IoT is Insecure, Get Over It! Say Researchers (also home temperature control for Harondel)


#1

BOSTON-Noted security experts Charlie Miller and Chris Valasek said the
Internet of Things can´t be secure, but it can be tamed.

Drawing from their car hacking experience, the two spent the morning
contemplating the larger universe of IoT security and conceded that there
will always be thousands of connected devices that will never be secure, and
that industry should prioritize personal safety and the security of
automobiles and medical devices, for example, over toothbrushes and door
locks.

https://threatpost.com/iot-is-insecure-get-over-it-say-researchers/128826/

Anyhow nothing really new here, but got me thinking about something that
comes up every year at this time, intelligence in my home temperarture
control system.

Right nmw we have 2 standalone manually programmed temperature controllers,
effectively 1 per floor. When the DST kicks on and off, I have to manually
change the time on each device and when the weather changes, I have to
manually adjust the temperature programming which I did about a week or so
ago when the temp was dropping below zero overnight. We also brought out the
heavy and multilayer wool comforters at the same time.

Problem is, same as every year, it’s no longer cold and now the programming
means it’s too hot in the morning and bit on the warm side during the day.
So I can reprogram again for the current conditions, but as soon as I do
that, it’ll get cold again and I am back in the reprogram over and over loop.

So any suggestions for an intelligent temp controller that takes into
consideration

  1. current and expected outdoor ambient temperature
  2. whether someone is home (pretty normal as I work from home most days)
  3. current internal ambient temperature
  4. my termperature preference, I generally like it warmer than Nicole does
  5. the time it takes to heatup the house using the infloor radiant heating
    (on main floor only and about 4-5 hours) and baseboard heating upstairs
  6. there is no force air system in the house, nor is there air conditioning
    (other than a portable unit in my office), basically heat is either on or off

I have several wireless weather stations/tempature devices, none of which
have computer integration of course, but I am sure I could resolve that with
judicious use of an SDR to sniff and decode the traffic, either that or just
replace my current systems with one with computer access.

In either case, I love the idea/concept of the Nest and similar devices, just
not willing to give up that level of personal privacy to get it.

Anyone come across anything of this nature? I’d love to finally get a
solution to automate this in relation to the outside temperatures.


#2

I have also been looking for a DIY thermostat system…
Something that has more features…
With controllers like ESP8266 it could automatically update the time and read outside temp…
I’d also like to add some features to minimize short cycling of my boiler…
The only systems that support the above seem to be very $$ Honeywell or Tekmar systems

I know I can roll my own but the optics of the unit itself have been the issue…
Love to find some sort of decent looking case with display and controls…
I also do not want to use (nor depend) on any sort of cloud service for the operation…


#3

I’ve been planning to roll my own for a while. I had imagined an esp with a solid state relay controlling it. I’d eventually wanted to put some UI on the front, but hadn’t put one on yet.

The only other option would be ones that aren’t as IOT, but already have some kind of wireless communication (zwave, zigbee) and controlling through that. I simply found those too expensive, so I let the project slide. I’m renting so upgrading my baseboards with remote relays was going to cost ~$70 per element (4 in my small apartment)

I had bought hardware and everything, but I found that the solid state relays I had heated up too much when you pushed full baseboard heat through them.

Here are a couple images of the part I’d imagined. I’d 3d printed one, it fit as a replacement to my current bi-metal strip controls. It did fit well on the wall. The temperature sensor fit on the raised section, with the controller and relay inside the wall on the back. I’d wanted to keep the sensor away form the electronics which would generate heat.


image

I’d be happy to work with somebody a bit to come up with a better solution.


#4

We also have the ability to design the cryptographic security and
containerization at the device and cloud level required.

If we could put the theory together, I know the people who can make it
happen.


#5

Honestly I don’t really see that happening Timothy even if the general buy-in
was there along with the funding. I am assuming your comments are around the
article as opposed to comments by Bob and Rob.

Without a properly protected update process, crypto means squat and by that I
mean bugs are found in crypto systems all the time, but even more importantly
badly implemented crypto happens all the time. <bad crypto happens to good
people

Think of the all the IoT devices like the internet enabled toothbrush
mentioned in the artcle and personally I don’t see this problem getting
solved any time soon.


#6

My comments are related to the article. There is a very strong business
case for security and privacy for automobile and health IoT and IIoT of all
sorts. Once the infrastructure is in place it won’t cost much to include
security and privacy everywhere. But without the required infrastructure
the cost is unobtainable. The biggest barrier is Governments belief that it
is not possible to have security, privacy and law enforcement. But this is
wrong, law enforcement such as highway regulations, etc, requires open
source codification of laws and an open source codified law processing
engine.

I have access to the tools required for world wide patent protection. World
wide patent protection will be used as defensively to prevent a single
company locking the IP. And that I have access to the VP level Amazon,
similar access to Microsoft is obtainable.


#7

The “S” in IoT stands for security.


#8

Interesting, I thought that in all things involving “IoT” and “cloud”, the “s” meant “sucker”…

Only half joking.


#9

Stephen

That’s the best description I’ve heard in a long time where IoT is concerned.


#10

This said, the woods are full of over-protective black bear sows, nasty tempered grizzlies, rattlesnakes (in the Okanagan, at least), puma (cougars, for you Westerners), Devil’s Claws, rock slides, avalanches, etc… and yet myself and numerous others still go there and come back unscathed.

Just be aware of the pitfalls. Go in prepared. Don’t be a sucker.