Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
Member Login

Site Notices
Posted: 7/30/2017 3:46:20 PM EST
Spare y'all the details, but someone hacked my ecobee account and was screwing with my settings and schedule.

Customer Service confirmed that some one had accessed my account out of country.


If you have an Ecobee, be warned!
Link Posted: 7/30/2017 3:48:07 PM EST
How bored would someone have to be to hack that?.....
Link Posted: 7/30/2017 3:48:19 PM EST
How did they hack it though? Was their user database compromised or did they get your info through some other means?

That kind of matters when you tell everybody to beware about account hacking for a particular service.
Link Posted: 7/30/2017 3:48:55 PM EST
I think I would stay away from that home automation / IoT shit.

Posted from a conference hall at DEFCON 25
Link Posted: 7/30/2017 3:49:39 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Alien:
How did they hack it though? Was their user database compromised or did they get your info through some other means?

That kind of matters when you tell everybody to beware about account hacking for a particular service.
View Quote
They wouldn't tell me, other than that the logs showed that my Ecobee web portal was accessed out of country and I needed to change my password.
Link Posted: 7/30/2017 3:50:20 PM EST
That is one bored mother fucker.
Link Posted: 7/30/2017 3:51:59 PM EST
[Last Edit: 7/30/2017 3:53:05 PM EST by Mech2007]
Is that like a FlowBee?
Link Posted: 7/30/2017 3:52:03 PM EST
all the told me was to change my password.

Link Posted: 7/30/2017 3:54:59 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ricko1:
How bored would someone have to be to hack that?.....
View Quote
That was my question.  Shit.
Link Posted: 7/30/2017 3:58:34 PM EST
Link Posted: 7/30/2017 4:01:03 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Paul:
There is a well known web site that use software to search the internet looking for devices connected to it. The robot software tests to see if the passwords are default and posts their results to publically open databases for hackers to use as they see fit.
View Quote
Password was not default, and not generic.
Link Posted: 7/30/2017 4:03:51 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By hawktheslayer:
That was my question.  Shit.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By hawktheslayer:
Originally Posted By ricko1:
How bored would someone have to be to hack that?.....
That was my question.  Shit.
Extortion, gaining persistent access to your home network, for the lolz. Take your pick.

Here's an older story about ransomware.
https://slashdot.org/story/314689
Link Posted: 7/30/2017 4:07:08 PM EST
[Last Edit: 7/30/2017 4:09:08 PM EST by the_naked_prophet]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By BCV:
Password was not default, and not generic.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By BCV:
Originally Posted By Paul:
There is a well known web site that use software to search the internet looking for devices connected to it. The robot software tests to see if the passwords are default and posts their results to publically open databases for hackers to use as they see fit.
Password was not default, and not generic.
The ones you know about weren't. It's the devices you didn't even know could be accessed that have the default password, and let them in that way.

It's some form of magic.
Link Posted: 7/30/2017 4:07:30 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By hawktheslayer:
That was my question.  Shit.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By hawktheslayer:
Originally Posted By ricko1:
How bored would someone have to be to hack that?.....
That was my question.  Shit.
Could be looking for a way into people's networks.......it's already a trusted device, so packets flowing from it/to it wouldn't be as obvious.  Probably got his password from some malware on his machine or it was a simple password.
Link Posted: 7/30/2017 4:08:15 PM EST
My wife hacked mine and set the shit to 76.  I want it at 74!
Link Posted: 7/30/2017 5:03:28 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By BCV:
Password was not default, and not generic.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By BCV:
Originally Posted By Paul:
There is a well known web site that use software to search the internet looking for devices connected to it. The robot software tests to see if the passwords are default and posts their results to publically open databases for hackers to use as they see fit.
Password was not default, and not generic.
You need to change your password at every website that uses the same or a similar password or they could be compromised too.
Link Posted: 7/30/2017 5:08:13 PM EST
One of the things I like about the Nest (yeah, not as good) is they support two factor authentication.
Link Posted: 7/30/2017 6:27:33 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Fallen:

You need to change your password at every website that uses the same or a similar password or they could be compromised too.
View Quote
I use different pass phrases for everything!
Link Posted: 7/30/2017 6:30:21 PM EST
Was the password 12345, because that is the same as my luggage.
Link Posted: 7/30/2017 6:34:22 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Trilithon:
Was the password 12345, because that is the same as my luggage.
View Quote
Link Posted: 7/30/2017 6:37:36 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By BCV:

Password was not default, and not generic.
View Quote
More than likely an exploit of a flaw in your firmware that bypasses your password.  Look for patches on your device type.

Here is an article on home routers.
https://www.wired.com/story/wikileaks-cia-router-hack/
Link Posted: 7/30/2017 6:41:59 PM EST
Mine is a RadioThermostat with the radio module on the side.

Someone screws with it, pull the radio module and it becomes a regular programmed thermostat.
Link Posted: 7/30/2017 6:42:34 PM EST
your password of "P@ssw0rd123" wasn't strong enough. ;)

Usually with hacks like that, it's either the company got hacked and the attackers got some list of accounts and passwords, or your password was too simple and a brute force attack got it right.

OR... you're using the same password that you use elsewhere, and THAT password got hacked.
Link Posted: 7/30/2017 6:49:48 PM EST
Go play around with Shodan and you will be shocked at whats out there.
Link Posted: 7/30/2017 7:00:13 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By voodochild:
Go play around with Shodan and you will be shocked at whats out there.
View Quote
bro, I have been trollin' shondan since before youtube made it popular!
Link Posted: 7/30/2017 9:15:23 PM EST
do you save your passwords in your web browser by chance?

there's been attacks for a long time that will try and siphon those credentials that can be injected into advertising networks, so you could get hit by going to a legit site that sells ad space.
Top Top