Futurehome Smarthub Mandatory Subscription Fee: Difference between revisions
Added a section called "Network Hacking Possibility". I tried to add this in the discussion page however it failed to save. |
|||
| (3 intermediate revisions by 3 users not shown) | |||
| Line 7: | Line 7: | ||
'''Customers who declined to pay lost access to the mobile app (even for local use)''', along with all automations and the hub's local API integrations, leaving only basic on-device (physical) control. | '''Customers who declined to pay lost access to the mobile app (even for local use)''', along with all automations and the hub's local API integrations, leaving only basic on-device (physical) control. | ||
==Company info | ==Company info and background== | ||
'''Futurehome''' AS is a Norwegian smart-home technology company founded in 2013, known for the ''Futurehome Smarthub'', a central gateway device that connects and controls IoT devices. The Smarthub and | '''Futurehome''' AS is a Norwegian smart-home technology company founded in 2013, known for the ''Futurehome Smarthub'', a central gateway device that connects and controls IoT devices. The Smarthub and Futurehome's own product line ''(thermostats, smart plugs, relays, sensors, etc<ref>{{Cite web |title=Products - Futurehome |url=https://www.futurehome.io/en_no/products |access-date=2025-07-14}}</ref>)'' allow users to automate lighting, heating, EV charging, and other home functions via a mobile app and cloud platform. | ||
The hub lets users pair Zigbee-, Z-Wave-, and Futurehome-branded devices and control them locally or remotely through a free mobile app and cloud service; it also exposes local APIs for third-party integrations such as Home Assistant. | The hub lets users pair Zigbee-, Z-Wave-, and Futurehome-branded devices and control them locally or remotely through a free mobile app and cloud service; it also exposes local APIs for third-party integrations such as Home Assistant. | ||
| Line 14: | Line 14: | ||
The '''Futurehome Smarthub'''<ref name=":3">{{Cite web |title=Futurehome |url=https://www.futurehome.io/en_no/ |access-date=2025-07-14}}</ref> was '''originally sold as a one-time purchase.''' '''Prior to 2025, Futurehome operated on a one-time hardware purchase model''', with app and cloud services included at no extra cost. | The '''Futurehome Smarthub'''<ref name=":3">{{Cite web |title=Futurehome |url=https://www.futurehome.io/en_no/ |access-date=2025-07-14}}</ref> was '''originally sold as a one-time purchase.''' '''Prior to 2025, Futurehome operated on a one-time hardware purchase model''', with app and cloud services included at no extra cost. | ||
Futurehome AS was declared bankrupt on May | Futurehome AS was declared bankrupt on 20 May 2025. The platform and its services were acquired in a 50-50 split by Sikom Connect AS and the former Futurehome owners. The business was relaunched under a new entity: '''FHSD Connect AS.'''<ref name=":0" /> | ||
==June 2025 | ==June 2025 subscription rollout== | ||
After the bankruptcy & relaunch, ''any'' continued use now requires an annual subscription of 1,188 NOK (≈ $117). Households that decline are locked out of the application, automations, and the local API interface, leaving only manual, on-device control.<ref name=":0" /> | After the bankruptcy & relaunch, ''any'' continued use now requires an annual subscription of 1,188 NOK (≈ $117). Households that decline are locked out of the application, automations, and the local API interface, leaving only manual, on-device control.<ref name=":0" /> | ||
Following the relaunch, FHSD Connect announced that a mandatory subscription would be required to continue using the Smarthub platform. The subscription requirement was activated on June | Following the relaunch, FHSD Connect announced that a mandatory subscription would be required to continue using the Smarthub platform. The subscription requirement was activated on 26 June 2025, and both existing and new households were given a four-week trial period before charges apply.<ref name=":0" /> | ||
Customers who do not activate the subscription within that trial window face the following restrictions:<ref name=":0" /> | Customers who do not activate the subscription within that trial window face the following restrictions:<ref name=":0" /> | ||
| Line 38: | Line 38: | ||
==Futurehome's reply== | ==Futurehome's reply== | ||
