Posts Tagged ‘Smarthome’

How not to implement smarthome security – Connected A/C

December 17, 2017 1 comment

Recently I added a few Mitsubishi minisplit A/C systems to my home and because I travel a lot (and I’m incredibly lazy) wanted to be able to control them from my phone (and the couch). I’ve had previous history with the Honeywell RedLink system (which requires yet-another-hub) and was pleased to find that mini-splits with native wifi connectivity are available.

My installer had never set up such “new” technology so this week he arrived with a number of tiny plug-in boxes, and the installer training video to connect up my units.

Halfway through following the steps on the video, the app presents us with an “Enter Installer Pin” challenge – cool I think, “some security at least to stop…”

what exactly?

I’ll get to that topic later – but needless to say, the pin wasn’t mentioned in the training video, nore the one-page install guide in the package.

Never to be defeated, I turn to my trusty advanced hacking toolkit and universal IoT password finder..

A search for “Mitsubishi installer pin” yields some helpful results – one, in particular, catches my eye, since it’s hosted on that vendor’s support URL

Here’s a picture of the result – note how helpfully they put the pin in bold text!

Installer Pin

So strike one and two for this vendor –

  1. never use a fixed pin, for anything!
  2. never print your passwords, especially not in public-facing documentation

I’ll let the 9999 pin pass, given it’s not in the top 10 of most common pin codes (it’s #11) –

So, back to the question of what exactly the installer pin is protecting? Mostly, it’s protecting the homeowner from adding a new unit to their online account, and it’s protecting them from being able to re-link a unit if for some reason it loses connection. In my case, there were no “dangerous” options I could mess around with – and reading the documentation, it seems that the installer protected options are really a crutch for a system which should be able to learn for itself what options are present and configure itself automatically.

So for me, the “installer pin” protects my installer, otherwise, I’d be able to configure my A/C unit without him. He’s a nice guy, but I don’t want to be scheduling a site-visit every time I change my wifi password.

This seems to be a trend within the Air Conditioning industry – for example, Honeywell’s Redlink Gateway (which is effectively plug-and-play) also should only be installed by a “trained experienced service technician” – at least with these gateways the PIN is unique and printed on the bottom of the device.

As an aside, the Honeywell VisionPro Thermostat also has installer-only options protected by a code, which also is printed on the back of the clip-on device. But if you’re REALLY lazy and don’t even want to unclip it, there’s a menu option on the screen which will helpfully tell you the code.

Believe me – The Redlink gateway takes 30 seconds to install and configure, and you don’t need any “AC training” to understand how to link a thermostat to a mobile app.

Honeywell Redlink Gateway Pin Code

I’m not very tolerant of this kind of “protectionist” behaviour – how many people paid a few hundred dollars for someone to plug in a hub, or “add” their minisplit head unit to their online account – things which require no expertise, have no risk, and generally should be automatic?

How successful would Nest have been if it required a service call to install?

Did you pay for someone to add a trivial IoT device to your home? Comment below.


Smarthome Survey Shows Safety Is No.1 Concern

March 31, 2016 Leave a comment

Smart Home Survey
After surveying nearly 10,000 individuals crossing every continent, it’s obvious that concerns around personal data are the most pressing issue in adoption of smart home technology – more than 90% of people had concerns about cybersecurity.

People also had strong opinions on how things should be secured, with passwords being the most disliked option. It seems the future smart home will use fingerprints, voice and even eye scans instead.

Despite these concerns though, people are generally positive about “smarting up” their living spaces – 75% of participants expect to see real benefits, and were especially interested in smarter lighting, kitchen appliances and heating systems.

And, driving good design, 82% of our participants wanted “a single integrated security package” – another reason for the smarthome industry to drive towards consolidation.

You can find more information in the Atlantic Council smart home report, at

Categories: SmartHome Tags: ,

Why I want all my lights to be smart…

September 22, 2015 Leave a comment

This week Theo Priestley of Forbes posted an interesting article, where he posed a couple of interesting questions:

An average home in the UK can potentially run to over 15 or so light bulbs, but how many would a consumer realistically want to be smartly enabled and connected to the internet ? And again, just what is the value they’re going to receive from controlling them remotely ?

As I sit in my office I have 9 light bulbs around me – I know I’m not in the UK, but I’m British and I don’t remember the UK being particularly starved of bulbs last time I visited. Perhaps Theo meant “light switches” in which case I only have 5 – but the first question he asks is why we want them all to be smart?

My answer is the following – when I get up at 4 am for a flight I don’t want to wake my wife up. I also don’t want to trip over on my way across the room to the light switch. Read more…

Categories: IOT, SmartHome Tags: ,

Smarthome 2015 – 80’s Computing Throwback?

September 10, 2015 Leave a comment

Image C/O Gigaom

With so many competing IOT hubs and ecosystems – how can the dream of the connected home, digital butler experience be realized?

Can you remember personal computing in the 80’s? I was a Commodore 64 kid, I thought it was the best computer ever – why would anyone use anything else?

My classmates generally disagreed though – there was the ZX Spectrum, Tandy, Acorn, Atari, Amiga, BBC Micro (A and B), Amstrad, Apple, and the one kid who’s father had a CPM 80286.

The challenge was, even though we all had much the same goal – play the best games, learn how computers work, maybe write a game of our own – everything was completely different and incompatible – even storage with tape, microdrive, 3″, 3.5″ 5″, 8″ disks – each manufacturer, assured in their own superiority forged ahead creating their own proprietary isolated world. Read more…

Categories: IOT, SmartHome Tags: ,

Understanding Internet Of Things for the Home

January 20, 2015 Leave a comment

Last week Rory Cellan-Jones, a reporter for the BBC, tried to explain in his CES2015 news article why we, all of us, should be interested in the progress of “Internet of Things” for the home. Even our Intel President admitted it’s a hard topic to generally appreciate

I asked Intel’s President Renee James whether she thought anyone outside the show got this idea – and she admitted that they probably didn’t. “It means a lot to us,” she said “but this show is largely about the industry talking to itself.”

Rory Cellan-Jones, BBC News 

In my opinion Rory also misses some of the real value that’s being created in this space, so let me relate some thoughts on the good, and bad of “Home IOT” Read more…

Categories: IOT Tags: ,

CES2015 – A festival of insecure, unmanaged IOT devices..

January 16, 2015 1 comment

The Internet of Things (IOT) and “smart devices” were THE big thing at CES this year – the show was flooded with novel gadgets from every manufacturer – from smart connected coffee makers, health tracking devices, fire alarms, home security systems, and even vehicles which some are considering the next “wearable”.

CES behemoth Samsung’s CEO Boo-Keun Yoon spent a significant portion of their keynote reminding us that IOT “is not science fiction anymore. It’s science fact” – something I can attest to with a significant number of their devices in my own home.

Everywhere you looked, there was either an IOT device, something that “IOT’s” your devices, or something that manages them – and of course in the Intel booth, we also devoted a significant portion of our time talking about how to manage and secure them. Read more…

Categories: IOT, SmartHome Tags: , ,