How I upgraded my water heater and discovered how bad smart home security can be

Enlarge / This is essentially the kind of water heater the author has hooked up, minus the Wi-Fi module that led him down a rabbit hole. Also, not 140-degrees F—yikes. (credit: Getty Images)

The hot water took too long to come out of the tap. That is what I was trying to solve. I did not intend to discover that, for a while there, water heaters like mine may have been open to anybody. That, with some API tinkering and an email address, a bad actor could possibly set its temperature or make it run constantly. That’s just how it happened.

Let’s take a step back. My wife and I moved into a new home last year. It had a Rinnai tankless water heater tucked into a utility closet in the garage. The builder and home inspector didn’t say much about it, just to run a yearly cleaning cycle on it.

Because it doesn’t keep a big tank of water heated and ready to be delivered to any house tap, tankless water heaters save energy—up to 34 percent, according to the Department of Energy. But they’re also, by default, slower. Opening a tap triggers the exchanger, heats up the water (with natural gas, in my case), and the device has to push it through the line to where it’s needed.

Read 38 remaining paragraphs | Comments

You may have missed

Security Bite: macOS Sequoia’s firewall is disrupting security tools, and more

0

Fitbit apps are having problems with syncing, accuracy

0

iOS 18 is out, iPhone 16 and Apple Watch Series 10 reviewed

0

VisionOS 2 subtly expands the Apple Vision Pro’s potential

0

Life imitates xkcd comic as Florida gang beats crypto password from retiree

0