2024-07-01 VDE dialog

Worst case: electronic waste

The smart home is still suffering from teething troubles. However, developments are now underway that give cause for hope, says Alexander Matheus, expert for Smart Technologies and Information Security at the VDE Testing and Certification Institute.

VDE dialog: Exactly ten years ago, VDE dialog ran its first edition dedicated to smart living. Where do we stand today?

Alexander Matheus: The topic of smart homes has been on our minds for a very long time. Smart technologies were already a big thing back in 2012, when we set up a separate department for them here at the institute. At the time, we were convinced that this was just the start and that applications would grow exponentially. However, this has not proved to be the case; the big boom has so far failed to materialize.

Why is that?

There are several reasons. On the one hand, there is still a lack of interoperability – the ability of individual devices to “talk” to each other. Numerous efforts have been made, but if you want to combine products from different manufacturers, it often still doesn’t work properly. Then there is the major issue of IT security, which has become increasingly important for customers in recent years. Nobody wants to bring devices into their home that spy on them or are a gateway for hackers. And last but not least, the costs are, of course, also a factor. A building owner will always think twice before integrating a complete system that can do everything but is also very expensive.

Alexander Matheus, Experte für Smarte Technologien und Informationssicherheit im VDE Institut

| VDE

Isn’t there a fourth reason, especially for end customers who want to make their homes smarter, namely that it’s not that easy to find, install and then operate a suitable system?

Yes, that’s a problem, too. There simply aren’t enough consultants and installers. And not all customers are tech-savvy enough to want to learn about the subject themselves. What’s more, most companies only offer their own products and not an overall solution tailored to the customer that integrates devices from different manufacturers. That’s certainly a problem.

For which of these topics does the VDE Institute feel responsible?

The main focus of the testing institute is certainly on safety and security. Safety refers to the electrical safety of the individual components, but since 2013 we have also been testing security – specifically the security of access to smart home systems. The way this works is that we try to hack these systems on behalf of the manufacturers to see whether the protective measures taken are already sufficient. Incidentally, these days this is no longer limited to the smart home sector; we’ve expanded our cyber security department and now also carry out tests in industry and on medical technology, for example.

At the beginning 2024, the Süddeutsche Zeitung newspaper published a commentary entitled “Smart Home: stupid, unreliable and unsafe. Some networked devices are becoming a gateway for criminals or turning into electronic waste. It’s high time for regulation.” Do you agree with this?

Unfortunately, it’s not possible to completely contradict this statement. We keep finding that many devices are simply not secure enough and that it really is very easy to break in. If you can then access the WiFi password via such a device in the house and then, as it were, jump from one device to another, this is definitely a major problem. That’s why it’s not enough for the devices to carry a CE marking for their safety, because this simply doesn’t provide security. But in this area, manufacturers have so far not been obliged to adhere to any rules at all.

So far? Does that mean this will change?

Yes, step by step. The first of these will be taken when certain articles are activated in the EU’s Radio Equipment Directive (RED) in August 2025. Then manufacturers will also have to take security aspects into account, which means taking care of passwords, encryption, updatability and the like. If they do not comply with the regulations, the worst-case scenario is the withdrawal of the CE marking.

And is a second step already on the horizon?

This will be the Cyber Resilience Act (CRA), which will most likely come in 2027 and will then affect all devices that communicate digitally in any form, so not just “radio equipment” as with RED. With these two regulations, cyber security will be mandatory for the first time.

What consequences will this have for the industry?

This is not without its challenges for manufacturers. But at some point, the EU simply had to realize that it just wouldn’t work without regulation. That doesn’t mean that nothing has changed at all; the big, well-known companies in particular naturally focused on cyber security early on. But not all of them. And this has led, for example, to the fact that vast amounts of footage from webcams are now freely accessible on the Internet without their owners knowing about it.

There is also the problem that you cannot be sure whether you will be happy with your state-of-the-art appliance in the long term.

That’s true. In the past, too little thought has often been given to how devices can be sensibly updated or designed in such a way that they can still be used long into the future. If, for example, a company goes bankrupt – as Gigaset recently did – the worst-case scenario could be that you’re left with a pile of electronic waste filling up your home. This is what happens when you have proprietary systems and none of them can cope with different components that are compatible with each other.

But the topic of interoperability is not that high on the agenda at the VDE Institute, is it?

Actually, yes, it is. For example, we were initially very involved in the EEBUS initiative, where we also developed the first test machines for this communication interface, which enables energy suppliers and households to share applications and services to increase energy efficiency. That is a basic prerequisite for having smart heating in a smart home. However, demand has been far too low up to now. Although we continue to support this, we have had to accept that it’s a predominantly German-driven initiative with still too limited impact.

In stark contrast to Matter, an initiative by the likes of Amazon, Google, Apple and Samsung?

Matter probably actually will ensure that devices are much more easily compatible. However, this is not based on a public standard that has been drawn up by independent bodies, but is, so to speak, an internal industry agreement between these large companies. That’s not necessarily a bad thing. On the contrary, we can certainly see that Matter is creating a certain springtime mood in the industry. On the other hand, it must also be clear to everyone why these companies are involved in this area. Ultimately, their aim is to collect data.

But there’s another development that is bringing some springtime cheer to the industry, and that’s the topic of artificial intelligence.

And quite rightly so! A home is not smart just because you can control certain devices via an app or the lights come on when you enter. Your home only becomes smart when it thinks for you, so to speak, and regulates things independently. At the last IFA, for example, among the exhibits was an oven that works completely independently, so you don’t have to worry about a thing. You simply put something in and the oven recognizes by itself what it has to do. Or imagine a house that fully regulates its own energy consumption, i.e. not only knows when the heating needs to be turned off, but also what can be done with the available energy during this time – for example, charging the car or doing the laundry. And, incidentally, for such applications, a standard such as EEBUS is much more helpful than Matter.