Story 2016-07-27 1NNSC The Coming Internet-Of-Things Horror Show

The Coming Internet-Of-Things Horror Show

by
in internet on (#1NNSC)
Like many others, Bruce Schneier is sounding the alarm that the Internet of Things security nightmare isn't just about things like poor or non-existent security for thermostats: rather, that "software control" of an ever-widening pool of interconnected devices and systems designed to act without human intervention creates an urgent threat the likes of which we've never seen.

Schneier says, "A recent Princeton survey found 500,000 insecure devices on the internet. That number is about to explode. Autonomy. Increasingly, our computer systems are autonomous. They buy and sell stocks, turn the furnace on and off, regulate electricity flow through the grid, and—in the case of driverless cars—automatically pilot multi-ton vehicles to their destinations. Autonomy is great for all sorts of reasons, but from a security perspective it means that the effects of attacks can take effect immediately, automatically, and ubiquitously."
Reply 11 comments

Looked into connected thermostat... (Score: 2, Interesting)

by number6x@pipedot.org on 2016-07-28 14:36 (#1NRSH)

We just finished a replacement of a 40 year old gas furnace for our basement and first floor. Our second floor has separate heating and cooling, only about 10 years old. My wife and I remodelled the 120 year old "worker's cottage" ( http://moss-design.com/worker-cottage/ ) style home in the mid 1990's. We kept our original furnace at the time. in 2001 we hired a crew to dormer the roof and finish the second floor (we had more money at this time and didn't have to do the work ourselves). At that time we installed separate heating and cooling in the second floor. We used a programmable, but non-connected thermostat.

Just this summer we replaced the old furnace for the first floor and basement. The furnace dated from the late 1970's and was not too efficient. We had central air added as well, along with some duct work changes.

I worked with the HVAC contractor to choose the best thermostat. We looked at all the options and the clear choice was a standard programmable thermostat. The benefits of a smart, connected thermostat were negligible. Once programmed, the standard thermostat adjusts and maintains the temperature perfectly on your schedule. It works well, costs less and is not vulnerable to cyber-attacks.

The benefits of a connected thermostat are few compared to a programmable, but the cost is much greater. Not really worth it.

Re: Looked into connected thermostat... (Score: 1)

by genericuser@pipedot.org on 2016-07-28 15:33 (#1NS02)

The benefits of a connected thermostat are few compared to a programmable, but the cost is much greater. Not really worth it.
That's my feeling as well. It *might* be handy to be able to be able to preheat the house if I'm going to be getting home early or something, but in reality that a) almost never happens, and b) isn't a big deal.
I could actually do this almost 20 years ago with some custom X-10 stuff I had rigged up, but I never used it then so I doubt I'd use it now.

Re: Looked into connected thermostat... (Score: 0)

by Anonymous Coward on 2016-07-29 12:25 (#1NVZ9)

The one place a connected thermostat comes in handy is with vacation or rental property. I have a place in Florida and believe me, you want that place cooled down when you arrive. But you also don't want to run the A/C for 20 days when it is unoccupied. A connected thermostat is perfect for this. Also the system can monitor the temperature and send notifications if the current temperature goes outside of set boundaries (handy for avoiding frozen pipes or other extreme temperature disasters). As for securing it against outside unwanted control, so far sticking the entire system behind a VPN has worked good. So the thermostat (which has pretty lousy security) is not exposed directly to the internet; it sits behind a firewall and can only be accessed via VPN.

Re: Looked into connected thermostat... (Score: 1)

by bryan@pipedot.org on 2016-07-28 16:40 (#1NS6C)

As for thermostat settings, I prefer the simplest option: a single fixed temperature that the system maintains +/- a degree or two.

The house itself should be efficient and have enough thermal mass to prevent large temperature fluctuations throughout the day anyway. If you feel the need to "adjust" the heat/cooling at different times of the day, perhaps you should invest in more insulation or higher efficiency windows instead of a fancy internet connected thermostat.

Re: Looked into connected thermostat... (Score: 0)

by Anonymous Coward on 2016-07-28 19:16 (#1NSN5)

Apparently you live in a very forgiving climate, have a small house, or are not very sensitive to temperature (or any combination thereof). Good for you!

Re: Looked into connected thermostat... (Score: 1)

by vanderhoth@pipedot.org on 2016-07-29 11:11 (#1NVQV)

I'm partly with you. I live in Canada and I have programmable thermostats. In the winter there's no reason to have the house at a human comfortable temperature all the time. The thermostats are set to 62 deg in the winter. We suffer the cold in the morning because we're only in the house long enough to have breakfast then we're out the door for the day, but the thermostats all kick in about 30 minutes before we get home to heat the house to 70 deg. Then they shut off about an hour before bed.

The reason this works well for us is because my wife loves to crank the heat to 75 degs, then never remembers to turn it off, which has costs us a fortune in the past. With the programmables she can still occasionally crank the heat, but the thermostat always readjusts automatically when the next trigger time kicks in. They're also easy enough to set to a constant temperature if we're going on vacation and then we can just hit the "run" button to put them back on their regular schedule when we get back.

