Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Marsymars 4 hours ago

I'm sitting here drinking an Aeropress-made coffee as I type this, but thinking about how the kettle I used to boil the water is wifi-connected. (Although the smarts are limited to firmware updates, there's no control of the kettle or useful data collected from the kettle.)

ssl-3 2 hours ago | parent | next [-]

I understand why such a device might have firmware. For instance: The drip coffee maker in my kitchen also has firmware; it is used for things like operating the clock (which I've never set...), starting automatically at a pre-set time, and for turning the hot bits off after an hour or two. It's completely offline; these are just pre-programmed functions that will never change.

But I have some questions, if you've got a moment.

Why does the kettle's firmware need updating? What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?

(And remember: Since the kettle has a radio and a network connection, data collection isn't necessarily limited to kettle operations. Deducing location is easy for a motivated party using wifi and/or bluetooth signals in populated areas where others are using wireless technologies; see, for example: https://www.qualcomm.com/internet-of-things/solutions/qualco... )

Marsymars an hour ago | parent [-]

> Why does the kettle's firmware need updating? What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?

It's a Fellow EKG Pro kettle. They've got release notes here: https://help.fellowproducts.com/hc/en-us/articles/9593179929...

Notably, bug fixes to the same features that your drip coffee maker has (clock/scheduling stuff stuff), and the addition of new languages to the UI.

> What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?

I assume these are somewhat rhetorical questions where we both know the answers - I'm not harbouring illusions here - as with any internet-connected software you have to trust the vendor.

If it were up to me, I'd prefer a Z-Wave-connected kettle that received its firmware updates via Home Assistant... but fancy pour-over kettles are niche enough that a market for a Z-Wave one simply doesn't exist.

As-is, I've got enough trust in Fellow that I'm leaving my kettle connected for firmware updates. Of course, that may change.

ssl-3 27 minutes ago | parent [-]

That's a very nice-looking kettle. Having looked at it, I agree with you completely. It seems rather unlikely that it would turn into a manufacturer-supported attack vector.

We do have a different out-of-band/disconnected/not-wifi way of doing firmware things, and perhaps we should use it more than we do: Bluetooth. It's about as universal as it gets.

I mean: Imagine a Venn diagram, with two groups. One group represents people who update the firmware in their kettles. The other group represents people who have Bluetooth-capable pocket supercomputers.

The two groups overlap so neatly that the diagram is indistinguishable from a circle. :)

iamtedd 3 hours ago | parent | prev [-]

A kettle needs firmware updates?

Marsymars an hour ago | parent | next [-]

I'd say "has" firmware updates rather than "needs". You can see release notes: https://help.fellowproducts.com/hc/en-us/articles/9593179929...

dylan604 3 hours ago | parent | prev [-]

A kettle needs firmware?

Marsymars an hour ago | parent [-]

Some software features are actually quite nice on kettles! e.g. Mine has adjustable altitude calibration which simplifies things that are temperature-sensitive if you live somewhere with a boiling point notably below 100°: https://www.precisekettlepicks.blog/blog/buying-guides-by-us...