Slashdot Mirror
Popular Wi-Fi Thermostat Full of Security Holes
Threatpost reports:
Heatmiser, a U.K.-based manufacturer of digital thermostats, is contacting its customers today about a series of security issues that could expose a Wi-Fi-connected version of its product to takeover. Andrew Tierney, a "reverse-engineer by night," whose specialty is digging up bugs in embedded systems wrote on his blog, that he initially read about vulnerabilities in another one of the company's products, NetMonitor, and decided to poke around its product line further. This led him to discover a slew of issues in the company's Wi-Fi-enabled thermostats running firmware version 1.2. The issues range from simple security missteps to critical oversights.For example, when users go to connect the thermostat via a Windows utility, it uses default web credentials and PINs. ...Elsewhere, the thermostat leaks Wi-Fi credentials, like its password, username, Service Set Identifier (SSID) and so on, when its logged in.
Related: O'Reilly Radar has an interesting conversation about what companies will vie for control of the internet-of-things ecosystem.
Seriously! How long would one have to be away and kicking himself that he forgot to change the thermostat setting before having one of these new fangled ones would pay for itself?
Looking at the spiel from Nest, these products pay for themselves through regular use, not through exceptions:
Auto-Schedule makes it easy to create an energy efficient schedule that can help you save up to 20% on your heating and cooling bills. All the Nest Thermostat's features combined can get you even bigger savings
More: https://nest.com/thermostat/sa...
Some dude, who may very well be paid by Nest, tweeted this:
After a year using my @Nest thermostat, I've saved $326.74 / 2,651 kWh over the previous year.
Linky: https://twitter.com/MattClippe...
Not saying that all of the above is true, but at least it seems that they'd consider your premise incorrect.