easy enough, then, to see your apps, you must use said key and make a GET request to /api/your key/config/ in order to figure out what's authenticated, which gives you a huge JSON blob along with "whitelisted" apps and people that can control your Hue (I had 30+ things authenticated, but stripped this for brevity):

"whitelist": {
"12345StrippedKey": {
"last use date": "2017-12-23T09:32:13",
"create date": "1970-01-01T00:02:35",
"name": "hue_ios_app#@ow"
},
"12345StrippedKey": {
"last use date": "2017-01-26T21:54:05",
"create date": "2017-01-26T21:52:30",
"name": "HueNest#WebService"
},
"12345StrippedKey": {
"last use date": "2018-01-31T08:30:03",
"create date": "2017-11-22T20:36:38",
"name": "google-wifi#"
},
"12345StrippedKey: {
"last use date": "2018-01-31T08:30:03",
"create date": "2017-12-20T07:37:57",
"name": "f.lux"
}

This, quite seriously, is the only way to figure out what and who is authorized to control your Hue. If something rogue is integrated, tough shit if you don't know how to use an API, because you'll never find it. 

Luckily, I did, and noticed the last app I authenticated was f.lux — the Windows/Mac app that saves your eyes at night. Hm.

Flux added a lovely new integration with Hue recently, which syncs your screen's color with a set of bulbs however you fancy.

I've set this up in my office, and it's an awesome way to get your eyes more comfortable and automatically manage your lights in that space. It overrides all user settings when running, so the transition is smooth, which means resetting brightness and color if it's changed.

As it turns out, the app had also decided it'd like to control all new lights, too:

Basically, Flux, assuming I wanted the hue/brightness to be consistent, overrode my own changes whenever I made them. That's fine, but how am I supposed to know what's going on? There's no audit trail, logs or integration inspector to figure this out!

Deleting Flux from the Bridge solved the problem, and boom, I could actually control my lights again. Yay. 🙄

Consent, OAuth and all good things

Hue integrates with a bunch of different apps, and it's got an interesting implementation of pairing with new services. Essentially, if you wanted to pair Hue with IFTTT, you'd start the request, then need to push the giant button on the bridge. Seems fair, and secure, since it requires intentional action.

The problem, as I see it, is Hue provides no way to quickly check what's going on, or is authenticated, on the Bridge once it's there. There is no user auditing (what if I want to block an annoying user who's controlling my lights?) and there's no way to view authenticated apps without messing around with the API.

I really like Hue, but it's a mess, and needs work. It's easy to imagine some sort of rogue application tricking someone into pairing their bridge by pushing the button, then asking for money and randomly changing the brightness or color of lights until they pay. 

I also came to the realization I'd never checked to see what could control my lights, despite checking what's authenticated to something like Twitter all the time. I know the smart home is hard, but it's pretty strange how difficult it is to get someone off of a tool as critical as your lights.

Sure, I'll probably buy more Hue bulbs, but these companies need to mull how people use their systems, and what they can do if something goes wrong. Just assuming that the end user can trust everyone, and every app, forever, is a terrible way to operate.