Gimmicks in newer cars these days

Instead, that type of hacker will cast a very wide net via Trojans and other malware that people inadvertently pick up by clicking on certain internet links.

Correct. That type of hacker is not the type of hacker who is cracking the Pentagon, and so claiming that because the Pentagon got hacked, I will get hacked is bad reasoning.

Part of my security scheme is that I don’t click on those internet links. They’re quite obvious once you know what to look for. Actually, one big security step is to stay away from pirated software/movie/music and porn sites. An enormous share of the malware out there comes from clicking links on those kinds of sites. I’m fairly sure most of us don’t visit those sites anyway.

And stay away from blindly clicking on links from sites that aren’t reputable. If there’s a link on the front page of Cartalk.com, you can probably click it without worrying too much about your security. If there’s a link on the front page of 4chan.com, you should probably run away and re-evaluate the life choices that led you to visit that site in the first place.

So, basically, yes, you are defending yourself from the wide net cast by cyber criminals. But having a wifi-enabled thermostat is not going to make you any more or less vulnerable to such a net. If they hack the website that hosts the thermostat’s web interface, all they’ll get is access to the settings interface for my thermostat. The thermostat company does not have my financial data, or my network password.

The most damage they could possibly do would be to tell the thermostat to turn my air conditioner on in the middle of winter. I do not have to share my network’s credentials with the thermostat company in order to access my thermostat, which means that getting access to my thermostat’s settings interface will not get them any farther than being able to fool with the thermostat’s settings.

If they want access to anything else on my network other than my thermostat, then they will have to crack my specific network, and even assuming they for some bizarre reason target me specifically, they’re not going to get through my security without being very good at what they do. And if they’re that good, there are many more lucrative targets for them to pursue.

I would think that once they get access to the thermostat, they will have the WiFi account name and password, and from that they can get access to anything else connected to that network.

Anything connected to a WiFi network has to have the account name and password in order to connect.

But this is backwards. The only way they can access the thermostat is via your WiFi router (which is connected to the internet, presumably). If they can get that far, then they have access to the entire network.

@BillRussell is correct. The wifi thermostat will connect to your house just like any other wifi device. If you a wifi enabled device (smartphone or laptop) the network may be available to you, but you need a password to have access. I have two wifi printers in my house. You can’t access the printers unless you have access to my router via password (which I don’t give out). My kids don’t know it. They want access from their cells…I have them give me their cell and I type in the password for them.

Not really. At least with mine, the wifi thermostat stores the network credentials locally but does not make them available to view or use via remote connections - you must be physically using the thermostat itself in order to play with the wifi settings. The thermostat software interfaces with a secure website maintained by the company, which sends messages similar to email or IM messages to the thermostat when the user makes a setting change from the software. Since the thermostat is not capable of displaying or allowing changes to the wifi settings from remote, you can’t do anything with my network just because you figured out how to access my thermostat.

Essentially it’s compartmentalized kind of like email is – just because you know my email address does not mean that you have full access to my home network. Just because you can get access to my thermostat information does not mean you can get access to anything else.

And this is assuming you figure out how to get access to my thermostat, which is unlikely unless you know what brand my thermostat is (hint: I’m not telling you) and then spend time cracking my thermostat account information, which would be quite a lot of effort to go through for the end result of being able to change the temperature in my house and nothing else.

The garage door opener works the same way. Unless you know my account credentials or steal my car, you’re not getting my garage door open. And even if you do steal my credentials, all you will be able to do is open my garage door (which I will get 2 alerts for - one from the garage door, and one from the motion-sensing camera in the garage). And the garage door will automatically close again even if I don’t tell it to, and my neighbor across the street will notice because he sees everything that happens in the neighborhood and he’ll probably shoot you before I even get the alert.

The point in all this is that you can enjoy modern conveniences without sacrificing much, if any, security or privacy. You just have to be smart about it. Heck, I enjoy it so much I’m looking into ways to hook the hot tub up to wifi so I can get it heating when I decide I want to use it while I’m not home.

