New Thermostat
-
@DustinB3403 said in New Thermostat:
On a side thought, wasn't there a recent post on how unsecure these things are, how you could be ransom'd to pay Bitcoin to have the AC /Heat turn on or off?
Kind of hard to ransom someone when all they can do is lock you out of your settings. You either just reset it and program it again or replace it for $40 and turn the AC on. The ransom would be worth like nothing.
-
@scottalanmiller said in New Thermostat:
@DustinB3403 said in New Thermostat:
On a side thought, wasn't there a recent post on how unsecure these things are, how you could be ransom'd to pay Bitcoin to have the AC /Heat turn on or off?
Kind of hard to ransom someone when all they can do is lock you out of your settings. You either just reset it and program it again or replace it for $40 and turn the AC on. The ransom would be worth like nothing.
@scottalanmiller sure the ransomware is mostly worthless because the unit could just be reprogrammed. If you can get into it.
The posted article is from 2015 I believe, and uses root to access the device. Presumably they change the root password.
-
@DustinB3403 said in New Thermostat:
@BBigford said in New Thermostat:
@DustinB3403 said in New Thermostat:
I mean, if I had a smartstat and it was hacked, I'd just flip the breaker and go buy a new unit...
The units are cheaper than the Ransom.
I'd have to look into it, but if it's under warranty, you could probably send it in and they'd wipe it at no cost. That would fall under a gray area of "defective or not working as intended".
But if it's the dead of winter could you be without heat for however long it takes to get it returned? I suppose you could reinstall the original thermostat....
How long can that take? I could get to the store and back with a new thermostat, assuming I lost the current one, faster than I could set up a bitcoin account, I bet. And then I'd have protection against this in the future, which would obviously be needed. And in the meantime, I'd start a fire in the fireplace or whatever.
-
@DustinB3403 said in New Thermostat:
@scottalanmiller said in New Thermostat:
@DustinB3403 said in New Thermostat:
On a side thought, wasn't there a recent post on how unsecure these things are, how you could be ransom'd to pay Bitcoin to have the AC /Heat turn on or off?
Kind of hard to ransom someone when all they can do is lock you out of your settings. You either just reset it and program it again or replace it for $40 and turn the AC on. The ransom would be worth like nothing.
@scottalanmiller sure the ransomware is mostly worthless because the unit could just be reprogrammed. If you can get into it.
The posted article is from 2015 I believe, and uses root to access the device. Presumably they change the root password.
Factory reset button?
-
@dafyre said in New Thermostat:
@DustinB3403 said in New Thermostat:
@scottalanmiller said in New Thermostat:
@DustinB3403 said in New Thermostat:
On a side thought, wasn't there a recent post on how unsecure these things are, how you could be ransom'd to pay Bitcoin to have the AC /Heat turn on or off?
Kind of hard to ransom someone when all they can do is lock you out of your settings. You either just reset it and program it again or replace it for $40 and turn the AC on. The ransom would be worth like nothing.
@scottalanmiller sure the ransomware is mostly worthless because the unit could just be reprogrammed. If you can get into it.
The posted article is from 2015 I believe, and uses root to access the device. Presumably they change the root password.
Factory reset button?
That's what I was assuming. Everything has one of those.
-
@dafyre said in New Thermostat:
@DustinB3403 said in New Thermostat:
@scottalanmiller said in New Thermostat:
@DustinB3403 said in New Thermostat:
On a side thought, wasn't there a recent post on how unsecure these things are, how you could be ransom'd to pay Bitcoin to have the AC /Heat turn on or off?
Kind of hard to ransom someone when all they can do is lock you out of your settings. You either just reset it and program it again or replace it for $40 and turn the AC on. The ransom would be worth like nothing.
@scottalanmiller sure the ransomware is mostly worthless because the unit could just be reprogrammed. If you can get into it.
The posted article is from 2015 I believe, and uses root to access the device. Presumably they change the root password.
Factory reset button?
Is that an option on these, I would think it would be, but I honestly haven't the slightest idea if these are so easily reset.
-
@scottalanmiller said in New Thermostat:
@DustinB3403 said in New Thermostat:
@BBigford said in New Thermostat:
@DustinB3403 said in New Thermostat:
I mean, if I had a smartstat and it was hacked, I'd just flip the breaker and go buy a new unit...
The units are cheaper than the Ransom.
I'd have to look into it, but if it's under warranty, you could probably send it in and they'd wipe it at no cost. That would fall under a gray area of "defective or not working as intended".
But if it's the dead of winter could you be without heat for however long it takes to get it returned? I suppose you could reinstall the original thermostat....
How long can that take? I could get to the store and back with a new thermostat, assuming I lost the current one, faster than I could set up a bitcoin account, I bet. And then I'd have protection against this in the future, which would obviously be needed. And in the meantime, I'd start a fire in the fireplace or whatever.
Far point... a fireplace could help in the winter (if it's safe to use or you have one etc)
-
@scottalanmiller said in New Thermostat:
@dafyre said in New Thermostat:
@DustinB3403 said in New Thermostat:
@scottalanmiller said in New Thermostat:
@DustinB3403 said in New Thermostat:
On a side thought, wasn't there a recent post on how unsecure these things are, how you could be ransom'd to pay Bitcoin to have the AC /Heat turn on or off?
Kind of hard to ransom someone when all they can do is lock you out of your settings. You either just reset it and program it again or replace it for $40 and turn the AC on. The ransom would be worth like nothing.
