• dlok@lemmy.world
    link
    fedilink
    arrow-up
    12
    arrow-down
    9
    ·
    1 year ago

    And what’s the worst an internet connected thermostat could do, discomfort you to death? If someone got into my Google account past 2fa etc id have bigger worries.

    • TheWiz@lemm.ee
      link
      fedilink
      arrow-up
      21
      ·
      1 year ago

      For me it’s more the privacy aspect. IOT devices tend to be network weak points. Things like Alexa constantly listening. I could see myself self hosting home assistant maybe in the future but not of the things smart devices enable are really a value add for me personally.

      • Cosmic Cleric@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        3
        ·
        edit-2
        1 year ago

        You don’t need home devices to lose your privacy like that. Your phone’s themselves are constantly listening in.

        Was talking to the wife in the car one time about buying a new pair of tennis shoes, and when I got home that evening and watched YouTube videos and such, I was getting so many tennis shoe ads it was actually quite spooky.

        • TheWiz@lemm.ee
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          Oh definitely, I go to a lot of effort to try and mitigate it (graphene OS, no Facebook, social media, pihole for network wide ad blocking, simplelogin for email aliasing, no smart devices) but there’s always plenty of invasive apps/services even you’re privacy conscious.

      • LemmyIsFantastic@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        8
        ·
        1 year ago

        Jesus Christ “always listing”.

        No they aren’t. Not in any sense that even explained in common sense language to normal people.

        They are listening to what amounts to be a key pair(s) voice imprint. That’s done at a hardware level. And despite it be career making and be worth millions nobody has reported any large scale beach of trust in many years.

        The major players have an excellent track record of being secure.

              • LemmyIsFantastic@lemmy.world
                link
                fedilink
                arrow-up
                1
                arrow-down
                1
                ·
                edit-2
                1 year ago

                First, the attacker needs to be within wireless proximity of the device, and listen to MAC addresses with prefixes associated with Google. After that, they can send deauth packets, to disconnect the device from the network and trigger the setup mode. In the setup mode, they request device info, and use that information to link their account to the device and - voila! - they can now spy on the device owners over the internet, and can move away from the WiFi.

                Congrats, you found a single instance. It was patched via the security program. It relied on physical proximity.

                Then you link another scenario where an utterly insignificant portion of users data was shared with partners.

                It’s grasping at straws and both those incidents are unrelated to always on recording. None of that shit you linked is related in the least bit. It’s slippery slope bullshit you’re trying to pull.

                Astroturfing 🤣🤣🤣 good lord I wish I could get paid arguing with uninformed privacy zealots.

                • Calavera@lemm.ee
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  So much so for your “excellent track record of being secure.” right? Specially this taking almost a year to be patched. Now image the exploits that were found not by researchers, but malicious parts…

                  I mean, if you were a paid astroturfer I could understand, because people have to make ends meet right. But doing that for free? What a dystopian world we live in

                  • LemmyIsFantastic@lemmy.world
                    link
                    fedilink
                    arrow-up
                    1
                    arrow-down
                    1
                    ·
                    edit-2
                    1 year ago

                    Holy shit, you really are stuck on this 100% unrelated local access hack 🤣

                    I guess you’ll never use tls again cause of its history right?

    • bitwolf@lemmy.one
      link
      fedilink
      arrow-up
      21
      arrow-down
      1
      ·
      1 year ago

      The issue is that the thermostat can be used as a jump box into your network.

      That’s when/where all the nefarious things happen.

      • frezik@midwest.social
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        1 year ago

        This is why I like boarderless security, and did even before all these smart devices came around. Every device should be responsible for its own security. It meant your laptop is still protected when you’re on some random wifi network. Networks shouldn’t be built like eggs; hard on the outside, soft on the inside.

        It does take more technical skill to setup, though.

      • groucho@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Or they could just dime out the heat/AC and give you a huge energy bill. Or kill the furnace in the winter, while you’re on vacation, and let your pipes burst.

        • RGB3x3@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Nobody is doing that. A hacker doesn’t cause chaos just for the fun of it. They have nothing to gain by playing with your thermostat when they can spend less man-power exploiting corporations for money and data.

            • RGB3x3@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Yeah, but:

              The downside, though, is that installing the ransomware, currently, requires the hackers to either have physical access to the thermostat or trick the victim into loading malicious files on the device on his own.

              And if a hacker is in your home, they’re not a hacker. They’re just a burglar.

      • greenskye@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        Realistically speaking who targets an individual house in the hopes of accessing something important and usable when companies lose millions of customer financial and personal information basically every month?

          • RGB3x3@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            To do what though? People are worried about their internal network being compromised, but the average person has basically nothing worth stealing on their home network given the insane amount of work it takes to compromise it.

            The fears of your internal home network being compromised are way overblown.

            • Nahdahar@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              A main example that comes to mind is nanny cam or iot security cam ransoms for example. They don’t target specific individuals at first, they exploit a mass vulnerability, gather sensitive footage then blackmail. Another example, while not directly affecting IoT users’ lives was the Mirai botnet attack.

              • greenskye@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                This implies looking at hundreds of thousands of nanny cams, for probably lots of hours before you end up with any footage thts worthy of ‘blackmail’. And I’d bet many homes would literally never have anything blackmail worthy even happen on camera. Oh no, they saw me naked!?! What am I going to do if my coworkers found out I walk around naked in my own home. I’d just tell them to take a hike and release my naked footage if they really wanted to.

            • milicent_bystandr@lemm.ee
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              It’s not just damage to your home network, it’s using that as part of botnets do do other crime. And it’s collecting data on you for sleazy purposes, that then gets leaked (sometimes) to those who want to use it for crime.

              the insane amount of work it takes to compromise it.

              Really?

              The great thing about software is once you develop an insane trick to get into one child’s internet-connected doll (oh yes, there’s that too) you can roll it out to try ten million dolls across the world.

    • Obi@sopuli.xyz
      link
      fedilink
      arrow-up
      13
      arrow-down
      1
      ·
      1 year ago

      I think that example is probably the most serious one. If you live in regions that go to -40c you most definitely don’t want your thermostat to just stop heating the house.