FHSD CEO Øyvind Fries justified the subscription model as necessary to '' | FHSD CEO Øyvind Fries justified the subscription model as necessary to ''"secure stable operation, fund product development, and provide high-quality support,"'' according to statements given to [[Tek.no]] and reiterated in the FAQ.<ref name=":0" /><ref name=":13" /><ref name=":1" /> Fries explained that the subscription was introduced to ensure the '''long-term viability''' of the platform after bankruptcy: without new revenue, they could not guarantee stable operation of the cloud servers or continued updates to the product.<ref name=":1">{{Cite web |title=Rasende kunder opplever smarthjem-utpressing |trans-title=Furious customers experience smart home blackmail |url=https://www.tek.no/nyheter/nyhet/i/alMe04/rasende-kunder-opplever-smarthjem-utpressing |access-date=2025-07-13 |website=Tek.no |language=no}}</ref> | ||
He stated that the annual fee would help fund ongoing development of new features and maintain a high level of support for customers.<ref name=":0" /> The company also emailed users saying the change would ultimately provide ''"better functionality, more security, and higher value in the solution you already have invested in",'' positioning the subscription as an improvement for the user base.<ref name=":13" /> | He stated that the annual fee would help fund ongoing development of new features and maintain a high level of support for customers.<ref name=":0" /> The company also emailed users saying the change would ultimately provide ''"better functionality, more security, and higher value in the solution you already have invested in",'' positioning the subscription as an improvement for the user base.<ref name=":13" /> | ||
| Line 45: | Line 45: | ||
The reaction from Futurehome’s user base was negative. Norwegian customers described the move as a betrayal, given that the original sale included full functionality with no indication that a subscription would be introduced later. | The reaction from Futurehome’s user base was negative. Norwegian customers described the move as a betrayal, given that the original sale included full functionality with no indication that a subscription would be introduced later. | ||
On | On [[Reddit]]'s r/norge, there is an active discussion thread filled with outrage, legal concerns, and comparisons to ransomware tactics.<ref>{{Cite web |title=Futurehome tvinger eksisterende kunder over til et abonnement, hva nå? : r/norge |url=https://www.reddit.com/r/norge/comments/1lek0p7/futurehome_tvinger_eksisterende_kunder_over_til/ |access-date=2025-07-14}}</ref><ref name=":2" /> | ||
One user, muffinmeistro, wrote:<blockquote>''I can't understand how what they're trying to do here is legal. I'd like to hear what u/thomasiversen thinks.'' | One user, muffinmeistro, wrote:<blockquote>''I can't understand how what they're trying to do here is legal. I'd like to hear what u/thomasiversen thinks.'' | ||
| Line 55: | Line 55: | ||
''(Translated from Norwegian)''</blockquote> | ''(Translated from Norwegian)''</blockquote> | ||
==Questionable legality== | |||
This issue drew attention to consumer protection laws. Norway is not an EU member but is part of the European Economic Area (EEA), which means EU consumer-protection directives (such as those barring unfair commercial practices) are incorporated into Norwegian law. Observers noted that retroactively charging a subscription for a product that was sold under a no-fee premise might violate these rules, though as of mid-2025 it remained unclear if any official action would be taken. Some users discussed the possibility of legal recourse or a class-action lawsuit in response to Futurehome's move. | This issue drew attention to consumer protection laws. Norway is not an EU member but is part of the European Economic Area (EEA), which means EU consumer-protection directives (such as those barring unfair commercial practices) are incorporated into Norwegian law. Observers noted that retroactively charging a subscription for a product that was sold under a no-fee premise might violate these rules, though as of mid-2025 it remained unclear if any official action would be taken. Some users discussed the possibility of legal recourse or a class-action lawsuit in response to Futurehome's move. | ||
