I continue to be amazed that anybody connects their appliances to the internet.

  • @smegger@aussie.zone
    link
    fedilink
    77 months ago

    Yeah this is why I’m so fascinated with the concept of designing home automation that is independent of the internet. Privacy and reliability

    • mihor
      link
      fedilink
      47 months ago

      HomeAssistant is a really good piece of software. The only issue I still haven’t 100% resolved are notifications, since I still need to figure out the most reliable way for when I will really need them - the push notifications simply won’t work sometimes on my graphene os phone. Perhaps using the RedNode and email notification, but that again relies on the mail server being up as well, so one extra breaking point.

  • AutoTL;DRB
    link
    English
    27 months ago

    This is the best summary I could come up with:


    That, with some API tinkering and an email address, a bad actor could possibly set its temperature or make it run constantly.

    Opening a tap triggers the exchanger, heats up the water (with natural gas, in my case), and the device has to push it through the line to where it’s needed.

    When I went into the utility closet to shut off the hose bibbs for winter, I noticed a plastic bag magnetically stuck to the back side of the water heater.

    The Control-R Wi-Fi Module must be installed for recirculation to operate,” read the intense yellow warning label.

    The tone of the language inside (“DO NOT TOUCH,” unless you are “a properly trained technician”) did not match that of the can-do manual (“get the most from your new module”).

    I installed the device, went through the typical “Connect your phone to this weirdly named hotspot” process, and—it worked.


    The original article contains 441 words, the summary contains 149 words. Saved 66%. I’m a bot and I’m open source!

  • mihor
    link
    fedilink
    27 months ago

    A thought, one way to mitigate such security issues yourself would be to make use of subaddressing (the + sign) in your email address you use for such services, by appending your own random guid, for example, essentially making guessing your exact email address string futile. For example instead of using simply johndoe@example.com you would instead use johndoe+9be28cb9-fd22-4e9f-8144-93f90ab04a1f@example.com when registering. Assuming the service provider isn’t using some lame and incorrect email address validation regex.