Can my smart AC be hacked by a botnet to take over the world?

Let’s get nerdy about AC security: Part 2.
(You can find Part 1 under the title: How Not to drop your AC out the Window)
We’re living in the age of the smart home. It’s an exciting time in which you can dim the lights, put on some tunes and see if it really was the pizza delivery guy who just rang your doorbell, all without leaving your couch…
But smart home appliances can do much more than just facilitate a cozy date night. They can help you save energy, help you manage your time and even help keep you and your family safe.
It’s important to note, however, that IoT systems have their own vulnerabilities and it’s highly beneficial to understand how each of your smart appliances functions so that you can know that you’re using them securely.
I’m not much of an IT expert, so for this post, I sat down with Kapsul Co-Founder and CTO, Don Pancoe, and asked some tough questions. He did not hold back. If you’re really into smart-home security, buckle your seat-belt, this gets super nerdy.
Ten Questions and Answers about the smart features of the Kapsul W5
- Do I have to use the WiFi to use my Kapsul?
You do not have to use WiFi to use your Kapsul while at home, because you can switch it on and set the temperature from the knob. However, you do need to turn the WiFi on if you want to use the app either from home or away from home. We are investigating ways of being able to use an app to control your Kapsul without a connection to the Internet, such as for off-grid tiny homes or teardrop trailers, but it would still require WiFi to be used directly between your phone and the Kapsul.
2. How difficult is it to set up the WiFi and get my W5 connected?
We provide instructions for you, the user, to change network settings yourself. We’ve made every effort to make this as straightforward as possible. This is a case where security and convenience are incompatible, but we have tried to make it as simple as we can.
The short but somewhat technical explanation is that for security reasons both iOS and Android no longer allow an app (a program written by us) to change the network settings on your phone for you.
Some of you may have provisioned Google devices such as Google Home or Chromecast from an Android phone and may note that fewer steps were required. We are aware of what technology they are using to make this happen and investigating if it will work in all cases, particularly with iOS phones and/or non-Google devices.
3. Is it still possible to hack my machine even without the WiFi activated?
When we say the WiFi is off, we mean that the radio module itself is actually turned off, so no one can talk to the Kapsul and it can’t talk to anyone else over WiFi. Even if a bad actor gained access to your physical device while WiFi is off, we’ve included numerous security measures that make it highly improbable that anyone could hack it.
4. What is Kapsul’s level of security?
a. How is it categorized?
b. What does that categorization mean?
Kapsul security exists on numerous levels. There is security that prevents someone from hacking your Kapsul even if they have physical access to the unit. There is security that prevents anyone from understanding messages that Kapsul sends or receives over the air, or injecting malicious messages into that conversation. There is security that allows your Kapsul to verify that it is talking to our Internet services and not a hacker impostor, as well as allowing our internet services to verify that your Kapsul is genuine and not a hacker trying to get into our network. Lastly, there is security that prevents anyone from gaining access to our network by posing as Kapsul employees.
There is a lot of marketing hyperbole about “NSA-level” or “1024 bit” encryption and the like, but the best practical approach to security is to use the most advanced techniques in common use at the time while keeping track of what standards are emerging, which Kapsul is doing. Adopting emerging standards too early can lead to incompatibility issues, or even reduced security because there is not yet a strong user base providing many watchful eyes on the potential threats.
For the technically-curious: we are using Amazon Web Services for our back-end and they require a chain-of-trust using signed certificates for mutual authentication. We have established a supply chain where those certificates are never handled by any third party. Amazon also requires TLS 1.2 (1.3 has only been published as of this month) for authentication and to encrypt data in transit. Finally, we only store critical information within the Kapsul either in secure hardware (cannot be read by probing) or in its encrypted form.
5. Does the Kapsul gather any information about me?
a. If so, what?
b. For whom?
Each Kapsul has a unique letters-and-numbers code that identifies it to the network. In order to permit only you, the user, to control your Kapsul, we will have to verify your identity in the app as well. We will do this with the Amazon log-in infrastructure, which also allows other existing log-in accounts such as Google, Facebook, Twitter etc., to be used. We had considered schemes where a log-in might not be required, but nearly all other services to which users might want to connect their Kapsul, such as Google Home, Amazon Alexa, Nest etc., all require a log-in.
