Home Depot Tech Will Brick Power Tools If They're Stolen. What Could Possibly Go Wrong?
from the what-could-possibly-go-wrong dept
We've noted more times than I can count how in the modern era, you no longer really own the things you buy. Thanks to internet connectivity, hardware you own can be bricked or downgraded to the point where you lose essential features. Or, just as often, obnoxious DRM means you have to jump through all kinds of bizarre hoops to actually use the thing you thought you owned, whether that's Keurig using DRM to prevent you from using competing coffee pods, to printer manufacturers using DRM to keep you from buying cheaper cartridges.
Now Home Depot is experimenting further with DRM at the point of sale. The company has started embedding chips in many of the major tool brands it sells (DeWalt, Milwaukee). And unless the tool is enabled by a Bluetooth-based system at the register, it simply won't work when you take it home:
"Home Depot says their new anti-theft strategy is now being used in several stores nationwide to combat the thefts of their most popular power tools. A chip is inserted into power tools of major brands like DeWalt and Milwaukee brand tools, similar to how gift cards need to be scanned and paid for at a store to activate. Once the tools are paid for, the store will use Bluetooth technology to activate the tool."
Yes, what could possibly go wrong. What if the system is buggy and doesn't work? What if you then try to contact a manufacturer or retailer that no longer exists or supports the device and systems in question? Too bad.
The company tells Business Insider the program isn't focused on individual shoplifting, but wholesale efforts by organized crime to steal power tools in bulk. But given the sophistication of organized crime, and the overall vulnerability of Bluetooth tech, the risk here is not insubstantial that criminals find a way to circumnavigate this technology rendering it useless:
Just what nobody asked for: DRM but for power tools. I wonder how long it will take for someone to bypass it. pic.twitter.com/RpnxOzl3KY
— Zack Whittaker (@zackwhittaker) August 2, 2021
Then you're simply left with an additional layer of cumbersome technical restrictions that potentially risk making tool purchase and ownership more of a hassle. People act as if they'd never read Cory Doctorow.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bluetooth, drm, ownership, powertools, theft
Companies: dewalt, home depot, milwaukee
Reader Comments
Subscribe: RSS
View by: Time | Thread
Next Dystopian Evolution
When the DRM crackers emerge victorious, the tool makers will then demand an "always connected" device. Learning from the tech sector, they can can create an internet of things system for power tools, and force owners to create an account and register their devices. After the inevitable data leak, power tool makers can enter the final phase, modeled after the printer ink industry, and switch over to a subscription model.
[ link to this | view in chronology ]
Re: Next Dystopian Evolution
On a bit of a tangent, it wouldn’t be hard to imbed that sort of DRM signal into a city or even national power grid. So long as the frequencies used for data are completely different from those used for power, nothing prevents using the same cable for both.
[ link to this | view in chronology ]
Re: Re: Next Dystopian Evolution
See patent US3093706A; Kinda won't pass through transformers
[ link to this | view in chronology ]
Re: Next Dystopian Evolution
Know what I see here?
Licensing of tools. You don’t actually buy the tool: you buy a licence.
Sounds like another attempt to stop first sale doctrine.
[ link to this | view in chronology ]
Gee, I sure hope those power tool companies agreed to let home depot open the tools up and possibly violate the warranties on them.
[ link to this | view in chronology ]
Re:
Homeless despot has enough market power to demand that the tool manufacturers add the chips for them.
[ link to this | view in chronology ]
Re:
opening the tool it's actually legal, even mods are legal and tieing the warranty on not opening a case seal is the illegal thing.
it's actually illegal under the Magnuson–Moss Warranty Act to deny warranty because a tool has been opened or had parts replaced that are not related to the fault.
Just the fact that manufacturers and shops are getting away with it doesn't mean it's legal.
Louis Rossmann explains it best here:
https://www.youtube.com/watch?v=iO0kjMeN6gw
[ link to this | view in chronology ]
Re: Re:
So in other words. Keep your receipt in the event a hacker uses this Bluetooth method to make your tools stop working. Bring them back to Home Depot and demand a new set because the changes they made to the tools made it stop working.
[ link to this | view in chronology ]
In totally-unrelated news: Empty Cash Register Heist: Unknown miscreants abscond with all the cash registers from a Chicago-area Home Depot store. Home Depot executives downplay incident. "No money was in the registers, so we assume it was kids wanting to play store," said the CFO.
[ link to this | view in chronology ]
I'd expect the simplest fix to this is to buy your tools from a vendor that does not sabotage them.
[ link to this | view in chronology ]
Re:
Which is exactly what I will do, thanks to Techdirt giving advanced notice such is happening.
Since they've thought of this for power tools, how long before the other things they sell such as washing machines, driers, dish washers, and other items follow?