This whole fear about wifi-enabled devices reminds me of the TPMS scare that was going around a couple years ago. For awhile there all you heard was about how hackers could steal your car by hacking into the TPMS system. And while that is, in fact, technically possible on certain cars, in order to do it they pretty much need to be pacing you on the highway in a vehicle filled with specialized hardware and staffed by at least one very accomplished hacker to run it all.

The end result is that while it is technically possible to hack TPMS and steal your car, it’s much, much easier and cheaper to just buy an old quick-pick towtruck and yank it off the streets like a normal reprobate.

After all, it is technically possible for a monkey banging random keys on a typewriter to accidentally type out a Shakespeare sonnet… But if you want to see the job done in your lifetime, you’ll hire a human to do it and not place any bets on the monkey managing the work.

I personally choose not to worry about protecting myself from ridiculously long odds. The alternative is to never go outside because I take a very small chance every day that I will be killed in any number of ways just by poking my nose outside my house. I can’t worry about such things. It would be crippling.

“That type of hacker is not the type of hacker who is cracking the Pentagon, and so claiming that because the Pentagon got hacked, I will get hacked is bad reasoning.”

Well, then you should be arguing with the woman who is in charge of cyber security for Airbus Industries, because it was an interview with her on which I based my comments. She obviously knows a lot more on this topic than I do, and I suspect that she may even be able to out-do you in that category.

Part of her point was that a “secured” home network is far, far less…secure…than the networks used by industry, and I think that she is most likely correct.

Part of her point was that a "secured" home network is far, far less...secure...than the networks used by industry, and I think that she is most likely correct.

Probably more secure…but much more secure. Also how many people are going to spend that much time hacking someones home HVAC system? Not likely. I deal a great deal with system security. If a system is designed correctly it’s virtually IMPOSSIBLE to hack (no matter what you watch on Scorpion) without some inside help. Randomly hacking a 256bit encryption system will take the fastest computer over 14 BILLION years to hack.

I’ll try to keep this post brief; this conversation is starting to get way over my head, but I don’t think folks are thinking ‘4th dimensionally’ so to speak. We know the goal of China is world domination, and the Chinese take a very long view. How many years have they been stealing our patents, technology, and intellectual property? So, we’re getting all these appliances, everything, connected to the internet thru wifi. Could they, in some future war scenario or situation where the USA does something the Chinese don’t like, turn off everybody’s heat on the coldest day in February? Or, shut off all the Haier refrigerators in August? Imagine 30 or 40 million Americans have all their food spoil at the same time, not to mention all the commercial refrigeration units in restaurants, hospitals, nursing homes etc. which will certainly be wifi enabled. Imagine the ‘men and materiel’ that would have to be diverted from the war effort in such a scenario.

I know it sounds paranoid and crazy, but so does reality. Why does a toaster even need to be connected to the internet in the first place? Why were the Chinese putting lead in the dogfood? Of what strategic significance was it for them to poison the family dog? But somebody took the time and effort to do it.

Just seems to me that technology often makes things far more complex than they really need to be.

I was thinking the same could apply to cars Hack into the wifi and prevent everybody’s cars from starting, but I guess that could be done more efficiently with an EMP strike?

Edit to add: Ah, when I was thinking about this earlier today it made sense, but reading my post it sounds crazy, I can’t seem to find the words to translate my thoughts into.

I guess I just can’t understand technology for technology’s sake. WHY would I ever want my refrigerator or washing machine etc connected to the internet? (So some government bureaucrat can tell us we’re using too much water, or we’re not eating enough apples?) Just because it CAN be done doesn’t mean it OUGHT to be done. And for the record, I PREFER hand crank car windows, but, of course, you can’t get them any more because power windows are “better”. Sheesh!

There’s just so many ways that information can be abused, and once it is collected it is out of your control. If the information never gets collected in the first place, then it can never be abused. Its like facebook, how many times have you heard about someone getting robbed, embarrassed, losing out on a job, etc because of something they posted on facebook? If you don’t participate there, none of those things will ever happen to you. . .

