Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Tech Insight: Hacking The Nest Thermostat
Newest First  |  Oldest First  |  Threaded View
Tom Mariner
50%
50%
Tom Mariner,
User Rank: Apprentice
12/31/2014 | 11:05:50 AM
Access to my Nest Thermostat
So someone standing in my living room can pry my Nest off the wall, connect a computer, upload, replace it and I'm hacked? If he was standing there he could also shoot my dog and drink my best wine. The point is??
Somedude8
50%
50%
Somedude8,
User Rank: Apprentice
8/18/2014 | 1:07:01 PM
House too warm?
Hacker sets thermostat to 120. Email arrives with bad English asking for $500 to return control of the thermostat.

That strikes me as a really funny possibility!
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
8/14/2014 | 7:07:56 PM
Re: Nesting
> if an attacker has physical access to the device.

Cue horror movie music: They're calling from inside the house!

If someone is tinkering with the Nest inside your house, worry about arson, theft, or physical violence.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
8/14/2014 | 4:42:39 PM
HP tried to warn us
Remember, on July 29, HP's Fortify div. tried to warn us. It didn't name specific vendors but cited thermostats. http://www.informationweek.com/cloud/software-as-a-service/hp-warns-of-iot-security-risks/d/d-id/1297617
johnhsawyer
100%
0%
johnhsawyer,
User Rank: Moderator
8/14/2014 | 3:58:10 PM
Re: Nesting
I didn't want to get too deep into it in the article, but I also have 2 Nest thermostats and don't have any plans to get rid of them. I also want to add some of the Nest Protect fire and carbon monoxide alarms. I'm not worried about someone tracking if I'm "away" or not. If a bad guy wanted to know if I'm home or away, they can drive by my house -- no need to compromise my Nest to figure it out.

As for a Nest being a source of attack, mine are connected to a separate, isolated wireless network that is segmented from the rest of my network. One of them is rooted and the other is not. I've also been monitoring the traffic on the Nest network as it's something of interest since I have clients in the utility industry that may be encountering Nests in their clients' homes. Eventually, I want to look into sniffing the Nest Weave communications with my RZ Raven and Killerbee.

I'm glad these guys published their findings. It was something that I was interested from a personal and professional perspective. It's also something very relevant as the Internet of Things continues to introduce more and more devices onto our networks.

-jhs
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/14/2014 | 1:55:30 PM
Nesting
I don't know whether I'm reassured or frightened by Daniel Buentello's quote "Even after all this research and knowing how bad it can be, I'm still not giving mine up and I have two." I'm guessing the Black Hat audience shared that point of view... 

 


Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14869
PUBLISHED: 2019-11-15
A flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could esc...
CVE-2019-18987
PUBLISHED: 2019-11-15
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.
CVE-2019-18986
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
CVE-2019-18981
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVE-2019-18982
PUBLISHED: 2019-11-15
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.