Heatmiser WiFi thermostat vulnerabilities

Posted on by

Scanning for Heatmiser thermostats on port 8068 really just requires a quick check for port 8068 being open – we can be fairly confident that anything with this port open is one of their devices.  We can then make detailed check on port 80.
nmap -p 8068 -Pn -T 5 --open 78.12.1-254.1-254
nmap can easily do this scan. If you want to scan large blocks of addresses though, masscan is much faster.

via » Heatmiser WiFi thermostat vulnerabilities.

You need to forward ports at your local router so if you try and access this thermostat from the Internet and you come in on (per above example) port 8068 that the router knows to forward all that traffic to whatever IP it has associated with that port.  This allows users to access things inside their local network from anywhere on the Internet.  It also allows anyone on the Internet to access that internal device.

Here is my opinion on this matter.  As the world moves towards self driving cars and self driving planes, extremely complicated devices that you would think need human intervention, the world is also moving to take very simple devices, like household appliances and making them so they need human intervention.  A thermostat should be set and forget.  It should have simple intelligence to figure out what temperature to set a room.  If a human must get involved in messing with a thermostat then perhaps something went wrong but it’s not an emergency like this:

Should Airplanes Be Flying Themselves? | Vanity Fair.

A thermostat can certainly wait until you get home to physically figure out the problem and put it back on auto.  The Internet of Things can certainly be useful for read only, like buzzing your phone when the dishes or laundry finishes.  You can’t load laundry or dishes into these devices via the Internet so how do benefits from controlling them remotely, especially from remote Internet locations, outweigh the risks from allowing bad guys get into your local network.

Finally, here’s a link to a site that does port scanning on the Internet for you.  Seems like a useful resource to know.

Plugging this into Shodan we get over 7000 results. That’s quite a lot. (note, you might need to register to use filters like this).