Security threats of ' embedded systems ' used in controls are some serious stuff
This one describes how the vulnerability in off the shelf commercial micro controller often used in embedded systems can be tampered with. They say that malware can be injected into the firmware into HP printers through ordinary print command which can add backdoor to the printer that can steal data that is sent to printers, infect other devices in network and create a work-around to firewalls. http://ids.cs.columbia.edu/sites/def.../ndss-2013.pdf
I can see this becoming the future...
Malware gets on a tech's computer, which then infects the firmware on his flash memory, that can then infect the thermostat's firmware. The thermostat has access to home's WiFi, so the malware can then transfer over to computer. http://www.tripwire.com/state-of-sec...on/danger-usb/
There's no doubt computerized, communicating controls enable a lot of stuff. Many HVACR controls are designed as so called " embedded systems " which means much of controls' functions are controlled by software residing within devices.
In the past, computer viruses were used as malicious sabotage that was generally not gainful for perpetrators. In modern days, the major concerns is theft of data. There is significant interest by criminals to obtain data which is a real motive.
Many of us had to have our credit cards reissued following the Target attack, an attack that involved " embedded systems " , a questionable technology that is double edged sword. In the yesteryears, equipment service usually required use of special wire harness and physical connection and they lack data transmission ability. Unfortunately, the digitally writable features of microcontroller chip is a breeding incubator for malware. With many devices now having outbound traffic capabilities, it creates a major threat when authorized or trusted devices are able to execute codes.
The common features in these embedded systems is a flash memory that can hold a substantial amounts of data and rewritable for firmware updates and configurations. Sometimes, even have "poisoned supply chain" where disreputable vendors bug the devices. So... using those China sourced controls might not be a good idea.
too bad no one is writing a Chernobyl for the Nest...
Experience - knowing when to get the hell out of the way and plug your ears. "Don't be a sissy. Turn it on!"
Poodle Head Mikey - "the world is well populated with the unknowing and the uncaring and the stupid."