{"id":14088,"date":"2014-09-24T12:07:50","date_gmt":"2014-09-24T17:07:50","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=14088"},"modified":"2014-09-25T12:20:07","modified_gmt":"2014-09-25T17:20:07","slug":"heatmiser-wifi-thermostat-vulnerabilities","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=14088","title":{"rendered":"Heatmiser WiFi thermostat vulnerabilities"},"content":{"rendered":"<blockquote><p>Scanning for Heatmiser thermostats on port 8068 really just requires a quick check for port 8068 being open \u2013 we can be fairly confident that anything with this port open is one of their devices. \u00a0We can then make\u00a0detailed check on port 80.<br \/>\n<code>nmap -p 8068 -Pn -T 5 --open 78.12.1-254.1-254<\/code><br \/>\nnmap can easily do this scan. If you want to scan large blocks of addresses though, <a href=\"https:\/\/github.com\/robertdavidgraham\/masscan\">masscan<\/a> is much faster.<\/p><\/blockquote>\n<p>via <a href=\"http:\/\/cybergibbons.com\/security-2\/heatmiser-wifi-thermostat-vulnerabilities\/\">\u00bb Heatmiser WiFi thermostat vulnerabilities<\/a>.<\/p>\n<p>You need to forward ports at your local router so if you try and access this thermostat from the Internet and you come in on (per above example) port 8068 that the router knows to forward all that traffic to whatever IP it has associated with that port.\u00a0 This allows users to access things inside their local network from anywhere on the Internet.\u00a0 It also allows anyone on the Internet to access that internal device.<\/p>\n<p>Here is my opinion on this matter.\u00a0 As the world moves towards self driving cars and self driving planes, extremely complicated devices that you would think need human intervention, the world is also moving to take very simple devices, like household appliances and making them so they need human intervention.\u00a0 A thermostat should be set and forget.\u00a0 It should have simple intelligence to figure out what temperature to set a room.\u00a0 If a human must get involved in messing with a thermostat then perhaps something went wrong but it&#8217;s not an emergency like this:<\/p>\n<p><a href=\"http:\/\/www.vanityfair.com\/business\/2014\/10\/air-france-flight-447-crash#\">Should Airplanes Be Flying Themselves? | Vanity Fair<\/a>.<\/p>\n<p>A thermostat can certainly wait until you get home to physically figure out the problem and put it back on auto.\u00a0 The Internet of Things can certainly be useful for read only, like buzzing your phone when the dishes or laundry finishes.\u00a0 You can&#8217;t load laundry or dishes into these devices via the Internet so how do benefits from controlling them remotely, especially from remote Internet locations, outweigh the risks from allowing bad guys get into your local network.<\/p>\n<p>Finally, here&#8217;s a link to a site that does port scanning on the Internet for you.\u00a0 Seems like a useful resource to know.<\/p>\n<blockquote><p>Plugging this<a href=\"http:\/\/www.shodanhq.com\/search?q=title%3A%22Heatmiser+Wifi+Thermostat%22\"> into Shodan<\/a> we get over 7000 results. That\u2019s quite a lot. (note, you might need to register to use filters like this).<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Scanning for Heatmiser thermostats on port 8068 really just requires a quick check for port 8068 being open \u2013 we can be fairly confident that anything with this port open is one of their devices. \u00a0We can then make\u00a0detailed check &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=14088\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[110],"tags":[1308,644,443,78],"class_list":["post-14088","post","type-post","status-publish","format-standard","hentry","category-networking","tag-internet-ofthings","tag-nmap","tag-useful-sites","tag-wifi"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/14088","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14088"}],"version-history":[{"count":5,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/14088\/revisions"}],"predecessor-version":[{"id":14107,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/14088\/revisions\/14107"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14088"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}