A connected sprinkler system may seem like an unlikely hack target – but for fraudsters, any networked IoT device can be a gateway to the smart home ecosystem. This means that every IoT device, no matter how innocuous, must be secured. In this month’s IoT Tracker, PYMNTS talks with Anthony Long of smart sprinkler system company Hydrawise about how the company designed its system to prevent data breaches and keep hackers off of its lawn.
Many consumers are turning their houses into smart homes by using central hubs like Amazon’s Alexa and cloud infrastructure to network their IoT devices. That automation extends outdoors, too, with Wi-Fi-connected sprinkler systems and robot lawnmowers now maintaining backyards without undue homeowner efforts.
Hydrawise is one such outdoor system. It was originally an independent IoT irrigation controller manufacturer, but was acquired by irrigation giant Hunter Industries in 2016. In a recent interview with PYMNTS, Hunter’s Hydrawise product manager, Anthony Long, explained how the system functions while keeping its smart home network secure.
Saving water for less effort
Programmable sprinkler systems have been around for decades, but they can be inefficient without proper management. There is no point in watering lawns when it is raining, for example, but most programs need to be manually overridden to turn the sprinklers off. This leaves homeowners or contractors helpless if they are away from their controllers when they learn watering will not be needed.
That is where IoT comes into play, Long said. The Hydrawise controller can automatically adjust itself rather than having homeowners change the program.
“We use predictive weathering, which is a term we invented for the ability to use internet-based weather to make changes to the irrigation controller,” he noted. “We’re continually looking at what’s happening today, tomorrow and yesterday, and [whether] that affects the way that the irrigation should work. If it’s cold, for example, we can change it down [because we need less watering] and if it’s hot we can change it up [to hydrate more and combat the heat].”
In addition to its functionality for private homeowners, Hydrawise is used by gardening contractors to manage hundreds or even thousands of gardens and lawns.
“Rather than driving out to each controller and physically changing the program, [contractors] can change thousands of controllers in minutes remotely,” Long said. “Being able to make changes globally like that really helps in saving a lot of water.”
Feedback from contractors and irrigation experts was essential to Hydrawise during the system’s development, and continues to help Hunter update the controller with new features. In 2019, these have included the ability to fine-tune controller locations on a digital map, set up irrigation levels by zone and send messages from contractors to customers via a mobile app.
Securing the network
All those extra features are window dressing compared to an IoT device’s top priority — security. A Wi-Fi connected sprinkler system might strike some as an unlikely target for a hacker, but bad actors are not after gardening data. These seemingly innocuous devices are instead used as entry points, allowing hackers to access the entire smart home network.
“Every Wi-Fi connection, every Bluetooth connection, every connection you make where you’re using some sort of over-the-air wireless connection is subject to hacking,” Long said.
Hydrawise keeps users’ data secure by not storing any private user data in its system. In fact, the product is completely separate from the rest of a customer’s smart home IoT network.
“If you hacked into Hydrawise and you were successful, the only thing you can do is turn on one person’s controller and manually start sprinkling,” he said. “You’re going to annoy your next-door neighbor, but that’s it.”
It was important to prevent hackers from making it that far, though. Outdated software is an often-overlooked security flaw, and the longer such a flaw is exposed, the larger the window for a bad actor to write a program to exploit it. Customers can find it inconvenient to make sure their software is consistently patched and updated, but the process is essential to security.
There was thus only one option for to ensure the Hydrawise solution’s software stays current.
“All of our controllers around the world are automatically updated to the latest versions of firmware, for both the controller and also for the Wi-Fi connections,” Long explained. “So, we try to minimize the ability of any hacking using old code and old Wi-Fi versions.”
Hunter also enlists an independent auditor for help, tapping a team that attempts to hack into the Hydrawise devices and present any found vulnerabilities. These security standards seem to have paid off, according to Long, as not a single bad actor has successfully breached the product’s defenses since Hydrawise’s founding in 2011.
Making Hydrawise wiser
Future developments to the Hydrawise system will likely revolve around AI and machine learning, Long explained. In addition to monitoring weather patterns to determine optimum watering times and volumes, the system could learn its owner’s habits and adapt accordingly.
“Say a family gets up at five o’clock in the morning, and they want the irrigation completed by then so that they can go outside and do yoga, for example,” he said. “Maybe on Sundays they don’t want their system to irrigate because that’s when they mow their lawn.”
This future Hydrawise AI is a microcosm of how IoT will likely grow in the future, and other smart home providers like robotic vacuum Roomba and security system Nest are already beginning to introduce such solutions to the market. Like every other IoT ecosystem aspect, it is essential that this technology is kept secure, or the entire network could collapse like a smart house of cards.