Why would my thermostat need to know my zip code? Or even internet access??
The only thing my thermostat needs to ever know is the temperature I set it too, and the temperature inside the house. And the only thing it ever needs to do is activate the heater or AC systems when the temperature goes below/above the setting I gave it.
Yeah this is mostly just FUD. The old adage is "there is no network security without physical security". If someone can get to your thermostat without you seeing them, then they can get to your PC, wifi devices and do anything they want. They can hide in your closet and stab you with a knife or shoot you. Worrying about being spied on suddenly becomes much less of an issue then being stabbed or shot.
Did you people miss the point of someone buying these devices in bulk, infecting them and then reselling them??? I know I am guilty of buying items online "from the lowest price" seller. Just because the web site "looks" professional doesn't mean it's not just one guy at home selling stuff on the internet.
As for needing to know your zip code, I think you need to read what the Nest is capable of and trys to do to save the homeowner money on their energy costs.
When I read comments about needing physical access to the thermostat by getting inside the person's home, I wonder how many people actually read this article. Did they miss the section where it says, "Buentello said an attacker could buy Nest devices in bulk, quickly infect them with malware and then resell them to customers who would be completely unaware of the malicious device residing in their own homes".
This could be done with all devices that feature storage, Removable Drives, Hard Drives, Phones etc then resold on.. I don't see what the big fuss is about... People just need to not buy from dodgy sellers and make sure that your house door is lock, wouldn't want a random stranger walking in and physically infecting your equipment.
"The more convenient or smart something is, the less secure it is" Exactly. If you are too lazy to do things yourself, then you must accept this risk.
As for those who are saying it's no big deal because someone would have to break into your home...who's to say that a hacker can't get a job at best buy or walmart and then take to infecting the devices in the storage area of the store?
So is this what Keith Alexander was promising to protect banks and utilities from for 1 million per month? Can he rule the world with that knowledge? Read the paper at IOActive.
Google Keith Alexander Banks. Is this the intelligence secret that Congressman Grayson accuses Alexander of selling?