Technology
Another home thermostat found vulnerable to attack
A wake-up call to the security of our home-connected devices follows a recent incident involving the Bosch thermostat model BCC100 and explores how we can protect our devices at home before trouble comes our way.
Bitdefender Labs, a smart home cybersecurity firm, recently discovered a significant vulnerability in the Bosch BCC100 thermostat.
This issue could allow hackers to access and manipulate the thermostat’s settings or even install malicious software.
This discovery underscores a broader concern. Virtually any device connected to the internet, from your coffee machine to your security cameras, could be at risk.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER
Bosch BCC100 thermostat (Bosch)
Bosch is the latest in a long history of vulnerable thermostats
Several connected or “smart” thermostats have reported security vulnerabilities over the years. These incidents highlight the broader issue of security in the Internet of Things (IoT) devices. Here are a fewexamples:
1. Google Nest Thermostats: In the past, Google’s Nest thermostats have had their share of security concerns. For instance, in 2016, researchers demonstrated that it was possible to exploit the USB connection to install malicious firmware. Google has since made efforts to improve the security of these devices.
2. Honeywell Thermostats: Honeywell, another prominent thermostat manufacturer, has faced issues with its smart thermostats. In 2015, a security researcher discovered vulnerabilities in Honeywell’s Wi-Fi thermostats that could allow an attacker to remotely access the device’s password and personal information.
3. Trane Thermostats: In 2016, Trane’s ComfortLink II thermostats were found to have multiple vulnerabilities, including one that allowed remote access without proper authentication. These issues were later addressed through firmware updates.
Bosch BCC100 thermostat app (Bosch)
MORE: 7 BEST WAYS TO SAVE MONEY ON YOUR ELECTRICITY BILL
How hackers can manipulate a smart thermostat vulnerability
The problem with the BCC100 thermostat stems from its design. It uses two microcontrollers, one for Wi-Fi and another for the main logic. The flaw lies in the communication between these chips.
Bosch BCC100 thermostat (Bosch)
MORE: THE RIGHT WAY TO USE A SPACE HEATER IN THIS COLD SEASON
An attacker could exploit this to send commands, including harmful updates, to the thermostat. This vulnerability was serious enough for Bosch to start working on a fix as soon as Bitdefender reported it.
We’ve made contact with Bosch’s parent company which offered the following statement:
“Security is a top priority at Bosch Home Comfort. Our experts continuously monitor threats and implement prompt countermeasures.
“On Aug. 29, 2023, Bitdefender notified Bosch about a potential vulnerability with Bosch Home Comfort thermostats sold in the U.S. and Canada. We immediately took up this information to confirm the vulnerability, as well as develop and test the solution.
“Through this testing, we also confirmed that the vulnerability was limited to the device only. On Oct. 12, 2023, a software update was pushed to all affected customers. Full details are posted on the Bosch Product Security Incident Response Team site (Open Port 8899 in BCC Thermostat Product | Bosch PSIRT).”
BIDEN ADMIN’S CRACKDOWN ON DISHWASHERS DEALT BLOW BY APPEALS COURT
Bosch BCC100 thermostat (Bosch)
MORE: SMART VS. WIFI THERMOSTATS: THE PROS AND CONS + MY 5 TOP PICKS
How dangerous are home-connected gadgets?
What does this mean for you as a smart home user? First and foremost, it’s a reminder of the importance of keeping your devices updated. In the case of the BCC100, updating the firmware is a critical step in protecting against this specific threat.
A Bosch bulletin says you can call 1-800-283-3787 for customer support if you need extra help with updating both the thermostat firmware and Wi-Fi firmware. However, beyond just updating, there are four other steps you can take to safeguard your smart home.
1. Change the administrative password ASAP
Changing the default administrative passwords on your devices is a good start. Many users overlook this simple step, but it’s a crucial line of defense against unauthorized access. Also, consider using a password manager to generate and store complex passwords.
2. Disconnect from Wi-Fi: Hackers routinely look for any door into your home
Another vital practice is to think twice before connecting devices to the internet through through Wi-Fi. Ask yourself, does my coffee maker really need to be online? If a device doesn’t need internet access to function effectively, consider keeping it offline.