Where I agree with you is, it's just a convenience. We could survive perfectly fine with the analog mercury thermostat. These are just easier so we don't always have to remember if they're on or off and the house is warm when we get home in the winter. In the summer I just flip the switches and turn them off altogether.

Re: Looked into connected thermostat... (Score: 1)

by evilviper@pipedot.org on 2016-07-29 13:22 (#1NW4D)

My preference is only to keep a house as minimally warm/cool as mechanical concerns allow... i.e. Heating is always set at 50F (10C) so that pipes don't freeze, and cooling is always set at 85F (30C) so that electronic equipment doesn't overheat (goes for pets, too). With that methodology, there's no benefit to even basic programmable thermostats.

I don't see the benefit in maintaining a temperature closer to 70F (21C) for human comfort, as it's necessary to dress appropriately for outside temperatures, anyhow. Going inside/outside repeatedly, with a huge temperature differential, is very uncomfortable. Instead such a "comfortable temperature" tends to just cause headaches, hot flashes, etc., and causes a more time-consuming burden of dressing/undressing when entering/exiting.

Now, if I had the opportunity to design my own home, I'd spec it with insulated pipes (among many other things) so that they wouldn't freeze even in very low interior temperatures. Then maybe I'd have incentives and a practical case study to find the lower limits of human comfort and this concept. But until that time, those high/low temperatures are the limits whether the building is occupied or not, eliminating the need for any changes throughout the day (or week).

I am sympathetic to the wife/girlfriend factor, as well as the need to manage humidity (condensation, mildew and mold) in some areas, and with some (usually, poorly-insulated) homes, but I can still usually make this concept work well-enough.

Re: Looked into connected thermostat... (Score: 2, Interesting)

by vanderhoth@pipedot.org on 2016-07-29 16:01 (#1NWMT)

I mostly agree with you. I'd be happy to keep the temp around 62 deg F all the time. That's the coldest I can stand for long periods with just a sweater, wool socks and a blanket to cover my lap. Any colder and my face / hands freeze. I can't ware gloves while using my PC and have no desire to spend 8 months of the year wearing a face mask/scarf.

The compromise I made with the wife is having the heat on in the evening, when we're pretty much home for the night, and Saturday and Sunday. The programmables are just to make sure that she's not leaving the temperature up after we go to bed. I actually like being snuggled up in a warm bed and have the room colder, I sleep like a rock in the winter, but then when summer rolls around and we have those two or three weeks of 80+ deg F heat I can't sleep at all. We don't have an AC, it's only a few weeks out of the year it's ever that hot here. We're currently in the middle of the yearly heat wave here, it was 78 deg F last night when we went to bed. I use to live in North Carolina when I was a kid where it was way worse. It was almost the opposite, in the summer you kept the AC on and never left your house because it was over 100 deg F and you'd get heat stroke, in the winter you spent most of your time outside because the coldest it normally was for a few weeks out of the year was 40-50 degs F, nothing a decent jacket and long johns can't handle.

Story In Coming:

I remember one, shortly after we moved to NC from Canada, I got up late and had breakfast then went out to wait for the Bus. When the bus didn't come I walked to school thinking I'd missed it. The school was all locked up and I eventually went home. Turns out school had been canceled because of ice on the roads. All I saw was a few puddles, but no actual ice. I still get a chuckle thinking about it. Coming from Canada, it felt like school wasn't canceled here until you were up to your shoulders in snow.

Re: Looked into connected thermostat... (Score: 1)

by evilviper@pipedot.org on 2016-07-30 12:11 (#1NZ5P)

62 deg F all the time. That's the coldest I can stand for long periods with just a sweater, wool socks and a blanket to cover my lap. Any colder and my face / hands freeze. I can't ware gloves while using my PC and have no desire to spend 8 months of the year wearing a face mask/scarf.
You should try a much heavier sweater... I know you're concerned about your face and hands, but keeping your core warmer will keep your extremities warmer, too.
in the summer you kept the AC on and never left your house because it was over 100 deg F and you'd get heat stroke,
Millions of people live and work (outside) in areas where temperatures vastly exceed 100F. See: #1NA1N... If you're healthy, and dressed properly, it's no problem. Humans and horses are better suited to high temperatures than any other mammals.

Re: Looked into connected thermostat... (Score: 0)

by Anonymous Coward on 2016-08-06 09:16 (#1PNPM)

What about camels? (Genuine question.)

Re: Looked into connected thermostat... (Score: 2, Interesting)

by evilviper@pipedot.org on 2016-08-06 17:23 (#1PPMX)

I should have been more specific... Humans and horses are the only animals who cool themselves by perspiration across all their skin, allowing extended physical exertion in temperatures much higher than their proper body temperature. This allows humans to run, non-stop all day, through Death Valley during the summer, as in the Badwater Ultramarathon, the kind of feat which would quickly have all other animals dropping dead from heatstroke. In fact primitive humans used this advantage to capture prey with persistence hunting.

There are many other different adaptations for high temperatures that other animals have, which we don't, but for high physical activity in very hot temperatures (with ample supplies of water) you can't beat us.