0
4

[–] dabork 0 points 4 points (+4|-0) ago 

Just yet another reason why SOME THINGS WERE NOT MEANT TO BE CONNECTED TO THE FUCKING NETWORK.

Jesus Christ , I can't wait for the "smart" revolution to just fucking die.

0
0

[–] OneNutWonder ago 

Remote access to these systems is completely justified, it's just that MOST places do it on the cheap (by cheap I mean ultra cheap). These systems are way more complex than 99.9% of people think, and in some cases the need to respond quickly is needed. This is a recipe for sloppy programming and unsecure networks. And yea, its bad.

However, I do think the "smart" revolution can be a good thing, but the vast majority of buildings are not smart (so I wouldn't call it a revolution). The efficiency of "smart" buildings vs "dumb" buildings can be astronomical, and there are hundreds of thousands of small to mid-sized office buildings that could reduce their utilities by 33%, simply by making SOME of their systems automated.

FYI, I am in no way advocating for toasters, microwaves, refrigerators, and such to be connected. When it comes to that shit, I do agree with you.

0
0

[–] Moderately_soluble ago  (edited ago)

A refrigerator that automatically orders groceries when needed would be a cool concept. Sadly all they managed was let you read Twitter.

0
1

[–] OneNutWonder 0 points 1 point (+1|-0) ago  (edited ago)

I know a great deal about the HVAC industry and I can tell you it is plumb full of gaping security holes. Wireshark can show you the sending and receiving device addresses and the plain text data they are exchanging. A lot of places put their entire HVAC/lighting/security systems on the same IT infrastructure as the rest of the building. My coworker and I tested a phone app for this scenario. We got on a buildings wifi, did a scan for BACnet IP devices, and started overridding lights, fans, boilers, cooling towers, you name it (it wasn't malicious, and was simply to show how vulnerable they were). Besides the password to get onto the wifi, nothing else is protected. This is the case with a ton of buildings. Only recently have supervisory devices started using https for the browser UI connection, but on the same network the data that is doing all the work is completely unprotected. What this guy did is just the tip of the iceberg.

Obviously turning lights on and off isn't too bad, but when there is a giant steam boiler, or a large chiller, it would be very easy to cause hundreds of thousands of dollars of damage and you are now in the realm of really being able to hurt people.