alt Hacker NewsI discovered a very similar vulnerability in Mysa smart thermostats a year ago, also involving MQTT, and also allowing me to view and control anyone's thermostat anywhere in the world: https://news.ycombinator.com/item?id=43392991
Also discovered during reverse-engineering of the devices’ communications protocols.
IoT device security is an utterly shambolic mess.
Replies
minimalthinker • yesterday at 9:53 PM
I’m not super familiar with MQTT. I wonder how common this is..
➕ show 1 reply
That is terrifying. Messing with thermostats could be enough to kill vulnerable people.