Originally Posted by
DigitalChaos
To counter Rob, he may be downplaying it TOO much. It was made clear that more than just the CIA have these tools now. It's also not impossible to take these attacks that require physical access and adapt them for network delivery. In fact, most attacks evolve this way.
Internet attached bullshit like the Echo and thermostats are security nightmares for multiple reasons. Even the ToS for some of the smart TV's explicitly tell you to be careful of what you say around them. The average person should still be worried about that stuff. It's not the CIA, but all the other miscreants. Those devices are poorly secured and not maintained anywhere near as much as the laptops and mobile phones that have cams/mics on them as well. I'm never going to buy those things for everyday use. There will come a day when I have no option, and I will open the TV and physically remove the microphone, blind the camera, and pull the wifi antenna.
It's starting to get there... but there needs to be more attention. The attention rarely happens until a big story like this blows up. If all you have is a proof of concept attack, you have to really hype it up to get press coverage. You end up feeling like a tool doing it though :/
Even Amazon's "2 factor auth" can be circumvented with a call like you saw in the video. It's so frustrating having all these backdoors thanks to poorly trained customer service reps that are given too much admin power.
Well, a smart thermostat is literally "attaching fire to the internet" if you think about it. Sure, losing heat when you want it is going to be a massive annoyance. If you are old and live in a very cold area, it could kill you though. There was a recent issue with the Nest thermostats that caused a ton of them to fail for a few days. It was just a bug. People were pissed. Maxing out your heat while you are on vacation can bring some really big surprise gas bills, great for revenge. And the heat exchangers are surprisingly delicate, not too hard to crack them if you run them like an idiot. A cracked exchanger pumps carbon monoxide into your house.
But really, its a computer inside your network that can see everything happening inside your network and can relay it all outside of your network. That opens up tons of possibilities. Some of them hurt you. Some of them hurt everyone (Mirai botnet that we have only just started seeing the beginnings of).
edit: as for burglars... most aren't smart. But there are so many ways to check for occupancy and/or targets with $$$ thanks to technology. $200 thermal cams to see if the house is warm. Bluetooth scanners to see which houses are filled with valuable electronics. etc.