3. Turn on firewalls
Employing a firewall is another smart move. Firewalls help block unauthorized access to your devices, adding an extra layer of security. It’s like having a digital gatekeeper for your smart home.
4. Always deploy antivirus protection on phones, tablets and computers
Lastly, when purchasing smart home devices, prioritize security. Look for products from manufacturers who are committed to regular security updates and have a good track record in this area. Remember, even the most seemingly harmless devices can pose security risks if they’re not properly secured. See the top reviews for the best antivirus protection options here.
Kurt’s key takeaways
The Bosch thermostat incident is a stark reminder of the potential vulnerabilities in our smart homes. By taking proactive steps like updating firmware, changing default passwords, being selective about internet connectivity, using firewalls and choosing secure devices, you can significantly enhance the security of your connected home. Stay informed, stay updated and stay secure.
Do you think manufacturers are doing enough to protect your smart home devices from potential security vulnerabilities like the one discovered in the Bosch BCC100 thermostat? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
The YouTube watch screen has been given a new look on TVs. The redesign aims to provide a “more intuitive experience with easier navigation,” according to YouTube’s announcement, relocating the video title and several controls, and adding a new “Description” button to access creator information and other video features.
I’m already seeing the update on my own Nvidia Shield Pro streaming box and native Phillips TV OS, and I do think it makes it easier to find specific video features and controls. My colleague Thomas Ricker says he isn’t seeing the redesign in Apple TV’s YouTube player, however, so they may still be rolling out. These changes are pretty delayed, considering YouTube announced in April that they would arrive “this summer.”
Videos on the YouTube app for TV will now show the title in the top left corner of the screen instead of just above the video scrubber at the bottom of the page, and the title can no longer be clicked to open comments, metadata, and information about the creator. Instead, those controls are now available by clicking the new “Description” button. The channel thumbnail and subscribe function have also been separated into two buttons, with the creator’s thumbnail now taking users directly to their channel.
Controls have been reorganized into distinct groups under the video scrubber: Channel, Description, and Subscribe on the left, Previous, Pause/Play, and Next in the center, and Like, Dislike, Comment, Save, Closed Captions, and Settings placed into two groups on the right. YouTube says the Subscribe button will remain visible to subscribers, adapting to flag pay-gated content or alert users to new live streams. A “Multiview” control has also been added for live sports content, while Music and Premium subscribers will see a new “Display Mode” control.
NEWYou can now listen to Fox News articles!
Holiday travel and winter storms create risky moments for drivers and families. Stress rises fast during emergencies, and describing the scene to 911 can feel overwhelming.
Now, a new Android feature closes that gap by providing live visual information that helps responders act with speed and accuracy.
If you use an iPhone, Apple offers a similar tool through its Emergency SOS Live Video feature. You can learn how it works right here.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
HOW ANDROID MALWARE LETS THIEVES ACCESS YOUR ATM CASH
Android Emergency Live Video gives 911 a secure live view of the scene, so responders understand what is happening right away. (Cyberguy.com)
What Android Emergency Live Video does
Google is rolling out Android Emergency Live Video to give dispatchers a secure view of the scene during an active call or text. A dispatcher can request a live video stream through your phone when it is safe for you to share it. With a single tap, you can stream real-time video that helps responders understand what is happening.
This can help during car accidents, medical emergencies or fast-moving hazards such as wildfire conditions. Live video can also help dispatchers guide you through steps that save lives, such as CPR, until responders arrive.
APPLE NOW LETS YOU ADD YOUR PASSPORT TO YOUR PHONE’S WALLET
How the Android Emergency Live Video feature works
Android designed this tool to work with no setup. When you call or text 911, the dispatcher reviews the situation. If they decide video would help, they will send a request to your phone. You see a clear prompt that lets you choose whether to start the secure stream. The feature uses encryption and gives you full control. You can stop sharing at any moment.
The feature works on Android phones running Android 8 or newer with Google Play services. It is rolling out across the U.S. and select regions in Germany and Mexico. Google plans to expand coverage with more public safety partners.
How to use Emergency Live Video on Android
You cannot turn this feature on in advance. It appears only during an active 911 call or text.
1) Call or text 911 on your Android phone. The dispatcher reviews your situation.
2) Watch for a request on your screen. If the dispatcher decides live video will help, they send a prompt to your device.
