Popular Wi-Fi Thermostat Full of Security Holes

Threatpost reports: Heatmiser, a U.K.-based manufacturer of digital thermostats, is contacting its customers today about a series of security issues that could expose a Wi-Fi-connected version of its product to takeover. Andrew Tierney, a "reverse-engineer by night," whose specialty is digging up bugs in embedded systems wrote on his blog, that he initially read about vulnerabilities in another one of the company's products, NetMonitor, and decided to poke around its product line further. This led him to discover a slew of issues in the company's Wi-Fi-enabled thermostats running firmware version 1.2. The issues range from simple security missteps to critical oversights.For example, when users go to connect the thermostat via a Windows utility, it uses default web credentials and PINs. ...Elsewhere, the thermostat leaks Wi-Fi credentials, like its password, username, Service Set Identifier (SSID) and so on, when its logged in. Related: O'Reilly Radar has an interesting conversation about what companies will vie for control of the internet-of-things ecosystem.

Will this internet of things die already?

[Spy+Handler]

Nobody needs a home thermometer and refrigerator connected to the internet. Gadget makers and tech press have been trying to foist this shit on us for years and nobody wants it. Let it die already.

Re:Will this internet of things die already?

[AmiMoJo]

Hopefully people will exercise their legal rights to correct this kind of thing. For example, goods must be "fit for purpose" and of "reasonable quality". In other words, security must be reasonably effective.

Could be even more interesting if you paid to have it installed.

Re:Will this internet of things die already?

[DarkOx]

Which is completely meaningless. My energy bills can easily vary that much over a year depending weather conditions; without me doing anything around my own behavior. $300 in the typical ~2500 ft suburban home over a the course of an entire year is indistinguishable from noise.