Thank you but no thank you, Home Depot has just lost a customer as I don't want to be the early adopter for buying useless tools and equipment down the road. I don't buy for a one time use. When I buy I expect the tool to work, when I want it too, anytime, no matter if internet is available or not, no matter where. They've just shown me such can be halted to prevent that use.
Like the ransomware, how long before hackers are putting your tools at jeopardy. Surely you don't think they've put any kind of security protection in these tools to prevent that.
[ link to this | view in chronology ]
Expectations,...
and for their next act,...
"we must protect the Children from abuse! and oh no! even stop Human trafficking!! with even more DRM on our all of Tools; including the Screwdriver!!!!"
[ link to this | view in chronology ]
Expectations,...
and for their next act,...
"we must protect the Children from abuse! and oh no! even stop Human trafficking!! with even more DRM on all our Tools; including the Screwdriver!!!!"
[ link to this | view in chronology ]
Are we about to see jailbroken lawn mowers?
[ link to this | view in chronology ]
Re:
Thanks to John Deere that’s pretty much already a reality.
[ link to this | view in chronology ]
Licensing
Well, we told you we activated the device via bluetooth on "purchase," but what you really bought was only a 2 year time limited activation. How cute that you thought you bought something...
[ link to this | view in chronology ]
What does this do to the warranty?
If HD is opening the the tool to insert hardware that the manufacturer did not design, does this void the warranty? If the tool breaks is HD on the hook for repairing/replacing it because Dewalt refuses to service something that clearly was messed with?
[ link to this | view in chronology ]
How hard will this really be to bypass?
Also - since this is something that HD is just grafted on to a tool that 100% works without it, how hard will it be for someone to open the tool and remove what was added? It's not like this is highly integrated and removing it would require replacing some key component. And to my last question of what this does to your warranty, if it is a simple add on, it will be simple to remove. If the installation attempts to make it harder to remove it is highly likely that the installation will have some scaring effect on the original hardware - increasing the likelyhood that it will result in a voided warranty.
[ link to this | view in chronology ]
Re: How hard will this really be to bypass?
This is something that will be added during manufacture. At some point, the tool maker will make all the items locked by default, and only authorized distributors will be able to unlock - using a facility that they have to pay for.
[ link to this | view in chronology ]
Re: How hard will this really be to bypass?
Hard. potted complex IC drivers for brushless motors & Li battery tools are a thing now, a surface mount rudimentary CPU are common to maintain difficult charge-discharge curves and prevent fire. This is not your 1979 Makittia power drill. Just wrap the thing in your tin-foil hat.
[ link to this | view in chronology ]
As problematic as this is, I'll give them this much...
At least this DRM scheme is aimed at stopping actual theft!
[ link to this | view in chronology ]
Re: As problematic as this is, I'll give them this much...
"At least this DRM scheme is aimed at stopping actual theft!"
...or at ensuring the only people who can repair and maintain the issued tools are licensed repair shops. I spy, with my little eye, the John Deere lock-in.
[ link to this | view in chronology ]
stares
This is a hugely bad idea.
They can't even make sure to deactivate the anti-theft tags half the time, and now they have something magical that after its sat on a shelf for a year will still be waiting for a bluetooth signal to deactivate some magic dohickey permantly?
Cause I can see the lawsuits from people when they have to crack the thing open to replace a battery & then get it deactivated again so they can use the thing they made the mistake of purchasing from HD.
Are they ready for customers to demand the right to make sure the tool functions before leaving the counter?
Cause I gotta think if someone comes back even with a receipt with a device that didn't get deactivated they are gonna treat that customer like a thief rather than admit sometimes their checkers miss a step.
[ link to this | view in chronology ]
What could possibly go wrong?
[ link to this | view in chronology ]
Re: What could possibly go wrong?
Well, the headline seems wrong. The actual text describes tools that start out "bricked", and are "unbricked" when legitimately purchased. We have no information on whether this chip is capable of bricking a working product. I share your concern that it is. Indeed, it's an obvious avenue for ransomware. E.g., one employee on a jobsite accidentally gives the wrong app Bluetooth permission, and every tool within a few hundred meters shuts down till the foreman sends Bitcoin somewhere.
I feel like this is one of those things that needs to happen sooner rather than later. Like Windows in the 1990s, manufacturers will describe any "white hat" notifications as "purely theoretical", requiring a "sophisticated attacker", till regular people start feeling the pain. In the long term, we'll be better off if someone finds the flaws quickly and exploits them maliciously, thus killing the market for such tools before they become widespread.
[ link to this | view in chronology ]
This is monumentally stupid. Most thieves steal in order to resell their stolen goods. One will end up with people who unknowingly bought stolen goods with a bad brand reputation for not working.
[ link to this | view in chronology ]
Most devices do not benefit from being 'smart.' Home Depot should try an old fashioned locked glass display.