3) Tap the notification that appears. You will see a clear message asking if you want to share live video.
4) Choose Share video to start streaming. This opens your camera and begins a secure live feed.
5) Tap Stop sharing at any time. You stay in control the entire time and can end the video at any time.
With one tap, you can choose to share real-time video during a 911 call or text which gives dispatchers the clarity they need to guide you. (CyberGuy.com)
Why Emergency Live Video on Android matters now
Emergencies create confusion. Sharing details verbally takes time and can lead to miscommunication. Video removes guesswork. Responders gain clarity in seconds, which can speed up help and improve outcomes. This tool builds on Android’s safety features, including Satellite SOS, Fall Detection and Car Crash Detection.
NEW ANDROID ATTACK TRICKS YOU INTO GIVING DANGEROUS PERMISSIONS
Alastair Breeze, a Software Engineer for Android, tells CyberGuy that the team built this feature with one goal in mind. “Providing people peace of mind is at the core of Android’s safety mission. Android Emergency Live Video gives you the ability to securely share real-time video to provide dispatchers the critical eyes-on-scene context they need to assist in emergencies.”
What this means to you
If you carry an Android phone, this feature adds another layer of protection during moments that demand quick action. You stay in control of when the video is shared. You also get a simple way to show the situation when describing it feels impossible. Faster clarity can lead to faster help, which can shape how an emergency ends.
Take my quiz: How safe is your online security?
Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.
The feature works on Android phones running Android 8 or newer and helps responders act faster during emergencies when seconds matter. (Tony Giberson/tgiberson@pnj.com / USA TODAY)
Kurt’s key takeaways
Android Emergency Live Video brings real-time awareness to moments when every second matters. It gives responders a clear view, so they can guide you through urgent steps if necessary. Most of all, it adds peace of mind during situations no one plans for.
Would you feel comfortable sharing live video during an emergency if it helped responders reach you faster? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
The Game Awards are back once again to showcase a metric ton of commercials, provide the gaming public with their monthly dose of Muppets, and validate gamers’ opinions on which title should be named the Game of the Year. I don’t wanna say it’s a foregone conclusion what this year’s GOTY will be — Silksong may surprise us — but it’s pretty obvious that Clair Obscur: Expedition 33 is the frontrunner and for good reason. It’s netted 12 nominations, the most out of this year’s contenders, including all five craft awards (Direction, Art, Music and Score, Narrative, and Audio Design).
On the announcements side, Crystal Dynamics and Amazon Games are planning something related to the Tomb Raider series. Keighley also probably had plans to reveal big news about Resident Evil: Requiem, but unfortunately it got spoiled early thanks to some leaked key art on the PlayStation Store. Here’s all the news, announcements, and trailers from The Game Awards 2025.
Video: Trump Signs A.I. Executive Order
5 Surprising Ozempic Side Effects Doctors Are Finally Revealing (Like Back Pain and Hair Loss)
CNN has endured turmoil for years. With Warner Bros. sale, things will get bumpier
Opinion | America’s Military Needs a Culture Shift
YouTube made its video player easier to navigate on TVs
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Kilmar Abrego Garcia seen for first time since release, pledges to ‘continue to fight’ Trump admin
Israel bombards areas across southern Lebanon in latest truce violation
Trump announces pardon for Tina Peters, increasing pressure to free her though he can’t erase state charges | CNN Politics
Video: Hiker Rescued From Quicksand in Arches National Park
The Speaker’s Lobby: What Congress’ December script means for healthcare next year
-
Alaska6 days agoHowling Mat-Su winds leave thousands without power
-
Politics1 week agoTrump rips Somali community as federal agents reportedly eye Minnesota enforcement sweep
-
Ohio1 week agoWho do the Ohio State Buckeyes hire as the next offensive coordinator?
-
Texas6 days agoTexas Tech football vs BYU live updates, start time, TV channel for Big 12 title
-
News1 week agoTrump threatens strikes on any country he claims makes drugs for US
-
World1 week agoHonduras election council member accuses colleague of ‘intimidation’
-
Washington3 days agoLIVE UPDATES: Mudslide, road closures across Western Washington
-
Iowa5 days agoMatt Campbell reportedly bringing longtime Iowa State staffer to Penn State as 1st hire