Smart thermostat makes dumb security mistakes

Cory Doctorow 12:00 pm Wed Sep 24, 2014

Andrew Tierney had a close look at Heatmiser's popular wifi-enabled thermostat and found it to be riddled with security vulnerabilities.

Tierney was testing an older version of the Heatmiser firmware, and some of these errors might have been patched since, assuming that the customers with the old firmware didn't have their thermostats fatally compromised so that they would not run future patches. The kinds of mistakes that Tierney documents are part of a wider pattern of bad Internet-of-Things security practices (see, for example, Ang Cui's work on smart phones and printer malware).

But, at this point, it looks like security is the last thing on the list of priorities for Heatmiser.

If you want a thermostat that can't be activated by just about anyone, then I would suggest returning your Heatmiser WiFi thermostat.

My recommendation would be to stop port-forwarding to both port 80 and 8068. You will lose remote control, but would still be able to access the thermostat from inside you house.

Heatmiser WiFi thermostat vulnerabilities

(via /.)

Erik Prince's new "secure" smartphone is an even bigger joke than it sounds

In July 2021, I posted here about the new smartphone company bankrolled by Blackwater brutalizer Erik Prince. That post focused less on the phone itself and more on the absurdity… READ THE REST
Free advice for future whistleblowers

John Tye is a former State Department employee who blew the whistle on some NSA spying programs in 2014; three years later, he founded a Whistleblower Aid, a nonprofit that… READ THE REST
Helpful InfoSec tips, presented in the form of TikTok Sea Shanties

People need InfoSec tips. People want TikTok-style Sea Shanties. So Rachel Tobac of Social Proof Security gave the people what they want: a TikTok-style sea shanty about infosec. And of… READ THE REST
Save $169 on a lifetime license to Microsoft Windows 11 Pro and never look back

TL;DR: Revamp your digital world with this incredible lifetime license to Microsoft Windows 11 Pro, with its seamless interface and top-notch security, for only $29.97 (Reg. $199) until 11:59 PM on 1/07.… READ THE REST
Upgrade your tech for the new year with this refurbished iPad Pro, less than half price right now

TL;DR: Save over $350 on a refurbished Apple iPad Pro 10.5" 256GB, plus a free accessories bundle, with this sweet deal on sale for just $315.99 right now. Tech fans, it's time… READ THE REST
Make your rockstar dreams a reality for only $15.97 with this Guitar Lessons Training Bundle

TL;DR: The perfect last-minute holiday gift for an aspiring rocker, the 2024 Guitar Lessons Training Bundle is only $15.97 (Reg. $480) until 11:59 PM on 12/25. It's really never too late to make… READ THE REST