Honeywell Home Controllers Open To Any Hacker Who Can Find Them Online

Trailrunner7 writes: Security issues continue to crop up within the so-called "smart home." A pair of vulnerabilities have been reported for the Tuxedo Touch controller made by Honeywell, a device that's designed to allow users to control home systems such as security, climate control, lighting, and others. The controller, of course, is accessible from the Internet. Researcher Maxim Rupp discovered that the vulnerabilities could allow an attacker to take arbitrary actions, including unlocking doors or modifying the climate controls in the house.

Why do you need this stuff on the internet at larg

At home, sure, using a tablet to access and program the temperatures on your AC is fine.

But that is your intranet, and securing that should be an obvious practice.

And I can barely guess why you would want your locks handled that way, though in terms of security, a mechanical key is hardly inherently better than a digital one.

Common problem across industry

As someone "in charge" (Systems Architect) of how many of our product lines are secured on the network (obviously not Honeywell), most people in the field would not believe how much time I waste explaining to people over and over and over again that I will not "simplify" the authentication protocols by getting rid of (strong security practices) just because we use SSL. Its an ongoing fight to keep things strong against a thousand little pushbacks from developers, product management, marketing, sales, and legal. Posting anon as its still in progress, comes up at least once a week.

Re:Why do you need this stuff on the internet at l

[bjwest]

No, but it adds an considerable element of security. If you disagree with me then feel free to attack my PC via the internet, it's IP address is 192.168.1.60

Hey! How dare you use my printer as your PC. No wonder it takes forever to process and print a PDF file.