Your Thermostat Can Be A Gateway For Criminals To Break Into Your Home

We truly live in a smart world, don’t we? How many “smart” devices do you use every day to take care of your daily routines automatically? Between your home and your business, probably quite a few, and that number will only grow year after year as new technologies are developed to save time and effort.

But these same smart devices are potential gateways for the criminal world to find out if you are home or not home. The latest target for criminals looking to break into homes comes through your home thermostat. Yep, you read that right, your thermostat. Well, only if you’re using a “smart” thermostat.

UK company, Heatmiser, develops smart devices for homes. One of their products is a thermostat that detects if you are home or away, so you don’t waste money on extra heating or air conditioning. But, guess what? These thermostats have been hacked into by criminals looking to find out for themselves whether you’re at home – and they’re not looking to save you money.

How? Simple: the default username and password is admin/admin, and many home users never change their security settings.

Andrew Tierney, a security expert with cybergibbons.com, did some research on the Heatmiser products and found some 7000 unprotected thermostats reported on many hacker forums and websites. Many of the reported thermostats on the hacker websites were in Europe, but this doesn’t mean that incidents of criminal activity are limited to across the pond.

The Heatmiser thermostat requires that you forward two ports on your firewall to their device: Port 80, which is the standard port for all web traffic, and port 8068. Without the proper security settings, this provides an easy backdoor into all the other devices hooked up to your network.

According to the cybergibbons.com blog post, there is no excuse for many of the vulnerabilities, and it is just “laziness” that leads to these security breaches.

Do you have a smart thermostat in your business or home? Review the network setup and make sure the simple things are done to protect your home or business. As your trusted technology experts, we can help, but here are just a few things you can do:

1. Change the password and login name immediately. NEVER use the default login and password on ANY device. Hackers are lazy too, and will more than likely move on to the next victim if your system is too hard to crack.
2. Change the ports on your device and firewall if you can. It will be easier for hackers to break into a system that uses a standard port. Keep in mind, though, that some devices won’t allow you to make these changes.
3. Compare all “smart” solutions and get the most secure option that fits your needs.

Here is a copy of the letter Heatmiser sent out to all their customers: CLICK HERE.

These devices are supposed to make our lives easier, but can you imagine what would happen to your home if a hacker broke into your device, shut off your furnace on the coldest day of the year, or turned off your AC on the hottest day of the year? Or worse yet, used your thermostat’s weak security to break into the other parts of your network and turn off your alarms?

Make sure you protect your home and business.

Have questions? Call us today. As your trusted technology security and technology support company, we are here to help and support you. We welcome you to call us at anytime at (919) 424-2000 or send us an email to info@cspinc.com. We are your information technology consulting company in Raleigh. Call Raleigh IT Support Company and IT Services Provider | CSP Inc. today.