Yeah this is why I’m so fascinated with the concept of designing home automation that is independent of the internet. Privacy and reliability

This is the best summary I could come up with:

That, with some API tinkering and an email address, a bad actor could possibly set its temperature or make it run constantly.

Opening a tap triggers the exchanger, heats up the water (with natural gas, in my case), and the device has to push it through the line to where it’s needed.

When I went into the utility closet to shut off the hose bibbs for winter, I noticed a plastic bag magnetically stuck to the back side of the water heater.

The Control-R Wi-Fi Module must be installed for recirculation to operate,” read the intense yellow warning label.

The tone of the language inside (“DO NOT TOUCH,” unless you are “a properly trained technician”) did not match that of the can-do manual (“get the most from your new module”).

I installed the device, went through the typical “Connect your phone to this weirdly named hotspot” process, and—it worked.

The original article contains 441 words, the summary contains 149 words. Saved 66%. I’m a bot and I’m open source!

A thought, one way to mitigate such security issues yourself would be to make use of subaddressing (the + sign) in your email address you use for such services, by appending your own random guid, for example, essentially making guessing your exact email address string futile. For example instead of using simply johndoe@example.com you would instead use johndoe+9be28cb9-fd22-4e9f-8144-93f90ab04a1f@example.com when registering. Assuming the service provider isn’t using some lame and incorrect email address validation regex.