Updated Pity the poor users of Logitech's Harmony smart home system: last year they were told the manufacturer was going to brick its Link hub and forced them to buy the latest version. This year, just in time for Christmas, it has effectively bricked that new hub for anyone using it to connect to other devices.
"Logitech recently released a firmware update for Harmony hub-based remotes that addressed some security vulnerabilities brought to our attention by a third-party cyber security firm," the biz explained on Tuesday, a day after its customers took to its forums to complain. "Logitech takes our customers’ security seriously, and we work diligently to fix these kinds of issues as they’re discovered."
Belying its product's name, the gadget maker decided those issues with the "Harmony" would be best resolved by simply killing off its external software interfaces (aka its APIs) – something that countless customers have used to implement their own home automation systems.
Punters were using those XMPP-based APIs to control their smart home equipment from their Harmony hubs. And now those interfaces have been switched off, in the security update, leaving said gear disconnected from and locked out of people's hubs.
But this is Logitech, and it's their way or the highway. "We are aware that some customers using undocumented Harmony APIs for local home control were affected as a side-effect of our closing these vulnerabilities," the biz said in its response. "These private local control APIs were never supported Harmony features. While it is unfortunate that customers using these unsupported features are affected by this fix, the overall security of our products and all of our customers is our priority."
Or, in other words, screw you.
Which is the second shit sandwich that Harmony users have been forced to eat in a year. Back in October 2017, the company claimed that an expiring SSL certificate meant that everyone would have to buy the latest version of its hub before March 2018, after which the Link would simply die.
It even generously offered a 35 per cent discount for the new Hub. But users were singularly unimpressed, and after an almighty brouhaha, in which the company censored its forums to block any post with the words "class action lawsuit," it offered to replace people's existing Links for free.
Many of those users will no doubt now be kicking themselves that they didn't jump ship altogether because one year on, Logitech has again decided that what's best for it is best for its customers.
"They no longer care about any of thousands of enthusiasts, hackers, and home automation," one Reg reader opined in an email to your humble vulture, sharing links to complaints posted by folks who "have relied on that API to make the Harmony Hub actually 'useful'."
Online outrage makes Logitech drop a brick: Now it will replace slain Harmony Link gizmosREAD MORE
Rather than embrace its users' ingenuity, and recognize it as unmet demand, it seems Logitech has gone for the "we know best" approach that so enamored customers last time around.
As to what they are doing about it: some punters are sharing workarounds online, including how to rollback to earlier software versions and an effort to write some code that will bypass Logitech local API clampdown. Some have hacked their devices to simply cut it off from Logitech HQ.
But frustration is high. "If Logitech doesn’t make this right, I will never buy another Logitech product and will actively work against anyone buying their products," noted one angry netizen.
So far at least Logitech is standing its ground, with one senior product manager tweeting in response to criticism: "Currently, we do not plan to add support for local control."
Based on the number and passion of Logitech customers, and on previous back downs, that statement may not last long. In the meantime, if someone can't smell a business opportunity then this ain't America folks.
Harmony, we've heard of it. ®
Updated to add
Logitech has backed down.
Sponsored: Webcast: Simplify data protection on AWS