The "smart" thermostat stuff is scary. I have Haier minisplits in my house and they have some "smarts" built into each head unit. The way it works from the user's perspective is you connect to the device in the GE Home app via Bluetooth, enter your WiFi network's credentials, then the minisplit joins your wifi network and phones home to GE Cloud. Then your GE Home app can monitor and control your minisplit via GE Cloud.
I haven't done anything to analyze it further, instead after trying that out once I promptly changed my WiFi password and never looked back. The long term solution will involve some ESP32s, AHT20 temp/humidity sensors, and IR rx/tx.
But it just occurred to me reading this that if there's a similar vulnerability in HVAC system controls an attacker could cause one hell of an unanticipated power demand spike.
My problem with smart thermostats is the user interface couldn't be more awful. It's just nuts. You cannot do anything without the squinty manual in one hand and the squinty touchscreen in the other. So, you finally get it programmed. Then you want to change something, and boom, start all over.
I gave up.
I use a simple dial the temperature, turn on/off thermostat. I turn it off when going to bed, turn it on in the morning. Very happy.
I had a similar problem with the water sprinkler. The user manual was something like 50 pages. Utter madness. Now I just water the lawn manually, when I get around to it.
This is honestly why it's important to insist on Z-wave or Zigbee if you don't have control over the device firmware and must have smart controls. Why people don't seem to understand now that if it's "WiFi" it's suspect at best, I'll never understand.
The ideal setup is having a separate vlan for your IoT things, that has no internet access. You then bridge specific hubs into it, so the hubs can control them and update their firmware.
If you have IoT devices that are unsafe but cannot be updated any other way, you can temporarily bridge the IoT VLAN to WAN.
Honestly, what IoT stuff needs is something similar to LVFS. Make it so all the hubs can grab updates from there, and can update any IoT device that supports Matter. It would also serve as a crapware filter because only brands that care about their products would upload the firmwares.
Many WiFi-based "smart" devices can run locally without Internet access just fine and are supported by HA or other such platforms, which then doesn't require you using the vendor's app, which might have you need to be on the same broadcast domain as the device. They can use multicast (few home users will have multicast routing between VLANs), or direct broadcast - meaning you will likely give them Internet access because your phone needs it - well unless your WiFi is smart enough to limit individual clients. So a restricted VLAN plus HA or some such solves this.
The real problem is those devices that actually don't let you control the device locally - Tuya being one notable example. There are thousands of products that just went and dropped in a Tuya board.
Tuya is completely cloud-controled.
To control these locally you need a "local key" that is buried deep in their developer platform, and changes every time you re-pair the device, and getting it without registering the device is, on purpose, near-impossible without tricks like using an Android emulator with an old version of their app that stores the key, and even then requires effort to exfil the file out of Android. Horror. A device you physically own, only responds to control from the mothership.
So yes, you don't get those kinds of issues with RF protocols, of course unless you put the vendor's "bridge" on your network...
A friend of mine found Zigbee unreliable where he was, and just wired the home for 1-Wire. Temperature sensors, relays, heating PIDs etc. Not only it just won't die, but good luck to anyone hacking it without extra equipment and ripping wires from walls, and firstly being inside, unsupervised and undetected.
None of the existing smart controls stuff I've found really does it for me. I'm trying to build a hybrid heating system with 4 hydronic zones and 8 minisplits. For my HVAC controls the design is converging to a round mechanical Honeywell thermostat for each hydronic zone with a "smart" thermostat (no cloud) wired in parallel--TBD whether buy vs build. For the minisplits I'm building my own thing that can speak their IR protocol, which will also double as a per-room temperature sensor. It all gets tied together with outdoor temp sensor via HomeAssistant. So if all the "smart" stuff fails, the trusty mechanical guy will keep the house from freezing.
There are halfway decent hybrid controls available for ducted systems but you can't afaik buy anything off the shelf to merge hydronic + minisplits. And as far as I can tell, none of the off-the-shelf smart thermostats has any built in analog backup. I view that as absolutely critical for my use, if the power goes out and I'm not around I need to be 100% certain that when the power comes back on the heat will also.
