This is The Stepback, a weekly newsletter breaking down one essential story from the tech world. For more on the bleak state of the video game industry, follow Andrew Webster. The Stepback arrives in our subscribers’ inboxes on Sunday at 8AM ET. Opt in for The Stepback here.
Technology
Another home thermostat found vulnerable to attack
A wake-up call to the security of our home-connected devices follows a recent incident involving the Bosch thermostat model BCC100 and explores how we can protect our devices at home before trouble comes our way.
Bitdefender Labs, a smart home cybersecurity firm, recently discovered a significant vulnerability in the Bosch BCC100 thermostat.
This issue could allow hackers to access and manipulate the thermostat’s settings or even install malicious software.
This discovery underscores a broader concern. Virtually any device connected to the internet, from your coffee machine to your security cameras, could be at risk.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER
Bosch BCC100 thermostat (Bosch)
Bosch is the latest in a long history of vulnerable thermostats
Several connected or “smart” thermostats have reported security vulnerabilities over the years. These incidents highlight the broader issue of security in the Internet of Things (IoT) devices. Here are a fewexamples:
1. Google Nest Thermostats: In the past, Google’s Nest thermostats have had their share of security concerns. For instance, in 2016, researchers demonstrated that it was possible to exploit the USB connection to install malicious firmware. Google has since made efforts to improve the security of these devices.
2. Honeywell Thermostats: Honeywell, another prominent thermostat manufacturer, has faced issues with its smart thermostats. In 2015, a security researcher discovered vulnerabilities in Honeywell’s Wi-Fi thermostats that could allow an attacker to remotely access the device’s password and personal information.
3. Trane Thermostats: In 2016, Trane’s ComfortLink II thermostats were found to have multiple vulnerabilities, including one that allowed remote access without proper authentication. These issues were later addressed through firmware updates.
Bosch BCC100 thermostat app (Bosch)
MORE: 7 BEST WAYS TO SAVE MONEY ON YOUR ELECTRICITY BILL
How hackers can manipulate a smart thermostat vulnerability
The problem with the BCC100 thermostat stems from its design. It uses two microcontrollers, one for Wi-Fi and another for the main logic. The flaw lies in the communication between these chips.
Bosch BCC100 thermostat (Bosch)
MORE: THE RIGHT WAY TO USE A SPACE HEATER IN THIS COLD SEASON
An attacker could exploit this to send commands, including harmful updates, to the thermostat. This vulnerability was serious enough for Bosch to start working on a fix as soon as Bitdefender reported it.
We’ve made contact with Bosch’s parent company which offered the following statement:
“Security is a top priority at Bosch Home Comfort. Our experts continuously monitor threats and implement prompt countermeasures.
“On Aug. 29, 2023, Bitdefender notified Bosch about a potential vulnerability with Bosch Home Comfort thermostats sold in the U.S. and Canada. We immediately took up this information to confirm the vulnerability, as well as develop and test the solution.
“Through this testing, we also confirmed that the vulnerability was limited to the device only. On Oct. 12, 2023, a software update was pushed to all affected customers. Full details are posted on the Bosch Product Security Incident Response Team site (Open Port 8899 in BCC Thermostat Product | Bosch PSIRT).”
BIDEN ADMIN’S CRACKDOWN ON DISHWASHERS DEALT BLOW BY APPEALS COURT
Bosch BCC100 thermostat (Bosch)
MORE: SMART VS. WIFI THERMOSTATS: THE PROS AND CONS + MY 5 TOP PICKS
How dangerous are home-connected gadgets?
What does this mean for you as a smart home user? First and foremost, it’s a reminder of the importance of keeping your devices updated. In the case of the BCC100, updating the firmware is a critical step in protecting against this specific threat.
A Bosch bulletin says you can call 1-800-283-3787 for customer support if you need extra help with updating both the thermostat firmware and Wi-Fi firmware. However, beyond just updating, there are four other steps you can take to safeguard your smart home.
1. Change the administrative password ASAP
Changing the default administrative passwords on your devices is a good start. Many users overlook this simple step, but it’s a crucial line of defense against unauthorized access. Also, consider using a password manager to generate and store complex passwords.
2. Disconnect from Wi-Fi: Hackers routinely look for any door into your home
Another vital practice is to think twice before connecting devices to the internet through through Wi-Fi. Ask yourself, does my coffee maker really need to be online? If a device doesn’t need internet access to function effectively, consider keeping it offline.
