I'm sitting here drinking an Aeropress-made coffee as I type this, but thinking about how the kettle I used to boil the water is wifi-connected. (Although the smarts are limited to firmware updates, there's no control of the kettle or useful data collected from the kettle.)
I understand why such a device might have firmware. For instance: The drip coffee maker in my kitchen also has firmware; it is used for things like operating the clock (which I've never set...), starting automatically at a pre-set time, and for turning the hot bits off after an hour or two. It's completely offline; these are just pre-programmed functions that will never change.
But I have some questions, if you've got a moment.
Why does the kettle's firmware need updating? What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?
(And remember: Since the kettle has a radio and a network connection, data collection isn't necessarily limited to kettle operations. Deducing location is easy for a motivated party using wifi and/or bluetooth signals in populated areas where others are using wireless technologies; see, for example: https://www.qualcomm.com/internet-of-things/solutions/qualco... )
> Why does the kettle's firmware need updating? What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?
Notably, bug fixes to the same features that your drip coffee maker has (clock/scheduling stuff stuff), and the addition of new languages to the UI.
> What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?
I assume these are somewhat rhetorical questions where we both know the answers - I'm not harbouring illusions here - as with any internet-connected software you have to trust the vendor.
If it were up to me, I'd prefer a Z-Wave-connected kettle that received its firmware updates via Home Assistant... but fancy pour-over kettles are niche enough that a market for a Z-Wave one simply doesn't exist.
As-is, I've got enough trust in Fellow that I'm leaving my kettle connected for firmware updates. Of course, that may change.
That's a very nice-looking kettle. Having looked at it, I agree with you completely. It seems rather unlikely that it would turn into a manufacturer-supported attack vector.
We do have a different out-of-band/disconnected/not-wifi way of doing firmware things, and perhaps we should use it more than we do: Bluetooth. It's about as universal as it gets.
I mean: Imagine a Venn diagram, with two groups. One group represents people who update the firmware in their kettles. The other group represents people who have Bluetooth-capable pocket supercomputers.
The two groups overlap so neatly that the diagram is indistinguishable from a circle. :)
Oh yeah, that's a good point, Bluetooth would actually be marketable product. Though my preference is not needing a mobile app, if they used Bluetooth and made it HomeKit compatible, then they could also push firmware updates over the Bluetooth connection from an Apple home hub.
Some software features are actually quite nice on kettles! e.g. Mine has adjustable altitude calibration which simplifies things that are temperature-sensitive if you live somewhere with a boiling point notably below 100°: https://www.precisekettlepicks.blog/blog/buying-guides-by-us...
:) I'm sticking with my Aeropress
I'm sitting here drinking an Aeropress-made coffee as I type this, but thinking about how the kettle I used to boil the water is wifi-connected. (Although the smarts are limited to firmware updates, there's no control of the kettle or useful data collected from the kettle.)
I understand why such a device might have firmware. For instance: The drip coffee maker in my kitchen also has firmware; it is used for things like operating the clock (which I've never set...), starting automatically at a pre-set time, and for turning the hot bits off after an hour or two. It's completely offline; these are just pre-programmed functions that will never change.
But I have some questions, if you've got a moment.
Why does the kettle's firmware need updating? What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?
(And remember: Since the kettle has a radio and a network connection, data collection isn't necessarily limited to kettle operations. Deducing location is easy for a motivated party using wifi and/or bluetooth signals in populated areas where others are using wireless technologies; see, for example: https://www.qualcomm.com/internet-of-things/solutions/qualco... )
> Why does the kettle's firmware need updating? What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?
It's a Fellow EKG Pro kettle. They've got release notes here: https://help.fellowproducts.com/hc/en-us/articles/9593179929...
Notably, bug fixes to the same features that your drip coffee maker has (clock/scheduling stuff stuff), and the addition of new languages to the UI.
> What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?
I assume these are somewhat rhetorical questions where we both know the answers - I'm not harbouring illusions here - as with any internet-connected software you have to trust the vendor.
If it were up to me, I'd prefer a Z-Wave-connected kettle that received its firmware updates via Home Assistant... but fancy pour-over kettles are niche enough that a market for a Z-Wave one simply doesn't exist.
As-is, I've got enough trust in Fellow that I'm leaving my kettle connected for firmware updates. Of course, that may change.
That's a very nice-looking kettle. Having looked at it, I agree with you completely. It seems rather unlikely that it would turn into a manufacturer-supported attack vector.
We do have a different out-of-band/disconnected/not-wifi way of doing firmware things, and perhaps we should use it more than we do: Bluetooth. It's about as universal as it gets.
I mean: Imagine a Venn diagram, with two groups. One group represents people who update the firmware in their kettles. The other group represents people who have Bluetooth-capable pocket supercomputers.
The two groups overlap so neatly that the diagram is indistinguishable from a circle. :)
Oh yeah, that's a good point, Bluetooth would actually be marketable product. Though my preference is not needing a mobile app, if they used Bluetooth and made it HomeKit compatible, then they could also push firmware updates over the Bluetooth connection from an Apple home hub.
A kettle needs firmware updates?
I'd say "has" firmware updates rather than "needs". You can see release notes: https://help.fellowproducts.com/hc/en-us/articles/9593179929...
A kettle needs firmware?
Some software features are actually quite nice on kettles! e.g. Mine has adjustable altitude calibration which simplifies things that are temperature-sensitive if you live somewhere with a boiling point notably below 100°: https://www.precisekettlepicks.blog/blog/buying-guides-by-us...