EDIT: Digging around a little more it seems that Mitsubishi H2i minisplit systems don't speak zwave or zigbee, neither does Haier Arctic. I'm not 100% sure if that's accurate, but I haven't been able to find any documentation in the affirmative or negative. Those are the two heat pump options available locally. I'll be remodeling a small barn into an ADU this summer, that project will be more amenable to a forced air hybrid system, so maybe I'll be able to get away with a Honeywell smart zigbee capable thermostat that can drive it.
An analog fallback is a good idea, to be sure your house doesn't freeze when you're away.
> EDIT: Digging around a little more it seems that Mitsubishi H2i minisplit systems don't speak zwave or zigbee, neither does Haier Arctic
There are no mini-splits in the US that speak anything remotely standard. If you want to go with ducted systems, TRANE and others have smart AC units that use "communicating thermostats". The protocol is based on Envirocom system and it's pretty basic.
Good news is that you can still control them by shorting the wires with a traditional thermostat, so you still can have an analog backup in case the regular digital thermostat fails.
The Honeywell thing I bought on amazon turned out to not be analog after all. It's got an Atmel Atmega something or other in it. It obviously can't connect to the internet through its 24VAC 3 wire interface but it's running software I can't inspect and therefore assume to be completely riddled with bugs. It's going back to be replaced with Whites-Rodgers Emerson unit.
Yet, it's common. They typically are drop-in replacements for classic mercury switch thermostats. Mercury is not available anymore (for a good reason), and gallium alloys wet almost everything.
Bare bi-metallic strips don't work as well because contacts tend to get oxidized and/or stuck. They are also a pain to calibrate.
A small microcontroller with a relay tends to be more reliable.
> A small microcontroller with a relay tends to be more reliable.
Until some bug surfaces that requires a reboot to -fix- work around, but since the device is powered by a battery (EDIT: still puzzling through what might happen when this battery runs out..) which isn't user serviceable and has no reset switch... The device I tore down this morning fits that description. I'll take my chances with a bit of calibration and some yearly maintenance. My vehicles all have grease points and maintenance schedules, I can handle also greasing my thermostat contacts ;)
That said, the regulators taking away the mercury switch isn't an excuse for the user hostility. They could have made a device that is less sketchy. Even if they actually did a great job and it's in fact much safer and more reliable than the analog device (in which case they should show data), I know I can open up the analog one and make it work. I can figure out how to keep it working. I can look at it and evaluate whether I trust it. I cannot do that with some proprietary blob on an MCU.
They are typically not powered by batteries. These thermostats either use the common wire or utilize the fan circuit to periodically charge a capacitor powering the MCU.
> I can look at it and evaluate whether I trust it. I cannot do that with some proprietary blob on an MCU.
Your air conditioner/heater likely has a controller. Probably several, at least for thermal protection and overcurrent.
You make a good point about the furnace. It remains to be seen how long it'll last. My only hope is that it was designed to be serviceable.
I was very surprised to find the battery. This thermostat is designed to be compatible with older 3-wire systems, so I suspect they slapped a "10 year" battery in it and hope for the best. It's also marketed fairly deceptively. Or at least enough have fooled me--I thought I was buying an analog device.
EDIT: now I'm looking at the data sheets for an LM57 and getting some ideas
Mine is Z-Wave, the next model up required an internet connection and a subscription if you wanted to access it from remote.
The HVAC guy probably thought that I was nuts for wanting the one that I got, since the price was similar. Six years later and I'm still controlling it from Z-Wave.
> But it just occurred to me reading this that if there's a similar vulnerability in HVAC system controls an attacker could cause one hell of an unanticipated power demand spike.
Thankfully, Mysa responded very rapidly to fix it, but if they hadn't I was planning to notify the BC provincial electric utilities which were cross-subsidizing these devices.
I haven't done anything to analyze it further, instead after trying that out once I promptly changed my WiFi password and never looked back. The long term solution will involve some ESP32s, AHT20 temp/humidity sensors, and IR rx/tx.
But it just occurred to me reading this that if there's a similar vulnerability in HVAC system controls an attacker could cause one hell of an unanticipated power demand spike.