Nest Thermostats Were Leaking ZIP Codes Over WiFi

The Nest thermostat is a popular smart device that supposedly helps users to save money on heating and cooling, and also have a cool-looking round electronic device on their walls. Yet two researchers at Princeton University pointed out a problem that should terrify most Nest users: their thermostats were broadcasting their location, unencrypted, over WiFi.

That means any person walking or driving by with the right equipment would be able to intercept that information. Arguably, someone physically close enough to your home to intercept a WiFi signal knows what the local ZIP code is, but that information isn’t supposed to be broadcasted unencrypted. However, what other information could be floating around unencrypted?

The researchers were testing a variety of smart devices for information leaks and vulnerabilities, and found that other devices like the Sharx security camera and PixStar photo frame sent unencrypted data that could be intercepted.

Nest, which was acquired by Google in 2014 and is now part of their Alphabet umbrella company, fixed the bug that was causing the data leak back in October. The question is, though, when will the next bug come? For Nest, the last problematic bug was reported less than a week ago, when users learned the hard way that a software problem had drained the devices’ batteries, throwing off the timing of their heat and cooling. Some users reported that it turned off their heat entirely. That’s not a problem if you’re home to charge the device, but is potentially a huge problem if you’re not home.

Who Will Secure the Internet of Things? [Freedom to Tinker] (via Motherboard)
nest Learning Thermostat Rating [Consumer Reports]