In other words, I don’t know what future harm might come to me by having my thermostat, appliances, etc connected to the internet, but I do know if I DON’T connect them to the internet, I WON’T have to wonder or worry about it. The trouble is, getting back to cars, is that it is about impossible to buy a car now that doesn’t already have wifi, OnStar, XM satellite radio, “black box”, already built into the vehicle, integrated into the car such that if you physically remove it, the car will not function properly.

Technology allows people to post here while wearing Tin Foil hats.

NHTSA: People Can’t Figure Out How to Shift Fiat Chryslers Into Park
NHTSA says a badly-designed automatic shifter is confusing drivers, causing them to exit a vehicle that’s still in gear. 121 crashes and 30 injuries have been reported.

One point I have not seen is the ability of a hacker to access a private network through a printer connected to the cloud. "The modern office printer is a machine of many talents. It can print, copy, and scan your most important documents in a flash. Connect it to the Internet, and it can do all those things and more from any device, anywhere, thanks to the advent of printer apps and nascent cloud computing services like Google Cloud Print or HP’s ePrint. But that same connectivity has made these devices a prime target for hackers seeking easy access to your office."

Part of her point was that a "secured" home network is far, far less...secure...than the networks used by industry, and I think that she is most likely correct.

She’s definitely correct. Absolutely no question about it.

But my point is that this fact is irrelevant. The reason industry networks are more secure than my network is because the kind of attacks industry has to fend off are orders of magnitude greater than the kind of attacks I have to fend off. No one gives a crap about hacking my thermostat. Lots of organizations are highly motivated to hack Airbus and download the design specs for their new planes. Lots of organizations are similarly motivated to hack federal systems and get access to national security information.

Look, I could go out right now and have someone armor my car. I could have it pressure-sealed to fend off chemical and biological attacks. I could provide it with its own onboard oxygen system so I wouldn’t have to open the doors for anything. I could have it set up with inner-ring tires so that I could keep driving if someone shot the regular tires out. I could have a smoke screen generator equipped, and then equip it with FLIR cameras so I could still see to drive when I used it.

But I won’t, because doing so would be stupid. But by this Airbus expert’s argument, I absolutely should, because that’s how the president’s limo is set up. Well, the day I become as targeted as the president is pretty much the day hell freezes over. He needs the special protective stuff. I don’t.

And I will not be harmed by not having it either. No one is going to try to assassinate me. Just like no one is going to infiltrate my systems via my thermostat because I don’t have any national or corporate secrets stored on my network. I’m not a high-value target. Corporations and the government are.

Acting as though because high value targets get compromised means I’m in danger of being compromised is absolutely no different than acting as though I need an armored car because the president needs one. It’s an absurd notion. I simply am not going to buy into the Dale Gribble paranoia.

So would you rather the kids start each sentence with a dozen “likes” or “so”? Personally I’m glad the “like” craze is over. A few years ago the young daughter of a friend was so bad I counted 15 “likes” in one verbal paragraph but not a single “so”. Give me so any day. They also may be saying “turn on” instead of “start” because that’s what you do with a computer. If they spent more time on a tractor than the computer “like” in the old days, they might say “start”

I guess I don’t have to worry much. My flip phone will not change my thermostat or open the garage door so I’m out of luck. Plus my furnace has a damper control that only allows a few brands and models of thermostat. I did buy 3 of the compatible set back thermostats last year but have not installed them yet for several reasons. One is I have to run a new wire and the other is that the wife likes to manipulate the temp herself and doesn’t want a computer doing it. “So” they sit in the box yet.

Back to car batteries and current technology. I just got my new Solar BA5 circutus battery tester and have tested the actual CCA on four batteries in a few minutes. Test both voltage and CCA or CA. My batteries are new so I got a good baseline reading but my lawn mower may be a little weak. It was only $45 and takes the place of all the other test devices. Highly recommend.

Explained here again in the video.

I think what’s more concerning regarding the keyless entry and push to start system is reports of carbon monoxide poisoning and deaths related to it

@shadowfax - yeah, you’re almost certainly right. Your posts are very re-assuring.

