The writeup is for the WiFi thermostats that aren't Heatmiser Neo since that is a different system which has a central gateway unit that connects via Ethernet and the individual thermostats themselves connect to the gateway using some other protocol. If you only have the RS485 networked Heatmisers that the UCM/Heatmiser connects to and don't have any that connect to WiFi or use an Ethernet gateway like the Neo range then you shouldn't be affected by these flaws.
If you do have one then disable both port forwarding rules (80 and 8068) then you should be safe from people messing with it remotely. You'll still be able to adjust the thermostat from your local network. The WiFi thermostats basically have no security at all as the authentication has been extremely badly implemented.
juwi_uk wrote: As a heatmiser user they sent me an email directly on this so assume have to other users too explaining what to do to workaround at the moment and fix being created.
Updating the firmware on these Heatmiser units appears to be quite annoying to do. You need to pay a deposit and then Heatmiser will loan you a PIC programmer dongle with the new firmware preprogrammed. Once you receive the dongle then you need to open the thermostat to access the ICSP socket. The thermostat doesn't appear to be able to accept firmware updates via WiFi or via the USB port.
Last edited on Wednesday Sep 24th, 2014 05:48 pm by tman
|