Nest Smart Thermostat Can Be Hacked to Spy on Owners

[Guest]

Nest smart thermostats can be easily hacked to form botnets or spy on owners, researchers showed at the BlackHat security conference.

Nest Smart Thermostat Can Be Hacked to Spy on Owners : Read more

 

[hotwire_downunder]

If an intruder's able to physically get to your thermostat, then you've got more pressing security issues than a hacked thermostat

 

[DalaiLame]

Will get worse once Google's influence fully permeates the company.

 

[bluestar2k11]

Why would my thermostat need to know my zip code? Or even internet access??
The only thing my thermostat needs to ever know is the temperature I set it too, and the temperature inside the house. And the only thing it ever needs to do is activate the heater or AC systems when the temperature goes below/above the setting I gave it.

 

[Yoshimitsu Fujimoto]

More pressing is if they can get into your home and install cameras and microphones they can watch you,..../scarier lol

 

[Christopher1]

First off, this needs physical access. Common knowledge goes "If someone has physical access to a device and you are not watching what they are doing every second, assume it is compromised!"

 

[razor512]

So far not an issue. when it gets hacked from the WAN, then it becomes a major issue, kinda like with the belkin wemo.

 

[palladin9479]

Yeah this is mostly just FUD. The old adage is "there is no network security without physical security". If someone can get to your thermostat without you seeing them, then they can get to your PC, wifi devices and do anything they want. They can hide in your closet and stab you with a knife or shoot you. Worrying about being spied on suddenly becomes much less of an issue then being stabbed or shot.

 

[TheDraac]

Oh yeah, as for the cameras and microphones, you must have heard about the baby monitor issues.

 

[TheDraac]

Did you people miss the point of someone buying these devices in bulk, infecting them and then reselling them??? I know I am guilty of buying items online "from the lowest price" seller. Just because the web site "looks" professional doesn't mean it's not just one guy at home selling stuff on the internet.

As for needing to know your zip code, I think you need to read what the Nest is capable of and trys to do to save the homeowner money on their energy costs.

 

[Skylarz]

Lmao this is like going into your house and sticking an infected usb drive into your pc

 

[paesan]

When I read comments about needing physical access to the thermostat by getting inside the person's home, I wonder how many people actually read this article. Did they miss the section where it says, "Buentello said an attacker could buy Nest devices in bulk, quickly infect them with malware and then resell them to customers who would be completely unaware of the malicious device residing in their own homes".

 

[electricfirebolt]

This could be done with all devices that feature storage, Removable Drives, Hard Drives, Phones etc then resold on.. I don't see what the big fuss is about... People just need to not buy from dodgy sellers and make sure that your house door is lock, wouldn't want a random stranger walking in and physically infecting your equipment.

 

[WyomingKnott]

More pressing is if they can get into your home and install cameras and microphones they can watch you,..../scarier lol

Err, that's the Kinect.

 

[srystore]

Seems like Google put this backdoor in for themselves and it was discovered

 

[RCguitarist]

"The more convenient or smart something is, the less secure it is" Exactly. If you are too lazy to do things yourself, then you must accept this risk.

As for those who are saying it's no big deal because someone would have to break into your home...who's to say that a hacker can't get a job at best buy or walmart and then take to infecting the devices in the storage area of the store?

 

[Donna F]

So is this what Keith Alexander was promising to protect banks and utilities from for 1 million per month? Can he rule the world with that knowledge? Read the paper at IOActive.
Google Keith Alexander Banks. Is this the intelligence secret that Congressman Grayson accuses Alexander of selling?