[ link to this | view in chronology ]
Re:
"the program isn't focused on individual shoplifting", which is all glass will help with (and by the way, HD already keep circuit breakers and certain other things in locked cages). We're probably talking about entire pallets of tools going missing from the backroom or enroute to the store. So, they're going to put these lock-chips in, and then give unlocking access to... every minimum-wage cashier working at Home Depot? Organized crime just has to become slightly more organized, either getting employees (more) involved or finding some shady hackers who can work around it. And I'll bet the legitimate unlocking system will occasionally go down, as debit/credit machines do, and nobody will know what the fuck to do.
[ link to this | view in chronology ]
Re: Re:
And there will be nothing the individual store can do since literally everything is controlled by the geniuses at head office.
Did you hear the one where a store in Ontario had all the heaters turned on full power because the internal temperature was down to 24? This was in July.
Even the power and gas feeds were remotely locked out so nothing could be shut down without calling the utilities.
[ link to this | view in chronology ]
Re: Re: Re:
Nah that asshole checking receipts at the door will handle everything.
[ link to this | view in chronology ]
Hey, relax guys, chill out for a moment, will ya....
HD certainly cannot do this on its own, the logistics would be horrendous. And hiring people to staff yet another stage in the delivery system would also drive up the final retail cost of the tool such that they'd never sell it in the first place.
Instead, HD has the clout (as noted above) to make a deal with most manufacturers - "Build us a tool that we can control at the checkout register, and price it so we can compete with other box stores, and we're all golden". Won't happen, at least not without hidden costs. The first such cost would be that the tool in question would have to be inferior in some way, in order maintain a final MSRP that competes with other box stores.
For starters, HD is asking for yet another SKU from the manufacturer. They'll do it, no problem. But now comes the rub.... Let's say a store offers a DeWalt tool for a "special sale" price of MSRP - 10%. Home depot says they'll match any other offer for the "same" tool. I'm sure you can guess what happens next, yes? HD doesn't have the exact same tool, the SKU numbers are different. Hence the offer is worthless, and HD's reputation is self-harmed, albeit in a small way. And as you may have guessed, the same plot device also works in the other direction. Phooey on that. Any good Marketing 101 professor can illustrate how often that idea fails.
Now, let's get down to the nitty gritty. Do you suppose that Amazon, or any other online retailer, is going to offer these pre-sabotaged tools? They can't, they don't have a check out counter to defuse the doo-hickey. Nor are they going to pay the extra nut for the added doo-hickey, either. Hence, HD is just itching to shoot itself in the foot. Once Lowes or Menards sees that Amazon's sales of the "unprotected versions of theft-proof" tools are going through the roof, do you suppose for a moment that they'll jump onboard with HD? I don't think so.
tl;dr:
HD is doing this for their benefit, not for the customer's benefit. Such ideas rarely pan out in the market place. Almighty few customers will be fooled by taglines like: "We're doing this to protect you from [fill in the blank here]".
Disclaimer: I have personally bought 4 of my last 6 DeWalt power tools from Amazon. They actually offer a better extended warranty for less money than Lowes or HD. I am not a professional that uses them on a daily basis, so I can afford to go without for a few days, if need be.
[ link to this | view in chronology ]
Re:
The irony is that (fear of) shoddy counterfeit products (as opposed to mere unlicensed made in the exact same way by the people they outsourced too) are what got people into brick and mortar stores for high end purchases.
[ link to this | view in chronology ]
I'm sure this was designed securely
So how long until the activation/deactivation protocols are reverse engineered or leaked?
How long until some miscreants can drive along near a work site and with a high gain antenna just lock down half of the power tools on the site?
How long before you can just side-load a shady (and probably malware laden) Android app that sends the bluetooth unlock message?
This is just yet another bad for real buyers and irrelevant for criminals system.
[ link to this | view in chronology ]
'Annnd they broke it.'
The company tells Business Insider the program isn't focused on individual shoplifting, but wholesale efforts by organized crime to steal power tools in bulk.
Otherwise known as the people most likely to have the resources and manpower to find a way to disable or bypass the DRM, meaning once against the only people who will be screwed by DRM will be the paying customers.
[ link to this | view in chronology ]
Re: 'Annnd they broke it.'
I thought I'd also seen that bit about "wholesale theft", but couldn't find it again. My points above stand, but in this particular detail, why in the world would they need to "unlock" at the checkout register, instead of doing it at the Incoming/Receiving dock?? The glass door cabinet (or perhaps steel mesh door) would work just about 100% of time against an individual in-store theft, I should think.
And this "unlock" action should be a single-use affair.... once the signal has been received to unlock, an internal fuse burns through and kills all possible power to the circuit, thus preventing any further signals from be obeyed.