== | ==$5000 bounty to crack firmware== | ||
On the 16th of July, 2025, consumer rights advocate Louis Rossman announced that he would pay a $5000 bounty to anyone capable of restoring the previous functions of Futurehome's products. In addition, Rossman would hire a lawyer to defend the individual that provided the solution, if he or she were to be taken to court. | |||
In response to this, FHSD Connect AS CEO, Øyvind Fries, says that: | |||
<blockquote> | |||
It is regrettable that we now have to spend time and resources on strengthening the security around a service in demand, rather than further developing functionality for the benefit of our customers (Translated from Norwegian). | |||
</blockquote> | |||
Fries adds that their focus is on reliable and user-friendly services, with former customers of Futurehome being of primary interest. Regarding the bounty, Fries expressed: | |||
<blockquote> | |||
Although some perceive this as entertainment, it can have serious consequences for several thousand subscribers who use the service daily. | |||
==Impact on | Unauthorized access to software is considered illegal hacking, and is punished according to Norwegian law (Translated from Norwegian). | ||
</blockquote> | |||
When asked by the journalists at Tek.no about what legal actions that FHDS Connect AS would take if someone were to obtain the bounty, Fries said: | |||
<blockquote> | |||
Any offenses are followed up by the police, who have experience with this type of problem (Translated from Norwegian). | |||
</blockquote> | |||
==Similarity to Wink== | |||
In 2020, [[Wink]] suddenly introduced a $4.99 monthly fee for continued use of its previously free smart-home service, giving customers only a one-week ultimatum and warning that devices would stop working if they didn't pay.<ref>{{Cite web |title=Wink smart hub users get one week's notice to pay up or lose access - Ars Technica |url=https://arstechnica.com/information-technology/2020/05/wink-smart-hub-users-get-one-weeks-notice-to-pay-up-or-lose-access/ |access-date=2025-07-13 |website=Wink smart hub users get one week’s notice to pay up or lose access - Ars Technica}}</ref> That move led to a class-action lawsuit alleging deceptive business practices, breach of warranty, and even ''"trespass to chattels"'' on the grounds that Wink's remote deactivation scheme unlawfully interfered with consumers' owned property.<ref>{{Cite web |title=Greenwald Davidson Radbil PLLC {{!}} Greenwald Davidson Radbil PLLC files amended class action complaint against Wink Labs, Inc. over new monthly charge |url=https://www.gdrlawfirm.com/Wink-class-action |url-status=dead |archive-url=https://web.archive.org/web/20230313203733/https://www.gdrlawfirm.com/Wink-class-action |archive-date=2023-03-13 |access-date=2025-07-13 |website=Greenwald Davidson Radbil PLLC {{!}} Greenwald Davidson Radbil PLLC files amended class action complaint against Wink Labs, Inc. over new monthly charge}}</ref> | |||
Futurehome's forced subscription draws parallels to the Wink case while demonstrating an industry pattern of undermining the '''[[right to own]]''' what one has bought. Critics argue that such practices erode consumers' sense of ownership, turning purchased devices into services that can be revoked or pay-walled at any time. . | |||
==Impact on third-party integrations== | |||
Beyond the immediate loss of app functionality, the subscription requirement '''disables all third-party integrations'''. Futurehome previously allowed integration with: | Beyond the immediate loss of app functionality, the subscription requirement '''disables all third-party integrations'''. Futurehome previously allowed integration with: | ||
| Line 69: | Line 87: | ||
*[[Homebridge]] via NPM plugin for Apple HomeKit<ref>{{Cite web |last= |first= |title=homebridge-futurehome - npm |url=https://www.npmjs.com/package/homebridge-futurehome |access-date=2025-07-14}}</ref> let Futurehome devices be controlled via Siri and the Apple Home app | *[[Homebridge]] via NPM plugin for Apple HomeKit<ref>{{Cite web |last= |first= |title=homebridge-futurehome - npm |url=https://www.npmjs.com/package/homebridge-futurehome |access-date=2025-07-14}}</ref> let Futurehome devices be controlled via Siri and the Apple Home app | ||