At its most basic operation, the only information stored in the cloud about your Kapsul is a snapshot of its last status update. This happens every 30 minutes, or more often if you are changing settings. This includes information such as what temperature it was in your room, what temperature you have it set at, whether the fans and compressor were running or not etc. This is for you to control your Kapsul through the app, even away from home. The only other default use of that data might be for us to check your unit’s status during a customer service call from you, or to keep track of which subcomponents experience problems.
We could offer other services in the future, strictly on an opt-in basis and some at additional cost, which include storing and analyzing operational data of your Kapsul over a period of time. This could allow your Kapsul to “learn” your preferences like the Nest Learning Thermostat, for example, or provide the ability to participate in incentive programs offered by your electric utility to reduce energy usage. We could also offer whole-house integration of multiple Kapsul units or added features of interest to multi-dwelling property managers.
6. Can my Kapsul be hacked?
We are tracking research, news, and developing technology to protect Kapsul units and our users. However, it is impossible to protect against all conceivable and potentially sophisticated hacks, especially those using new or unknown methods. But with the measures outlined above, the chances of someone gaining sensitive information about your household by hacking into your Kapsul are vanishingly small (especially compared to the probability of someone stealing your credit card at a restaurant or even digging through your trash).
7. Ok, so what is the relative ease of hacking my Kapsul compared to my personal computer?
Even if your computer has antivirus protection running, you use strong passwords, you don’t connect to dodgy WiFi networks and so forth… the Kapsul is still harder to hack. Personal computers are, by nature, general purpose machines, running complicated operating systems and lots of different software from different vendors, all while running numerous tasks at once. That is much harder to keep secure than a single-purpose machine where the small handful of simultaneous tasks are fully vetted by a single vendor. Again for the technically-minded, we are running custom firmware and a real-time operating system on an embedded microcontroller (as opposed to running, say, Linux on an application processor like a Raspberry Pi).
8. However improbable, if hacked, what would the hacker be able to do? What information would they have access to?
We specifically designed the Kapsul so that a remote hacker could do nothing more dangerous than you could do standing in front of the unit. Perhaps a hacker could turn your unit on or off, or change your set-point up and down repeatedly. While that would be annoying (or even frightening) it would not be dangerous. The hacker couldn’t, for example, turn the compressor on without the fans running (although there are other hardware safety features that prevent danger even in that case). If a hacker were to gain control of your Kapsul in an annoying/frightening way, it is possible to turn the WiFi off again, as will be detailed in the manual and instructional videos, while still having the cooling functions available only from the physical panel.
Minimal personal, sensitive information is stored in the Kapsul itself and is only stored in secure hardware (can’t be read even by probing) or in encrypted form. Just for your information, however, the only sensitive information actually stored in the Kapsul over time would be your home WiFi network name (SSID) and password (if you’ve configured WiFi). During initial setup, information about the log-in you used for the app is passed through the Kapsul back to the cloud to grant you permission to access it, but this info is not retained in the Kapsul. We did this because we viewed the tightly-controlled Kapsul software to be better-suited to this task than an app that will be freely distributed in the app stores.
9. Can the Kapsul gather information about me through a camera or recording device?
The Kapsul W5 does not contain any audio or visual recording devices. It, therefore, does not have voice-control capability, however, it can communicate with your Alexa or Google Home device so that you can use your voice to relay commands. For example, “Alexa, set the ‘Living Room Kapsul’ to 72 degrees.”
10. Will Kapsul be used to create a home network of self-aware artificial intelligence to take over the world?
We’re not building Skynet here. While we are working to make Kapsul the future of air conditioning, using the advanced technologies available, there are currently no plans for features including sentience, time travel, or weapons that threaten humanity.
There you have it, folks. Any follow-up questions? You’re welcome to shoot me an email at caitlin@kapsulair.com. Till the next time.