@scottalanmiller sure the ransomware is mostly worthless because the unit could just be reprogrammed. If you can get into it.
The posted article is from 2015 I believe, and uses root to access the device. Presumably they change the root password.
Factory reset button?
That's what I was assuming. Everything has one of those.
As far as the Nest goes (haven't looked into doing that with an EcoBee), I can reboot my Nest by holding down the face/ring for 10 seconds and letting it cycle. You could hook it up via USB and install factory firmware. But it's so simple, there's have to be a click sequence on boot up, who knows if Nest has released that.
Also saw this guy doing something of the sort. https://www.youtube.com/watch?v=hdPV7DNarG8
-
Could make this a cool project, and it is likely cheaper by a bit, but it would be a pain to have to support it.
http://www.stuff.tv/features/how-build-homemade-nest-thermostat
-
-
@scottalanmiller said in New Thermostat:
Could make this a cool project, and it is likely cheaper by a bit, but it would be a pain to have to support it.
http://www.stuff.tv/features/how-build-homemade-nest-thermostat
Yeah that seems painful, cool but painful.
-
Yeah, if someone had a sweet interface and sensor kit ready to go, building your own might not be too bad. But everyone seems to have old, non-uniform weirdness that works but isn't what you'd be looking for.
-
@scottalanmiller said in New Thermostat:
So I have a digital thermostat currently but it is awful and needs to be replaced. It doesn't work like it should and the interface is garbage. So am thinking about what I could replace it with. Came across this one and it looks really interesting...
https://www.smarthome.com/ecobee-eb-state3-01ecobee3-smart-wi-fi-thermostat.html
I really like that it is Alexa enabled, because we use the Amazon Echo extensively and would like to use it more. We have the Echo and Tap currently and plan to put a Dot in the main part of the house with the big sound system.
Alexa enabled you say?
-
@Nic said in New Thermostat:
@scottalanmiller said in New Thermostat:
So I have a digital thermostat currently but it is awful and needs to be replaced. It doesn't work like it should and the interface is garbage. So am thinking about what I could replace it with. Came across this one and it looks really interesting...
https://www.smarthome.com/ecobee-eb-state3-01ecobee3-smart-wi-fi-thermostat.html
I really like that it is Alexa enabled, because we use the Amazon Echo extensively and would like to use it more. We have the Echo and Tap currently and plan to put a Dot in the main part of the house with the big sound system.
Alexa enabled you say?
Yup, I love that feature option. Big deal for us.
-
@scottalanmiller said in New Thermostat:
@Nic said in New Thermostat:
@scottalanmiller said in New Thermostat:
So I have a digital thermostat currently but it is awful and needs to be replaced. It doesn't work like it should and the interface is garbage. So am thinking about what I could replace it with. Came across this one and it looks really interesting...
https://www.smarthome.com/ecobee-eb-state3-01ecobee3-smart-wi-fi-thermostat.html
I really like that it is Alexa enabled, because we use the Amazon Echo extensively and would like to use it more. We have the Echo and Tap currently and plan to put a Dot in the main part of the house with the big sound system.
Alexa enabled you say?
Yup, I love that feature option. Big deal for us.
Yeah I have an Alexa now so that's appealing to be able to tell it to change the temp.s
-
If it checks into a central server that isn't controlled by you, today that's just a bad idea. Most of those protocols have been shown to have little to no real security.
-
@Dashrender said in New Thermostat:
If it checks into a central server that isn't controlled by you, today that's just a bad idea. Most of those protocols have been shown to have little to no real security.
Yeah that's the only downside. Webroot is trying to build a security framework that vendors can use since they mostly don't think about it until it's too late: https://www.webroot.com/us/en/business/iot
-
@Dashrender said in New Thermostat:
If it checks into a central server that isn't controlled by you, today that's just a bad idea. Most of those protocols have been shown to have little to no real security.
That can't be a generic statement. That is purely case by case.
-
@Nic said in New Thermostat:
@Dashrender said in New Thermostat:
If it checks into a central server that isn't controlled by you, today that's just a bad idea. Most of those protocols have been shown to have little to no real security.
Yeah that's the only downside. Webroot is trying to build a security framework that vendors can use since they mostly don't think about it until it's too late: https://www.webroot.com/us/en/business/iot
here's hoping that takes off!
I hope webroot also realizes that it needs to be free if it's going to be accepted.
Steve Gibson is making a new authentication mechanism - he knows the only way it will be largely accepted is if it's free, so he's open sourcing the project.
-
@Dashrender said in New Thermostat:
@Nic said in New Thermostat:
@Dashrender said in New Thermostat:
If it checks into a central server that isn't controlled by you, today that's just a bad idea. Most of those protocols have been shown to have little to no real security.
Yeah that's the only downside. Webroot is trying to build a security framework that vendors can use since they mostly don't think about it until it's too late: https://www.webroot.com/us/en/business/iot
here's hoping that takes off!
I hope webroot also realizes that it needs to be free if it's going to be accepted.
Steve Gibson is making a new authentication mechanism - he knows the only way it will be largely accepted is if it's free, so he's open sourcing the project.
Well we do have to make some money. Plus hosting all the stuff on AWS and supporting the API calls costs us money, so if it were a free service then we'd be losing money on the deal But it's certainly something we want to make affordable enough for vendors to use so that it will be widely adopted.