Home Depot Tech Will Brick Power Tools If They're Stolen. What Could Possibly Go Wrong?

from the what-could-possibly-go-wrong dept

We’ve noted more times than I can count how in the modern era, you no longer really own the things you buy. Thanks to internet connectivity, hardware you own can be bricked or downgraded to the point where you lose essential features. Or, just as often, obnoxious DRM means you have to jump through all kinds of bizarre hoops to actually use the thing you thought you owned, whether that’s Keurig using DRM to prevent you from using competing coffee pods, to printer manufacturers using DRM to keep you from buying cheaper cartridges.

Now Home Depot is experimenting further with DRM at the point of sale. The company has started embedding chips in many of the major tool brands it sells (DeWalt, Milwaukee). And unless the tool is enabled by a Bluetooth-based system at the register, it simply won’t work when you take it home:

“Home Depot says their new anti-theft strategy is now being used in several stores nationwide to combat the thefts of their most popular power tools. A chip is inserted into power tools of major brands like DeWalt and Milwaukee brand tools, similar to how gift cards need to be scanned and paid for at a store to activate. Once the tools are paid for, the store will use Bluetooth technology to activate the tool.”

Yes, what could possibly go wrong. What if the system is buggy and doesn’t work? What if you then try to contact a manufacturer or retailer that no longer exists or supports the device and systems in question? Too bad.

The company tells Business Insider the program isn’t focused on individual shoplifting, but wholesale efforts by organized crime to steal power tools in bulk. But given the sophistication of organized crime, and the overall vulnerability of Bluetooth tech, the risk here is not insubstantial that criminals find a way to circumnavigate this technology rendering it useless:

Then you’re simply left with an additional layer of cumbersome technical restrictions that potentially risk making tool purchase and ownership more of a hassle. People act as if they’d never read Cory Doctorow.

Filed Under: , , , ,
Companies: dewalt, home depot, milwaukee

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Home Depot Tech Will Brick Power Tools If They're Stolen. What Could Possibly Go Wrong?”

Subscribe: RSS Leave a comment
47 Comments
Kobysays:

Next Dystopian Evolution

When the DRM crackers emerge victorious, the tool makers will then demand an "always connected" device. Learning from the tech sector, they can can create an internet of things system for power tools, and force owners to create an account and register their devices. After the inevitable data leak, power tool makers can enter the final phase, modeled after the printer ink industry, and switch over to a subscription model.

Anonymoussays:

Re: Re:

opening the tool it’s actually legal, even mods are legal and tieing the warranty on not opening a case seal is the illegal thing.

it’s actually illegal under the Magnuson?Moss Warranty Act to deny warranty because a tool has been opened or had parts replaced that are not related to the fault.

Just the fact that manufacturers and shops are getting away with it doesn’t mean it’s legal.

Louis Rossmann explains it best here:
https://www.youtube.com/watch?v=iO0kjMeN6gw

Anonymoussays:

Re: Re:

Which is exactly what I will do, thanks to Techdirt giving advanced notice such is happening.

Since they’ve thought of this for power tools, how long before the other things they sell such as washing machines, driers, dish washers, and other items follow?

Thank you but no thank you, Home Depot has just lost a customer as I don’t want to be the early adopter for buying useless tools and equipment down the road. I don’t buy for a one time use. When I buy I expect the tool to work, when I want it too, anytime, no matter if internet is available or not, no matter where. They’ve just shown me such can be halted to prevent that use.

Like the ransomware, how long before hackers are putting your tools at jeopardy. Surely you don’t think they’ve put any kind of security protection in these tools to prevent that.

Javiersays:

How hard will this really be to bypass?

Also – since this is something that HD is just grafted on to a tool that 100% works without it, how hard will it be for someone to open the tool and remove what was added? It’s not like this is highly integrated and removing it would require replacing some key component. And to my last question of what this does to your warranty, if it is a simple add on, it will be simple to remove. If the installation attempts to make it harder to remove it is highly likely that the installation will have some scaring effect on the original hardware – increasing the likelyhood that it will result in a voided warranty.

OGquakersays:

Re: Re: How hard will this really be to bypass?

Hard. potted complex IC drivers for brushless motors & Li battery tools are a thing now, a surface mount rudimentary CPU are common to maintain difficult charge-discharge curves and prevent fire. This is not your 1979 Makittia power drill. Just wrap the thing in your tin-foil hat.

That Anonymous Cowardsays:

stares

This is a hugely bad idea.
They can’t even make sure to deactivate the anti-theft tags half the time, and now they have something magical that after its sat on a shelf for a year will still be waiting for a bluetooth signal to deactivate some magic dohickey permantly?
Cause I can see the lawsuits from people when they have to crack the thing open to replace a battery & then get it deactivated again so they can use the thing they made the mistake of purchasing from HD.
Are they ready for customers to demand the right to make sure the tool functions before leaving the counter?
Cause I gotta think if someone comes back even with a receipt with a device that didn’t get deactivated they are gonna treat that customer like a thief rather than admit sometimes their checkers miss a step.