[ link to this | view in chronology ]
Milwaukee already had this
Some Milwaukee tools have "OneKey", which allows a person to disable "their" tool if it's stolen. I've found no information on whether it's possible for a legitimate owner to disable this remote-bricking feature, or what prevents any passerby from pairing with an unpaired tool (there's no mention of any physical interaction with the tool being required; if I don't want to download the app, or can't, would I be leaving myself open to such an attack?).
People don't seem to get it. I searched for information online and found a forum post asking a similar question, to which the general response was "fuck off, thief". As if it's impossible for anything to go wrong—that this one company, not in the software business, is going to be the only one ever to implement an IoT project without making any security blunders. Of course, I haven't found any security-related details or protocol reverse-engineering.
[ link to this | view in chronology ]
And we has just gotten used to not using the nickname...
dusting off the Home Despot title
[ link to this | view in chronology ]
I'm Kinda Stealing This Take
I can't stand it, I know you planned it
I'm gonna set it straight, this Watergate
I can't stand rocking when I'm in here
'Cause your crystal ball ain't so crystal clear
So while you sit back and wonder why
I got this fucking thorn in my side
Oh my God, it's a mirage
I'm tellin' y'all, it's a sabotage
[ link to this | view in chronology ]
Selling DRM-broken power tools to tool-users…
…who ALREADY have a screwdriver
and know how to use it…
[Nope. Couldn't possibly go wrong. ; ]
[ link to this | view in chronology ]
Isn't this for contractors? They're the ones that have pallets and crates of tools jacked from job sites.
[ link to this | view in chronology ]
Re:
No
[ link to this | view in chronology ]
Honor among theives
"Bernie Marcus and Arthur Blank dreamed up "The Home Depot" from a coffee shop in Los Angeles in 1978." B.S. In the mid-1970's, contractors had 90 days to stiff the custom lumber mill, plumbing supply, elect. supply, whatever. Two guys rented a warehouse on Owensmouth in Canoga Park, filled it with building supplies and re-sold it, planning to split. Sadly, they made a killing and got more credit, did it again, and than took off to Atlanta. The rest is History.
[ link to this | view in chronology ]
Re: Honor among theives
You should write this up and sell it to Netflix. Also, is his name actually Arthur Blank, or are his family from Indonesia where its customary for some to only have a first name? (i had a college class with a guy from there who's last name was the letter M because he had no lost name and his student visa required one...so he picked a letter in the middle of the alphabet...
[ link to this | view in chronology ]
Re: Re: Honor among theives
All rumor, me and a friend crawled under houses or built wood decks in Topanga, Santa Monica, West Valley, Long Beach..... fixing homes for four decades. But he got all the "action". When HD opened a store on Slauson & Western, they were years controlling "shrinkage", my neighbor offered me anything in the store for a hundred dollars.
P.S.
Topanga: built on broken rocks.
Santa Monica: your butt in sand.
Big difference. https://corporate.homedepot.com/about/history
[ link to this | view in chronology ]
Not really new tech
Milwaukee tools have been bluetooth enabled since 2015, letting the owner disable the device if it goes walkabout via a phone app. It doesn't brick it, just disables it until the registered owner turns it back on again.
You can also track the location.
Home Depot didn't put the chip in, Milwaukee did - years ago. The system is called ONE-KEY. Home Depot are just hooking into their system and the point of sale ownership is transferred to the buyer. Home Depot no longer has control.
Same situation with Dewalt except theirs is called Tool Connect which again is years old.
[ link to this | view in chronology ]
Here's a question... what do they expect to do about the tools people order from their website and shipped to their home? Bluetooth isn't gonna stop porch pirates, and it imposes a problem for online shopping that wasn't there before given the problems with normal anti-theft tags...
[ link to this | view in chronology ]
There are few things to say.
a 4 digit code to Talk to the device and insert a Code?
Someone at the store is going to NEED those codes or embed them into the computer to send AT the time of sale.
The BT device inside will need to be self powered, or you have to turn it on to make it work(understand?)
Then there is the failsafe. When there is no power available. the product will JUST WORK.
Because without that ability, the internal battery will Fail and the device will STOP working. Unless that code is also Inside the box and someone knows HOW to read the Instructions, if it fails. Then we get to the idea that the Code is written on the UPC code, as needed to release the device for USE.
There are to many ways for this to fail, and the odds are IT WILL.
If the BT security is On, and the code turns it Off(as there is no need for it) this sucks, as the consumer cant use the code to secure his devices. This also means all we have to do is open the device and remove the BT security(which would be making it Fail/Off) and it world work.
BEST SECURITY?? DROP THE PRICE, CUT YOUR COSTS FOR SECURITY, AND LOOSE A LITTLE PROFIT MARGIN TO MAKE IT NOT WORTH STEALING IN BULK.
[ link to this | view in chronology ]