How much do you really know about your thermostat? According to Black Hat USA, a group of professional security researchers, you may be in trouble if you own a Nest thermostat — especially if you’ve bought it used or from an online third-party vendor. In a recent video interview with CNN, a Black Hat USA researcher shows how the device can be hacked simply by using the USB port in the back and connecting to a home’s wireless internet network.
What makes the Nest so different from other thermostats — and what puts residents in a particularly vulnerable position, should the device be infiltrated — is that this thermostat is a “smart” device which tracks residents’ movements and temperature preferences. It is motion-activated so that it can sense when you’re home, and automatically adjust the temperature based on previous settings. It is capable of connecting to wireless networks and it stores a great deal of information, including everything from your network password to the time of day you come home from work. It’s important for homeowners to know that the Nest cannot be hacked into remotely, but if someone is able to access the device’s USB port, then that person can modify the Nest’s software so that it will connect to their computer of choice, even when it’s relocated to a different house and is running on a different wi-fi network.
Although there are currently no reports of a Nest actually being hacked and used against residents, Black Hat USA is hoping that their discovery of the security breach will encourage homeowners to be wary of purchasing smart electronics, like the Nest, from used re-sellers or third-party vendors who have had direct access to the devices. Like many high-tech gadgets these days, it’s important for consumers to bring only high-quality devices bought from trustworthy sources into their homes.
“The need of connectivity has been driving the market for home internet connected thermostats,” says Chris Long of All Seasons Comfort Control. “It is important to have these thermostats installed correctly by a licensed contractor that you can trust, and verify they’re operating properly. It’s also important to use a licensed contractor because if there are any warranty issues you can give them a call and have all issues quickly resolved by a professional.”