Anonymoussays:

Re: Re: What could possibly go wrong?

Well, the headline seems wrong. The actual text describes tools that start out "bricked", and are "unbricked" when legitimately purchased. We have no information on whether this chip is capable of bricking a working product. I share your concern that it is. Indeed, it’s an obvious avenue for ransomware. E.g., one employee on a jobsite accidentally gives the wrong app Bluetooth permission, and every tool within a few hundred meters shuts down till the foreman sends Bitcoin somewhere.

I feel like this is one of those things that needs to happen sooner rather than later. Like Windows in the 1990s, manufacturers will describe any "white hat" notifications as "purely theoretical", requiring a "sophisticated attacker", till regular people start feeling the pain. In the long term, we’ll be better off if someone finds the flaws quickly and exploits them maliciously, thus killing the market for such tools before they become widespread.

Anonymoussays:

Re: Re:

"the program isn’t focused on individual shoplifting", which is all glass will help with (and by the way, HD already keep circuit breakers and certain other things in locked cages). We’re probably talking about entire pallets of tools going missing from the backroom or enroute to the store. So, they’re going to put these lock-chips in, and then give unlocking access to… every minimum-wage cashier working at Home Depot? Organized crime just has to become slightly more organized, either getting employees (more) involved or finding some shady hackers who can work around it. And I’ll bet the legitimate unlocking system will occasionally go down, as debit/credit machines do, and nobody will know what the fuck to do.

Annonymousesays:

Re: Re: Re: Re:

And there will be nothing the individual store can do since literally everything is controlled by the geniuses at head office.

Did you hear the one where a store in Ontario had all the heaters turned on full power because the internal temperature was down to 24? This was in July.
Even the power and gas feeds were remotely locked out so nothing could be shut down without calling the utilities.

sumgaisays:

Hey, relax guys, chill out for a moment, will ya….

HD certainly cannot do this on its own, the logistics would be horrendous. And hiring people to staff yet another stage in the delivery system would also drive up the final retail cost of the tool such that they’d never sell it in the first place.

Instead, HD has the clout (as noted above) to make a deal with most manufacturers – "Build us a tool that we can control at the checkout register, and price it so we can compete with other box stores, and we’re all golden". Won’t happen, at least not without hidden costs. The first such cost would be that the tool in question would have to be inferior in some way, in order maintain a final MSRP that competes with other box stores.

For starters, HD is asking for yet another SKU from the manufacturer. They’ll do it, no problem. But now comes the rub…. Let’s say a store offers a DeWalt tool for a "special sale" price of MSRP – 10%. Home depot says they’ll match any other offer for the "same" tool. I’m sure you can guess what happens next, yes? HD doesn’t have the exact same tool, the SKU numbers are different. Hence the offer is worthless, and HD’s reputation is self-harmed, albeit in a small way. And as you may have guessed, the same plot device also works in the other direction. Phooey on that. Any good Marketing 101 professor can illustrate how often that idea fails.

Now, let’s get down to the nitty gritty. Do you suppose that Amazon, or any other online retailer, is going to offer these pre-sabotaged tools? They can’t, they don’t have a check out counter to defuse the doo-hickey. Nor are they going to pay the extra nut for the added doo-hickey, either. Hence, HD is just itching to shoot itself in the foot. Once Lowes or Menards sees that Amazon’s sales of the "unprotected versions of theft-proof" tools are going through the roof, do you suppose for a moment that they’ll jump onboard with HD? I don’t think so.

tl;dr:
HD is doing this for their benefit, not for the customer’s benefit. Such ideas rarely pan out in the market place. Almighty few customers will be fooled by taglines like: "We’re doing this to protect you from [fill in the blank here]".

Disclaimer: I have personally bought 4 of my last 6 DeWalt power tools from Amazon. They actually offer a better extended warranty for less money than Lowes or HD. I am not a professional that uses them on a daily basis, so I can afford to go without for a few days, if need be.

Ven'Tatsusays:

I'm sure this was designed securely

So how long until the activation/deactivation protocols are reverse engineered or leaked?
How long until some miscreants can drive along near a work site and with a high gain antenna just lock down half of the power tools on the site?
How long before you can just side-load a shady (and probably malware laden) Android app that sends the bluetooth unlock message?

This is just yet another bad for real buyers and irrelevant for criminals system.

That One Guysays:

'Annnd they broke it.'

The company tells Business Insider the program isn’t focused on individual shoplifting, but wholesale efforts by organized crime to steal power tools in bulk.