@“VOLVO V70” - Well, sometimes I enjoy posting, sometimes I read my own post later and think, WTH was I thinking? If someone reads my post and chuckles or laughs and thinks 'wow, that crazy guy. . . ’ well, I’ve brought just a little bit of happiness into someone’s life, like when you find one more piece of chocolate in a bag you thought was empty. . .

As far as the young folks referring to ‘turning on’ a car as opposed to ‘starting’ it, well, with a lot of today’s hybrid cars, you would, in fact, ‘turn it on’ and drive away without the engine ever ‘starting’. Some of them you could drive 5, 10, even 20 miles before the engine ever ‘started’.

I’m just “funnin’ ya” Ed.

Personally though I find it hard to comprehend an adult successfully negotiating life’s challenges, to leave a car running in the garage or other place or in drive and not realize it. But maybe in fairness that new engine shut off feature at stop lights might be causing some issues. Outside of Prius though that sounds like they don’t have a normal park position or start button.

“I find it hard to comprehend an adult successfully negotiating life’s challenges, to leave a car running in the garage or other place or in drive and not realize it.”

I also find it hard to comprehend, but I know that it does happen.
I can recall the head of our English Department coming into work one morning with a look of extreme consternation on his face. It seems that, the previous afternoon, his wife had come home in her trusty '70s-vintage Nova during a torrential rainstorm, parked it in their garage, and left the engine running.

Hubby discovered it about 13 hours later, when he went into their garage. Thank God that their garage was not attached to the house! The wife was an intelligent, normally very responsible person, but she somehow forgot to turn off the ignition of her decidedly old-tech car.

In addition to worrying about the potential effects of CO (which, thankfully was not a factor since the garage was separate from their house), hubby was worried about engine damage. I did my best to reassure him that the only damage was to his wallet, as a result of all of the gas that was wasted through 12+ hours of idling.

“I think what’s more concerning regarding the keyless entry and push to start system is reports of carbon monoxide poisoning and deaths related to it.”

The exact same situation could result from somebody forgetting to use their ignition key to “turn off” the engine in a car that is not equipped with keyless ignition. Instead of the situations referenced in the article being attributed to the keyless ignition, I believe that they should have been attributed to driver error/negligence.

For confirmation of this reality, please refer to my previous post in this thread.

“I believe that they should have been attributed to driver error/negligence.” Agreed.

@VDCdriver Hmm maybe the car manufacturers could try and write in the system a fail switch so to speak where if the car sits in park for over 10 minutes that the engine will automatically shut off? Not sure about if someone some how forgets and leaves it in drive how they could bypass that.

“maybe the car manufacturers could try and write in the system a fail switch so to speak where if the car sits in park for over 10 minutes that the engine will automatically shut off?”

If they did that, then there would be a lawsuit alleging that somebody froze to death because their car failed to keep the deceased person warm while stranded during a blizzard. Trust me…it would happen…

The bottom line is that “you can’t fix stupid”, and if somebody is so brain-dead that they fail to shut off their ignition, it doesn’t much matter whether the car has old technology or new technology. Stupid or irresponsible people will still occasionally fail to do what they are supposed to do, no matter what type of technology is installed in their vehicle.

Geez, whatever happened to the rule-od-thumb that says, "the simplest engineering, that consistently accomplishes the task, is most likely to be correct?“

A Rube Goldberg machine is supposed to be an example of how NOT to do something; instead, we have a generation of young adults venerating " complexity for complexities’ sake” and making a demigod out of ol’ Rube.

“If they did that, then there would be a lawsuit alleging that somebody froze to death because their car failed to keep the deceased person warm while stranded during a blizzard. Trust me…it would happen…”

Sad but probably true in today’s day and age.

And just how quiet are these engines? I might add that my brothers Audi, while the engine is quiet it isn’t That quiet to where someone wouldn’t hear it running while getting out… So it does seem pretty unbelievable that some people don’t notice their engine is still running and leave it that way