These relied on the | These relied on the hub's local API and MQTT server. Once disabled, no data is sent or received, breaking compatibility with these platforms. Once the subscription enforcement kicked in, the hub stopped publishing or accepting local MQTT messages and the API shut down, breaking compatibility. | ||
While some users may migrate to other smart home ecosystems using open protocols like Zigbee2MQTT<ref>{{Cite web |title=Zigbee2MQTT Supported Devices – Futurehome |url=https://www.zigbee2mqtt.io/supported-devices/#v=Futurehome |access-date=2025-07-14}}</ref>, some Futurehome-branded devices (e.g., the HAN-Sensor and Futurehome Charge EV charger) may lose core features or become inaccessible due to lack of open community drivers. | While some users may migrate to other smart home ecosystems using open protocols like Zigbee2MQTT<ref>{{Cite web |title=Zigbee2MQTT Supported Devices – Futurehome |url=https://www.zigbee2mqtt.io/supported-devices/#v=Futurehome |access-date=2025-07-14}}</ref>, some Futurehome-branded devices (e.g., the HAN-Sensor and Futurehome Charge EV charger) may lose core features or become inaccessible due to lack of open community drivers. | ||
| Line 93: | Line 111: | ||
</gallery> | </gallery> | ||
== Network | ==Network hacking possibility== | ||
<!-- This needs to be re-written in a neutral third-person POV. - Sojourna --> | |||
First, find out the IP address of the FH device on the network. Since most IPv4 networks use RFC-1918 addresses on the inside of the network, let's say our example IP is 10.20.30.40/24. Once we have this, let's capture all the network traffic being sent to and from the device. If at all possible, create a SPAN/mirror port on the connected switch to include local (multicast and broadcast) traffic. If we can't, let's start at the firewall. Depending on the vendor (Check Point, Fortinet, Cisco, Palo Alto, whatever) the syntax will be unique but we want the capture to look like this: | First, find out the IP address of the FH device on the network. Since most IPv4 networks use RFC-1918 addresses on the inside of the network, let's say our example IP is 10.20.30.40/24. Once we have this, let's capture all the network traffic being sent to and from the device. If at all possible, create a SPAN/mirror port on the connected switch to include local (multicast and broadcast) traffic. If we can't, let's start at the firewall. Depending on the vendor (Check Point, Fortinet, Cisco, Palo Alto, whatever) the syntax will be unique but we want the capture to look like this: | ||
| Line 104: | Line 124: | ||
At this point, we should now know: | At this point, we should now know: | ||
# The DNS A/AAAA requests and responses that the FH device queries | #The DNS A/AAAA requests and responses that the FH device queries | ||
# The Layer-3 protocols and Layer-4 ports in use by the device | #The Layer-3 protocols and Layer-4 ports in use by the device | ||
# The commands sent back and forth between the FH device and the FH server | #The commands sent back and forth between the FH device and the FH server | ||
# The responses sent back and forth from item three, above | #The responses sent back and forth from item three, above | ||
Armed with this, we will need to create a DNS server that has a local zone (db.rpz.local) for each DNS request by the FH device. These entries should point to (what will eventually become) our custom FH server. For this example, let's use 1.2.3.4 as the server IP. Now, any time the FH device wants to connect to the actual FH server and it's using our DNS server, it will connect to 1.2.3.4 (our custom server) instead. | Armed with this, we will need to create a DNS server that has a local zone (db.rpz.local) for each DNS request by the FH device. These entries should point to (what will eventually become) our custom FH server. For this example, let's use 1.2.3.4 as the server IP. Now, any time the FH device wants to connect to the actual FH server and it's using our DNS server, it will connect to 1.2.3.4 (our custom server) instead. | ||
| Line 114: | Line 134: | ||
Firmware isn't hacked: We've just created a new tool that the FH device ''happens'' to work with. :) | Firmware isn't hacked: We've just created a new tool that the FH device ''happens'' to work with. :) | ||
==See also== | |||
[[Retroactively amended purchase]] | |||
==References== | ==References== | ||
{{ | {{Reflist}} | ||
[[Category:Futurehome]] | [[Category:Futurehome]] | ||