Otherwise known as the people most likely to have the resources and manpower to find a way to disable or bypass the DRM, meaning once against the only people who will be screwed by DRM will be the paying customers.

sumgaisays:

Re: Re: 'Annnd they broke it.'

I thought I’d also seen that bit about "wholesale theft", but couldn’t find it again. My points above stand, but in this particular detail, why in the world would they need to "unlock" at the checkout register, instead of doing it at the Incoming/Receiving dock?? The glass door cabinet (or perhaps steel mesh door) would work just about 100% of time against an individual in-store theft, I should think.

And this "unlock" action should be a single-use affair…. once the signal has been received to unlock, an internal fuse burns through and kills all possible power to the circuit, thus preventing any further signals from be obeyed.

Anonymoussays:

Milwaukee already had this

Some Milwaukee tools have "OneKey", which allows a person to disable "their" tool if it’s stolen. I’ve found no information on whether it’s possible for a legitimate owner to disable this remote-bricking feature, or what prevents any passerby from pairing with an unpaired tool (there’s no mention of any physical interaction with the tool being required; if I don’t want to download the app, or can’t, would I be leaving myself open to such an attack?).

People don’t seem to get it. I searched for information online and found a forum post asking a similar question, to which the general response was "fuck off, thief". As if it’s impossible for anything to go wrong?that this one company, not in the software business, is going to be the only one ever to implement an IoT project without making any security blunders. Of course, I haven’t found any security-related details or protocol reverse-engineering.

Derek Kertonsays:

I'm Kinda Stealing This Take

I can’t stand it, I know you planned it
I’m gonna set it straight, this Watergate
I can’t stand rocking when I’m in here
‘Cause your crystal ball ain’t so crystal clear
So while you sit back and wonder why
I got this fucking thorn in my side
Oh my God, it’s a mirage
I’m tellin’ y’all, it’s a sabotage

OGquakersays:

Honor among theives

"Bernie Marcus and Arthur Blank dreamed up "The Home Depot" from a coffee shop in Los Angeles in 1978." B.S. In the mid-1970’s, contractors had 90 days to stiff the custom lumber mill, plumbing supply, elect. supply, whatever. Two guys rented a warehouse on Owensmouth in Canoga Park, filled it with building supplies and re-sold it, planning to split. Sadly, they made a killing and got more credit, did it again, and than took off to Atlanta. The rest is History.

anonsays:

Re: Re: Honor among theives

You should write this up and sell it to Netflix. Also, is his name actually Arthur Blank, or are his family from Indonesia where its customary for some to only have a first name? (i had a college class with a guy from there who’s last name was the letter M because he had no lost name and his student visa required one…so he picked a letter in the middle of the alphabet…

OGquakersays:

Re: Re: Re: Re: Honor among theives

All rumor, me and a friend crawled under houses or built wood decks in Topanga, Santa Monica, West Valley, Long Beach….. fixing homes for four decades. But he got all the "action". When HD opened a store on Slauson & Western, they were years controlling "shrinkage", my neighbor offered me anything in the store for a hundred dollars.
P.S.
Topanga: built on broken rocks.
Santa Monica: your butt in sand.
Big difference. https://corporate.homedepot.com/about/history

wereisjessicahydesays:

Not really new tech

Milwaukee tools have been bluetooth enabled since 2015, letting the owner disable the device if it goes walkabout via a phone app. It doesn’t brick it, just disables it until the registered owner turns it back on again.

You can also track the location.

Home Depot didn’t put the chip in, Milwaukee did – years ago. The system is called ONE-KEY. Home Depot are just hooking into their system and the point of sale ownership is transferred to the buyer. Home Depot no longer has control.

Same situation with Dewalt except theirs is called Tool Connect which again is years old.

ECAsays:

There are few things to say.

a 4 digit code to Talk to the device and insert a Code?
Someone at the store is going to NEED those codes or embed them into the computer to send AT the time of sale.
The BT device inside will need to be self powered, or you have to turn it on to make it work(understand?)
Then there is the failsafe. When there is no power available. the product will JUST WORK.
Because without that ability, the internal battery will Fail and the device will STOP working. Unless that code is also Inside the box and someone knows HOW to read the Instructions, if it fails. Then we get to the idea that the Code is written on the UPC code, as needed to release the device for USE.
There are to many ways for this to fail, and the odds are IT WILL.
If the BT security is On, and the code turns it Off(as there is no need for it) this sucks, as the consumer cant use the code to secure his devices. This also means all we have to do is open the device and remove the BT security(which would be making it Fail/Off) and it world work.

BEST SECURITY?? DROP THE PRICE, CUT YOUR COSTS FOR SECURITY, AND LOOSE A LITTLE PROFIT MARGIN TO MAKE IT NOT WORTH STEALING IN BULK.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter




Techdirt Deals
Report this ad??|??Hide Techdirt ads

The latest chatter on the Techdirt Insider Discord channel...

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it