3. Turn on firewalls
Employing a firewall is another smart move. Firewalls help block unauthorized access to your devices, adding an extra layer of security. It’s like having a digital gatekeeper for your smart home.
4. Always deploy antivirus protection on phones, tablets and computers
Lastly, when purchasing smart home devices, prioritize security. Look for products from manufacturers who are committed to regular security updates and have a good track record in this area. Remember, even the most seemingly harmless devices can pose security risks if they’re not properly secured. See the top reviews for the best antivirus protection options here.
Kurt’s key takeaways
The Bosch thermostat incident is a stark reminder of the potential vulnerabilities in our smart homes. By taking proactive steps like updating firmware, changing default passwords, being selective about internet connectivity, using firewalls and choosing secure devices, you can significantly enhance the security of your connected home. Stay informed, stay updated and stay secure.
Do you think manufacturers are doing enough to protect your smart home devices from potential security vulnerabilities like the one discovered in the Bosch BCC100 thermostat? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
Technology
Xbox is a disaster
Microsoft closed out Summer Game Fest with a bang. The company’s annual June showcase was packed with crowd-pleasers: Halo, Gears of War, Fable, a translucent Xbox, and even some pleasant surprises like new Persona and Crazy Taxi games. It was the kind of event that harkened back to the boisterous days of E3, when the industry was in a healthier place and game reveals were cultural events.
Just three days after the showcase, new Xbox CEO Asha Sharma warned of a “reset” at Microsoft’s gaming division, which would require “making hard choices.” The weeks that followed were filled with reports of impending layoffs, studio closures, and game cancellations. Ninja Theory is reportedly one of the studios on the chopping block, despite having just revealed a new game at SGF. If all this comes to pass, Xbox will be a shell of its former self.
After muscling its way into the console space nearly 25 years ago, Microsoft’s gaming division is at its lowest point ever. And the fallout from some disastrous decisions is going to get very ugly in the coming weeks and months.
It wasn’t always this way. With the arrival of the original Xbox in 2001, Microsoft seemed poised to be a viable contender in the space, with all of its resources helping it play catch-up with the likes of Sony and Nintendo. Major exclusives like Halo and a prescient foray into online play through Xbox Live helped to solidify this position for a time. But Microsoft flubbed the launch of the Xbox One in 2013 with an ill-fated push into non-gaming features like TV, and the brand has never really recovered. With the oft-confusing Xbox Series X / S generation, the company only fell further behind.
There are many reasons for this, but arguably the most damning was Microsoft’s extremely expensive push into subscription services. On paper it made some sense: Streaming services like Netflix were upending the film and TV landscape, so maybe the same could happen for gaming. Microsoft made some absolutely gigantic bets on this unproven future, spending billions of dollars to acquire studios and publishers in an attempt to build out a large library of content for Game Pass that would lure subscribers.
And while Game Pass proved popular initially, it ultimately plateaued, which meant that Microsoft spent all of that money on a business that didn’t grow anywhere near as large as it expected. (The service currently has around 30 million subscribers, while Microsoft had hoped to hit 100 million by 2030.) This misguided play also coincided with the “This is an Xbox” marketing campaign, which suggested that Xbox wasn’t a single console but rather a suite of Game Pass-capable devices, leading to even more confusion around the brand.
Just how bad are things? As Sharma and Xbox’s chief content officer Matt Booty wrote in the “reset” memo, “Excluding Activision Blizzard King, over the past five years, we have spent over $20 billion on ongoing investments in our content, platform, and hardware subsidy, but our annual revenue has declined nearly half a billion during that time. Going forward, this cannot continue.” The Activision deal, meanwhile, cost $68.7 billion. The company spent all of that money just to make it even less clear what an Xbox is.
This past February, there was a major shake-up at the Xbox division. Former boss Phil Spencer, who oversaw the brand through the Game Pass push and its many costly acquisitions, retired, while former president and COO Sarah Bond left the company. Despite some uncertainty around her lack of experience in the world of gaming — her prior role at Microsoft was head of the CoreAI division — Sharma’s early days provided some cause for optimism. She appeared willing to listen to fans on things like backward compatibility and exclusives, scrapped the unpopular Microsoft Gaming branding in favor of just Xbox, and moved the brand away from controversial AI features. She also made some strange and superficial changes, like restyling Xbox as XBOX.
