That is terrifying. Messing with thermostats could be enough to kill vulnerable people.
replyYes. An excerpt from my initial email to Mysa's security contact…
reply> I stumbled upon these vulnerabilities on one of the coldest days of this winter in Vancouver. An attacker using them could have disabled all Mysa-connected heaters in the America/Vancouver timezone in the middle of the night. That would include the heat in the room where my 7-month-old son sleeps.
I’m not super familiar with MQTT. I wonder how common this is..
replyMQTT is a very simple pub/sub messaging protocol.
replyIt's used in a enormous number of IoT devices.
The "IoT gateway" service from AWS supports MQTT and a whole lot of IoT devices are tethered to this service specifically.