Once again, another addition to the Internet of Things has been revealed to have some massive security flaws. This time, though, it comes from a company based in the U.K.
Heatmiser, if the name didn't already give it away, develops "smart" thermostats. Similar to Next, Heatmiser units are supposed to detect when you are and aren't home.
Don't think the Internet of Things is dangerous? The biggest smart thermostat has already been hacked.
Here's the problem, though: Andrew Tierney, a security researcher with cybergibbons.com, did a cursory search on a hackers-only search engine. He searched for any of these thermostats that were unprotected and found more than 7,000.
Not only that, but the default username and password combination that comes with the thermostat is "admin/admin." If someone forgets to change their password, then, hackers could easily gain access with minimal effort.
The easiest thing that a hacker could do with access to your thermostat is a prank. Tierney explains in his blog post:
"I can send a user a link containing a malicious request and the device will blindly carry it out. For example, I could send a request to change the password to one of my choosing in an email, and as long as the user has logged into the thermostat recently, that request will be carried out by the device."
Imagine coming home only to discover that you could no longer access your thermostat. That's right, hackers could turn off your air conditioning with a single email.
The dangerous part, though, is crooks using your thermostat settings to figure out when you are and aren't home. After cracking your thermostat, all they'd have to do is track when it looks like you're saving money on heat or air conditioning.
They could potentially use this information to break into your home. No need to case the joint when you already know the owner's movements, right?