But it’s clear the issues at Xbox run much deeper than a simple name change can fix. Sharma inherited a business that spent colossal amounts of money and had little to show for it, and now the bill is coming due. What makes this especially tragic is the sheer pedigree of the game studios that are being impacted. My colleague Tom Warren reported that Microsoft was mulling over closing at least five studios, which includes the likes of Arkane — best known for the wildly influential Dishonored series — and Double Fine Productions, a beloved team behind cult hits like Psychonauts, and more recently Keeper and Kiln. That’s multiple teams filled with talented individuals responsible for some of the most notable games ever made. Now they’re being discarded because of poor decisions they had no part in.
But even amid this apocalyptic landscape, Xbox’s issues feel particularly existential. Its hardware and subscription businesses are both faltering, and now it’s decimating its game development teams as well. Tom reported that the impending layoffs are expected to start next week, and it’s not clear yet just how widespread they will be. Part of the uncertainty is that we don’t know exactly what will happen to these studios; some may be hit with layoffs, some may be closed entirely, and some may be spun off as independent entities.
Whatever happens, though, Xbox will look drastically different once it’s all over. And given the dire state of console gaming, these might not even be the last changes for Microsoft’s gaming division.
- Sharma has done a lot of work to clean up the messaging around Xbox, but plenty of confusion remains, particularly when it comes to the company’s console exclusivity strategy.
- At the same time the Xbox is struggling, a new player is entering the space, as Valve launches the console-like Steam Machine.
- As always, Nintendo largely operates in its own parallel universe that has allowed it to largely weather the current storm.
- Bloomberg’s Jason Schreier has done some excellent reporting on the turmoil at Xbox, and has also helpfully condensed everything into a video on his YouTube channel.
- Matthew Ball is Xbox’s new strategy officer, and in an interview with The Game Business he explained how the brand is thinking about the next console, currently codenamed “Project Helix.”
- Speaking of execs, Booty talked to Game Informer following the SGF showcase to try and explain Xbox’s ever-changing strategy around exclusives, saying that “We want there to be a reason to believe and a reason to buy Xbox.”
Technology
China’s robot-run hotel opens to public in 2027
NEWYou can now listen to Fox News articles!
Pudu Robotics has announced what it calls the first “full-scenario robot-serviced hotel.” The project will use robots across the entire guest experience, from reception and room service to cleaning, food preparation and guest support.
The hotel is set to open in 2027, with trial rooms and robot-powered services expected to begin in late 2026. Early guests will be able to try robot check-in and autonomous in-room delivery before the full launch.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
COULD THE NEXT CHINESE THREAT WALK INTO YOUR KITCHEN ON TWO BATTERY-POWERED LEGS?
Pudu Robotics says its robot-run hotel will use AI-powered machines across check-in, room service, cleaning and guest support. (Pudu Robotics)
Where the robot-run hotel will be located
The hotel will sit on West Artificial Island, a man-made island tied to the Shenzhen-Zhongshan Link in Guangdong Province. That cross-sea bridge and tunnel project is one of the Pearl River Delta’s biggest transportation projects.
The location feels fitting. Shenzhen already has a reputation as one of China’s major technology hubs. Room-service delivery robots are already common in hotels across many large Chinese cities.
However, this project goes much further. Instead of adding a few robots to assist hotel staff, Pudu wants to create a connected robot service system that can handle the entire guest experience.
What robots will do inside the hotel
The planned hotel will include 44 high-end rooms, a restaurant, a gym and other guest spaces. Robots will take on roles across the property, including reception, room service, cleaning, food preparation and guest support.
That means you could check in with a robot, have luggage delivered by a robot and order drinks from your phone without calling the front desk. Then, cleaning robots would handle waste detection and room upkeep using AI.
Pudu says its robots will work from one shared intelligence framework. In other words, different machines will handle different jobs while staying connected through the same software system.
The robot staff behind the scenes
Pudu’s FlashBot will run an intelligent vending system, allowing guests to order drink deliveries by smartphone. The PUDU T300 will move luggage from the lobby to rooms.
Meanwhile, the PUDU CC1 Pro and PUDU MT1 cleaning robots will handle cleaning tasks using AI waste-detection technology.
At the Shenzhen launch event, BellaBot Pro served coffee while KettyBot Pro delivered refreshments and snacks. That kind of robotic service may still surprise many travelers. In Shenzhen, though, it already fits into a broader tech culture where robot baristas and drone food delivery are becoming more visible.
