Posted on 01/21/2016 12:37:30 PM PST by BenLurkin
In a report published to the site Freedom to Tinker and presented at the recent PrivacyCon conference, researchers at Princeton University detail how they detected that Nest's popular thermostat, among other web-connected devices, was transmitting data unencrypted, so in theory, online hackers could have intercepted that private information if they were looking in the right place.
However, the issue stemmed from a weather update containing location information of the home and local weather stations, Nest told Mashable. Sensitive information such as home addresses was already encrypted, but the data collected from local weather stations was not.
...
When setting up the smart thermostat, Nest requires users to enter a zip code., The thermostat then pings the weather station in the area, which could be nearby or span as far as 90 miles away, and it was that information that was vulnerable to the leak.
Although the researchers originally believed the Nest thermostat was revealing the exact location of the customer's home, the company clarified the issue only leaked the user's zip code.
(Excerpt) Read more at mashable.com ...
Never saw that coming!
Who knows the evil that lurks
within the hearts of men?
Their thermostats do!
A home address is "sensitive information"?? Please, I can look up my address and anybody else's through a myriad of online sources, not to mention through my local white pages, anytime I please. Ridiculous fear mongering and sensationalism.
Now if the device was broadcasting in the clear whether the home was occupied or not, that might be a different story. But this is just stupid butt-hurt whining from Mashable.
As in GOOGLE Nest...what could possibly go wrong?
It was stated in the article that is was only zip codes that were available in the clear. The trouble is, if you can collect enough information about a smart home to determine it’s address, and you can find out when/if the thermostat is turned way down during daylight hours, you pretty much KNOW with some certainty the home isn’t occupied by humans.
2pm on a cold winter day, thermostat 59 degrees. It doesn’t start bringing up the temp until 4pm.
What does that tell you? No people, no kids and at 59 degrees probably no major pets either unless it’s something with a winter coat.
This use of technology is beyond a horrible idea. It should broadcast absolutely nothing on the internet. These devices can do these jobs with local information. Or with one way communication only.
Just wait until the contents of your refrigerator are part of the “internet of things”
I wanted one of these NEST things, but read in a handyman magazine that the Honeywell version did not “leak data”. In fact it did not even report any data.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.