Bringing the smart home to apartment dwellers is a tough business. That said, it hasn’t stopped several companies from trying. After all, the benefits to landlords are clear. Connected devices that detect water leaks can help prevent catastrophic leaking in rented and empty apartments, smart locks can make it easier to manage access without the need for physical keys, and connected thermostats can help reduce energy usage.
In some cases, residents are equally enamored with the idea, even paying a premium for services such as Alexa-enabled lighting. But if you think making a single-family home smart is hard, try applying connected devices to a building with a dozen or even hundreds of units.
These challenges were thrown into sharp relief this week when Twitter user and white hat hacker Lesley Carhart tweeted her dismay at her own landlord going smart. She tweeted a series of complaints that focused on her inability to opt out of the program, the requirement that the smart hub associated with the apartment would be plugged into her own broadband network, and the fact that many of the devices involved didn’t meet her demands for security.
These are all serious complaints, so I reached out to a variety of people to learn more about how to design smart apartments, what the security risks might be, and how other property managers talk to tenants about adding intelligence to their buildings.
I asked Carhart to chat with me for this story, but she declined to talk to me (or any media) while she’s still in discussions with her landlord (she is also seeking a lawyer). I did discover that the company planning to install an automation system in Carhat’s apartment complex is called SmartRent, a Phoenix-based startup that in November raised $5 million in funding. I’ve reached out to Mitch Karran, the chief product officer at SmartRent, and to the PR firm representing SmartRent investor Real Estate Technology Ventures for their comment, but have not heard back.
SmartRent uses a Z-wave hub by Croation company Zipato. The hub controls Z-wave devices and links back to a Wi-Fi network or Ethernet. The Zipato hub uses a modem by Huawei, which could cause alarm for some folks, including those in the U.S. government. It has also been hacked by others who have the system in their own apartments, though the hack was designed to connect the hub to the apartment dweller’s other connected home devices, not as a malicious attempt to break into the hub.
A big target of Carhart’s ire is the Yale lock that SmartRent uses. It’s a residential lock, as opposed to one that Yale sells to multiple dwelling units as part of its Accentra unit, which is designed for apartments and multi-family dwelling units. Jason Williams, president of Yale Residential Locks, confirmed that SmartRent is a partner of Yale’s and is using Yale residential locks in their smart apartment setups, but he didn’t see that as a problem. “In multifamily housing, traditionally the residential door has a consumer door lock on it,” he says.
Others disagreed. Including Felicite Moorman, CEO of Stratis IoT, which provides a smart home system for property management companies. She says that any connected lock system for an apartment building has to have several qualifications. Those include the ability to grant access to firefighters; the ability to audit who has come into an individual unit; and the ability to get in, and especially out, of the building during an internet or power outage.
I asked the parent company behind Schlage locks, Allegion, which makes a product used in multifamily housing, about the demands of that market. Devin Love, director of technology alliances at Allegion, also provided several other considerations, mostly associated with meeting building code requirement in the municipality where the apartment is located.
Yale’s Williams said that many of those issues are taken care of by SmartRent. For example, SmartRent has to make sure the devices used in its system are up to code wherever they are deployed. It also provides the back-end software that handles audits of who has opened the lock to enter the apartment. In the case of security patches, SmartRent gets patches from Yale and then is responsible for sending those patches to the lock.
Williams called SmartRent an “approved partner who the company works closely with” while also saying that “as a manufacturer, we’re limited in who picks up our Z-wave lock and uses it.” From a tenant’s perspective, there are other issues with the specific lock, such as the lack of ADA compliance (someone who is vision impaired can’t use the particular Yale lock SmartRent has chosen to use).
There’s also the issue of Z-wave. Like any wireless protocol, Z-wave has its security vulnerabilities. Fears of a hacked lock are not easy to dismiss, especially if you are in the infosec profession like Carhart is. There’s also an issue of the way this system is designed.
Many systems made for multifamily housing are designed so the hubs and controllers are outside the resident’s unit. This provides a measure of protection so a malicious party can’t get physical access to the device. It’s unclear what extra security protocols SmartRent uses to prevent someone from accessing the software on one Zipato controller and attempting to send it to others in the building using Z-wave or even Wi-Fi.
Moorman also brought up a good point, saying that in the Stratis solution, when the resident moves into a smart apartment, the property manager no longer has access to the data generated by that unit. So the lighting and HVAC data isn’t available to the property management company, with the exception of things such as a freeze event or a flood. If that happens, the tenant and landlord both get a notification.
It’s unclear if SmartRent provides this level of privacy. And it’s that level of uncertainty combined with the fact that residents of this particular apartment building are being forced into these arrangements that doesn’t sit well with Moorman.
“It’s just unfortunate, because consumer confusion equals consumer inaction, and this will wreak some havoc on the efforts we’ve made to educate this market so far,” says Moorman. “And that’s just challenging for us.”
Updated: This story was updated on Jan. 25, 2019 to reflect that Zipato is a Croatian company, not a Chinese company.