Nest Smart Thermostat Can Be Hacked to Spy on Owners

Status
Not open for further replies.

bluestar2k11

Distinguished
Feb 1, 2011
28
0
18,580
Why would my thermostat need to know my zip code? Or even internet access??
The only thing my thermostat needs to ever know is the temperature I set it too, and the temperature inside the house. And the only thing it ever needs to do is activate the heater or AC systems when the temperature goes below/above the setting I gave it.
 

Christopher1

Distinguished
Aug 29, 2006
197
0
18,640
First off, this needs physical access. Common knowledge goes "If someone has physical access to a device and you are not watching what they are doing every second, assume it is compromised!"
 

palladin9479

Distinguished
Jul 26, 2008
193
0
18,640
Yeah this is mostly just FUD. The old adage is "there is no network security without physical security". If someone can get to your thermostat without you seeing them, then they can get to your PC, wifi devices and do anything they want. They can hide in your closet and stab you with a knife or shoot you. Worrying about being spied on suddenly becomes much less of an issue then being stabbed or shot.
 

TheDraac

Distinguished
Feb 1, 2008
12
0
18,570
Did you people miss the point of someone buying these devices in bulk, infecting them and then reselling them??? I know I am guilty of buying items online "from the lowest price" seller. Just because the web site "looks" professional doesn't mean it's not just one guy at home selling stuff on the internet.

As for needing to know your zip code, I think you need to read what the Nest is capable of and trys to do to save the homeowner money on their energy costs.
 

paesan

Distinguished
Oct 30, 2007
2
0
18,510
When I read comments about needing physical access to the thermostat by getting inside the person's home, I wonder how many people actually read this article. Did they miss the section where it says, "Buentello said an attacker could buy Nest devices in bulk, quickly infect them with malware and then resell them to customers who would be completely unaware of the malicious device residing in their own homes".
 

electricfirebolt

Honorable
Mar 29, 2012
14
0
10,560
This could be done with all devices that feature storage, Removable Drives, Hard Drives, Phones etc then resold on.. I don't see what the big fuss is about... People just need to not buy from dodgy sellers and make sure that your house door is lock, wouldn't want a random stranger walking in and physically infecting your equipment.
 

RCguitarist

Honorable
Apr 2, 2013
37
0
10,590
"The more convenient or smart something is, the less secure it is" Exactly. If you are too lazy to do things yourself, then you must accept this risk.

As for those who are saying it's no big deal because someone would have to break into your home...who's to say that a hacker can't get a job at best buy or walmart and then take to infecting the devices in the storage area of the store?
 

Donna F

Estimable
Aug 9, 2014
1
0
4,510
So is this what Keith Alexander was promising to protect banks and utilities from for 1 million per month? Can he rule the world with that knowledge? Read the paper at IOActive.
Google Keith Alexander Banks. Is this the intelligence secret that Congressman Grayson accuses Alexander of selling?
 
Status
Not open for further replies.