Smart Thermostats Vulnerable to Hackers

nest

Your smart thermostat may be smarter than you think. In order to do its job properly it stores your zip code, your Wi-Fi network name, and your Wi-Fi password and detects whether or not you are home. It uses this information to communicate with your provider’s cloud, to learn and follow your energy usage habits , and to switch your heater or air conditioner into low energy-mode when you are out of the house. That, in and of itself, is not a problem. In fact, it’s what you paid for. The catch is that these thermostats can be hacked so that they share this information with outsiders. They can also be pirated and then utilized to generate spam or malware from inside your home or place of business.

The problem does not lie with their Wi-Fi capabilities: their wireless communication is heavily secured. It’s their USB port which makes them vulnerable. The purpose of this port is to allow manual updates of the software they utilize, in the event that cloud-generated updates prove unsuccessful. According to indepdent research Daniel Buentello, this port can be readily compromised. All one has to do is hold down a NEST thermostat’s power button for ten seconds, then plug a USB device into the port. Doing so overrides the thermostat’s security features and enables the hacker to infect it with a not-so-friendly program of his own.

Unless you make it a habit of inviting hackers over for dinner, this scenario is not likely to take place in your home. The greater risk is that hackers may buy these thermostats in bulk, infect them with remotely controlled malware, repackage, and then resell them. Under no circumstance should you purchase a second-hand smart thermostat or order one from a random individual online.

In fact, if you really want to maintain your privacy, you may want to make due with one of those old-fashioned not-so-smart thermostats. To save energy, bump up the temperature (if you’re running the ac) or nudge it down (if you’re using the heater) when you leave the house, then set it back to the desired temperature as soon as you get home. (Do not shut it off altogether or your system may use more energy bringing your home back to the optimum temperature than it saved by being off while you were away). Sure, it may take your air conditioner or your heater ten or fifteen minutes to restore your home to the desired temperature, but that is actually easier on your body than stepping straight into a perfectly chilled house on a stifling hot day or into a nice warm house from the freezing cold. And without your thermostat broadcasting your comings and goings, your jewelry and electronics are more likely to be right where you left them.

Blogger Terry Portillo owns and operates ACU Air Heating and Air Conditioning in The Woodlands, TX.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: