• AllNewTypeFace@leminal.space
    link
    fedilink
    English
    arrow-up
    0
    ·
    6 months ago

    I wouldn’t be surprised if someone reverse-engineers the protocol and codes up their own replacement backend as a one-file Python script in a weekend.

    • IphtashuFitz@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      That truly depends on how secure Ecobee made it… I’ve seen some smart devices that use SSL (https) for all communication and do some sort of certificate authentication, making it virtually impossible to decrypt its communication protocol without a valid private key…

      Having said that, it’d be nice if Ecobee took the initiative and opened up these older devices, if they could do so without comprising the security of all their others.

      • jonne@infosec.pub
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        In the last 16 years there’s been multiple SSL vulnerabilities, so if someone was motivated enough, they could probably hack it, especially considering they’d have physical access. You could probably even dump out the filesystem and overwrite certificates with your own.

        • AggressivelyPassive@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          16 years ago was 2008 (which is shocking in itself, I’m old), SSL was seen as very very optional until 2013, when Snowden dropped his CIA/NSA leaks.

          I wouldn’t be surprised, is the security is “trust me, bro”.

  • philpo@feddit.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    6 months ago

    That’s why one uses an industry standard that is brand-independent,operates offline by design and does not require a central component besides a power supply.

    Sounds like utopia?

    This standard has been available since 1990 in its archaic form, since 2002 in its current form. It is downwards compatible and over 400 companies worldwide are part of the standard. HomeAssistant, ioBroker, openHAB,etc. all support it directly and there are multiple crossover gateways with other standards like DMX, ModBus, Dali,etc. exist. And no, it’s components are not more expensive once you look at the TCO.

    For fucks sake, people, use KNX.

    (PS: There are even a few open-source/DIY components available)

      • philpo@feddit.de
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        Haha, no. But I know someone who was part of the OpenTherm development.

        To quote him:

        OpenTherm exists because Plumbers don’t trust Sparkys and Sparkys don’t trust plumbers.

        OpenTherm is easy to install but “stupid” as hell and not adaptable to modern needs mostly, especially if you consider modern heating concepts like passively heated houses, heat pumps,etc.

        That’s different from KNX (or Modbus in that regard) - They are much broader in their appeal. Singule use/walled garden systems are always a bad idea,imho.

        • baru@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          OpenTherm is easy to install but “stupid” as hell

          Ah, good but not nice to know. OpenTherm is really popular in the Netherlands. Not nice because I know loads who have such a thermostat. Oh well.

          • philpo@feddit.de
            link
            fedilink
            English
            arrow-up
            0
            ·
            6 months ago

            The good thing is: You can easily replace OpenTherm with KNX. Afaik there are Gateways that mimic Opentherm towards the heater so you can use KNC for the actual control.

      • philpo@feddit.de
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        So is windows and Linux if you just look at the year they were introduced.

        Just because something is backwards compatible doesn’t mean it does not get updates/improved.

        And tbh, a light switch does not need that much improvement technology wise.

          • philpo@feddit.de
            link
            fedilink
            English
            arrow-up
            0
            ·
            6 months ago

            The thing is: The standard itself is rather well designed and didn’t need too much updates (they just extended the possible packet contents in terms of possible parameters - which technically isn’t that necessary as you can fall back to ASCI).

            The last major updates were more towards extending functions (KNX over RF), connecting locations via IP tunnel, and securing the packets themselves (which is not really necessary for single household installations but VERY much for multi tennant installations).

            The major strength of KNX is the bus packet system itself - as the packets are standardized there are only a few attack avenues. An attacker could flood the bus with packets, try to update with fraudulent code (if none did put a password on it) or try to put fraudulent content in a module that accepts ASCI packets. The problem is the access - the attacker would need physical access or the IP gateway (if existing)would need to be unsecured towards the internet… In the end it is a fairly resilient piece of software.

    • philpo@feddit.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      And to add another unpopular opinion:

      A smart temperature control is the one I never ever need to use. Because then the room always has the temperature I want.

      • CucumberFetish@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        If you have a home office or someone is at home 24/7, then yes. Otherwise it would make sense to reduce the heating/cooling of the house when no one is home and setting the correct temp again when people are about to get back. Saves quite a few bucks.

        • philpo@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          The system does exactly that - But that is done automatically without intervention.

          The system recognises by checking on our devices and the presence detectors if we are at home. If we aren’t it reduces the temperature.* Then it looks into our calendars when we can be expected to be back and increases the temperature accordingly (additionally once we enter a certain Geofence).

          *:The overall heating effort is also based on the current and expected weather and sun-influx,as I have some rooms that basically heat themselves when the sun is out. The system is using that effort to adjust shades (e.g. it would allow a lower living room temperature in the morning after we left when it knows that there will likely be a sunny afternoon heating the room without the need to add external heat)

          This is what I mean with smart: A smart system is only smart if the user doesn’t have to fiddle around with it. Everything else is a remote.

          (My next goal is to add personalised heating. I want the system to recognise who is/comes home and adjust the temperature accordingly as my wife wants other temperatures as I do. O can do it room based, e.g. the kid’s room is adjusted according to the kid being there, but overall I am not quite there yet)