I wouldn’t be surprised if someone reverse-engineers the protocol and codes up their own replacement backend as a one-file Python script in a weekend.
That truly depends on how secure Ecobee made it… I’ve seen some smart devices that use SSL (https) for all communication and do some sort of certificate authentication, making it virtually impossible to decrypt its communication protocol without a valid private key…
Having said that, it’d be nice if Ecobee took the initiative and opened up these older devices, if they could do so without comprising the security of all their others.
In the last 16 years there’s been multiple SSL vulnerabilities, so if someone was motivated enough, they could probably hack it, especially considering they’d have physical access. You could probably even dump out the filesystem and overwrite certificates with your own.
16 years ago was 2008 (which is shocking in itself, I’m old), SSL was seen as very very optional until 2013, when Snowden dropped his CIA/NSA leaks.
I wouldn’t be surprised, is the security is “trust me, bro”.
That’s why one uses an industry standard that is brand-independent,operates offline by design and does not require a central component besides a power supply.
Sounds like utopia?
This standard has been available since 1990 in its archaic form, since 2002 in its current form. It is downwards compatible and over 400 companies worldwide are part of the standard. HomeAssistant, ioBroker, openHAB,etc. all support it directly and there are multiple crossover gateways with other standards like DMX, ModBus, Dali,etc. exist. And no, it’s components are not more expensive once you look at the TCO.
For fucks sake, people, use KNX.
(PS: There are even a few open-source/DIY components available)
For fucks sake, people, use KNX.
I thought you’d say OpenTherm!
Haha, no. But I know someone who was part of the OpenTherm development.
To quote him:
OpenTherm exists because Plumbers don’t trust Sparkys and Sparkys don’t trust plumbers.
OpenTherm is easy to install but “stupid” as hell and not adaptable to modern needs mostly, especially if you consider modern heating concepts like passively heated houses, heat pumps,etc.
That’s different from KNX (or Modbus in that regard) - They are much broader in their appeal. Singule use/walled garden systems are always a bad idea,imho.
OpenTherm is easy to install but “stupid” as hell
Ah, good but not nice to know. OpenTherm is really popular in the Netherlands. Not nice because I know loads who have such a thermostat. Oh well.
The good thing is: You can easily replace OpenTherm with KNX. Afaik there are Gateways that mimic Opentherm towards the heater so you can use KNC for the actual control.
2002 is pretty archaic in technological terms.
So is windows and Linux if you just look at the year they were introduced.
Just because something is backwards compatible doesn’t mean it does not get updates/improved.
And tbh, a light switch does not need that much improvement technology wise.
Fair enough. I didn’t read it as being currently maintained in your original post.
The thing is: The standard itself is rather well designed and didn’t need too much updates (they just extended the possible packet contents in terms of possible parameters - which technically isn’t that necessary as you can fall back to ASCI).
The last major updates were more towards extending functions (KNX over RF), connecting locations via IP tunnel, and securing the packets themselves (which is not really necessary for single household installations but VERY much for multi tennant installations).
The major strength of KNX is the bus packet system itself - as the packets are standardized there are only a few attack avenues. An attacker could flood the bus with packets, try to update with fraudulent code (if none did put a password on it) or try to put fraudulent content in a module that accepts ASCI packets. The problem is the access - the attacker would need physical access or the IP gateway (if existing)would need to be unsecured towards the internet… In the end it is a fairly resilient piece of software.
And to add another unpopular opinion:
A smart temperature control is the one I never ever need to use. Because then the room always has the temperature I want.
If you have a home office or someone is at home 24/7, then yes. Otherwise it would make sense to reduce the heating/cooling of the house when no one is home and setting the correct temp again when people are about to get back. Saves quite a few bucks.
The system does exactly that - But that is done automatically without intervention.
The system recognises by checking on our devices and the presence detectors if we are at home. If we aren’t it reduces the temperature.* Then it looks into our calendars when we can be expected to be back and increases the temperature accordingly (additionally once we enter a certain Geofence).
*:The overall heating effort is also based on the current and expected weather and sun-influx,as I have some rooms that basically heat themselves when the sun is out. The system is using that effort to adjust shades (e.g. it would allow a lower living room temperature in the morning after we left when it knows that there will likely be a sunny afternoon heating the room without the need to add external heat)
This is what I mean with smart: A smart system is only smart if the user doesn’t have to fiddle around with it. Everything else is a remote.
(My next goal is to add personalised heating. I want the system to recognise who is/comes home and adjust the temperature accordingly as my wife wants other temperatures as I do. O can do it room based, e.g. the kid’s room is adjusted according to the kid being there, but overall I am not quite there yet)