HUMANOID ROBOTS WORK NONSTOP IN PACKAGE TEST
Guests will be able to try robot check-in and autonomous in-room delivery during the hotel’s first public trial in late 2026. (Pudu Robotics)
How AI will run the hotel experience
The hotel will rely on PuduFM 1.0, the company’s embodied intelligence foundation model. It will also use PuduAgent to manage intelligent operations across the hotel.
“This partnership represents an important step toward large-scale deployment of embodied intelligence in premium hospitality environments,” said Cong Guo, co-founder and CTO of Pudu Robotics.
He also said the project gives the company a chance to explore new service models where AI and robotics work together to deliver connected service experiences.
That may sound ambitious, yet the rollout will be gradual. The first public trial is expected in late 2026. A broader hotel opening is planned for 2027.
Why China is moving fast with robot hospitality
China has already embraced service robots in hotels, restaurants, airports and public spaces. The robot-run hotel takes that trend into a more advanced phase.
Shenzhen Culture & Tourism Industry Development will work with Pudu Robotics to turn West Artificial Island into a robotics and technology destination. The hotel is only one part of that larger plan.
Over the next four years, the island is expected to add more robotics across tourism and hospitality. That could turn the area into a testing ground for how travelers react when robots handle nearly every service touchpoint.
The hotel is planned as a connected robot service system where different machines handle luggage, deliveries, cleaning and hospitality tasks. (Pudu Robotics)
What this means for you
If this hotel works well, it could change what you expect from travel in the future. Faster check-in, automated deliveries and round-the-clock service may sound convenient, especially when you arrive late or need something quickly.
However, there is another side to this. A robot-run hotel also raises questions about jobs, privacy, safety and what kind of hospitality guests actually want.
Some travelers may love the speed and efficiency. Others may miss the warmth of a person who can read the room, handle a strange request or help when something goes wrong.
That is where this project becomes important. It may show whether people are ready for hotels where AI handles the stay from start to finish.
Watch the CyberGuy Live replay: Lock Down Your Phone in 30 Minutes
Your phone holds your email, passwords, photos, banking apps and personal data. In this free CyberGuy Live replay, Kurt the CyberGuy walks you step by step through simple phone security fixes you can do at your own pace. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Watch the replay and get our checklist here: CyberGuyLive.com
Kurt’s key takeaways
China’s first robot-run hotel feels like a major test of how far hospitality automation can go. We have already seen delivery robots roll through hotel hallways. Yet this project puts robots at the center of the entire stay. The convenience could be impressive. You could check in, order drinks, receive luggage and get room support without waiting on a busy front desk. For travelers who value speed, that may feel like a win. Still, hospitality has always been about more than efficiency. A great hotel stay often comes from small human moments. A kind greeting, a helpful suggestion or a quick fix when something goes sideways can make a trip feel easier.
If a robot-run hotel can give you faster service, would you miss the human touch or happily skip the front desk altogether? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Technology
NASA launched an emergency mission to stop the Swift Observatory from crashing to Earth
The Swift Observatory was launched in 2004, but recent solar storms have pushed its orbit lower, and it’s in danger of burning up in Earth’s atmosphere as soon as this year. To try and stave off its demise, NASA has enlisted Katalyst Space Technologies. The company’s Link spacecraft launched Friday with the goal of intercepting Swift, which has no propulsion system, and boosting its orbit back to its original position. Right now, Swift is circling at an altitude of 224 miles, and Link is aiming to raise that by about 150 miles.
Using a three-armed spacecraft to lift a satellite 150 miles higher into orbit is challenging enough, but the speed with which Katalyst pulled the mission together makes it even more impressive. NASA required the company to rush the job because Swift would be too low to save by October. $30 million and nine months later, help is on the way for the $500 million Swift.
-
California3 minutes agoA Dividend Portfolio That Out-Earns the Average California Family
-
Colorado8 minutes agoWATCH LIVE: Memorial service to honor firefighters killed on Colorado-Utah border – East Idaho News
-
Connecticut15 minutes agoTorrington declares local state of emergency after storms leave thousands without power
-
Delaware17 minutes agoJersey Mike’s is nation’s top food chain, but score a local sandwich
-
Florida23 minutes agoThis Week in South Florida: Maria Elvira Salazar
-
Georgia30 minutes agoGeorgia Agriculture Commissioner Tyler Harper calls on public to report yellow-legged hornet secondary nests
-
Hawaii33 minutes agoFirst Alert Forecast: Classic Hawaii trade wind weather
-
Idaho33 minutes ago‘Landman’ star Ali Larter says life in Idaho is ‘simpler’ after ditching Los Angeles