Comment by dlenski

> But it just occurred to me reading this that if there's a similar vulnerability in HVAC system controls an attacker could cause one hell of an unanticipated power demand spike.

Absolutely. This was one of the things I realized could be a substantial risk when I discovered the Mysa vulnerability. https://snowpatch.org/posts/i-can-completely-control-your-sm...

Thankfully, Mysa responded very rapidly to fix it, but if they hadn't I was planning to notify the BC provincial electric utilities which were cross-subsidizing these devices.