Can IT confirm? - eviltoast
  • bitwolf@lemmy.one
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    1 year ago

    The issue is that the thermostat can be used as a jump box into your network.

    That’s when/where all the nefarious things happen.

    • frezik@midwest.social
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      This is why I like boarderless security, and did even before all these smart devices came around. Every device should be responsible for its own security. It meant your laptop is still protected when you’re on some random wifi network. Networks shouldn’t be built like eggs; hard on the outside, soft on the inside.

      It does take more technical skill to setup, though.

    • groucho@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Or they could just dime out the heat/AC and give you a huge energy bill. Or kill the furnace in the winter, while you’re on vacation, and let your pipes burst.

      • RGB3x3@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Nobody is doing that. A hacker doesn’t cause chaos just for the fun of it. They have nothing to gain by playing with your thermostat when they can spend less man-power exploiting corporations for money and data.

          • RGB3x3@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Yeah, but:

            The downside, though, is that installing the ransomware, currently, requires the hackers to either have physical access to the thermostat or trick the victim into loading malicious files on the device on his own.

            And if a hacker is in your home, they’re not a hacker. They’re just a burglar.

    • greenskye@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Realistically speaking who targets an individual house in the hopes of accessing something important and usable when companies lose millions of customer financial and personal information basically every month?

        • RGB3x3@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          To do what though? People are worried about their internal network being compromised, but the average person has basically nothing worth stealing on their home network given the insane amount of work it takes to compromise it.

          The fears of your internal home network being compromised are way overblown.

          • Nahdahar@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            A main example that comes to mind is nanny cam or iot security cam ransoms for example. They don’t target specific individuals at first, they exploit a mass vulnerability, gather sensitive footage then blackmail. Another example, while not directly affecting IoT users’ lives was the Mirai botnet attack.

            • greenskye@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              This implies looking at hundreds of thousands of nanny cams, for probably lots of hours before you end up with any footage thts worthy of ‘blackmail’. And I’d bet many homes would literally never have anything blackmail worthy even happen on camera. Oh no, they saw me naked!?! What am I going to do if my coworkers found out I walk around naked in my own home. I’d just tell them to take a hike and release my naked footage if they really wanted to.

          • milicent_bystandr@lemm.ee
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            It’s not just damage to your home network, it’s using that as part of botnets do do other crime. And it’s collecting data on you for sleazy purposes, that then gets leaked (sometimes) to those who want to use it for crime.

            the insane amount of work it takes to compromise it.

            Really?

            The great thing about software is once you develop an insane trick to get into one child’s internet-connected doll (oh yes, there’s that too) you can roll it out to try ten million dolls across the world.