Comment by jcgrillo

> The cloud systems are insecure and invasive, but it's really hard to get Normal People to understand why it's a problem.

In the case of HVAC systems the danger is a collective one not individual. Sure if someone really wanted to they could watch you and wait until you're not home then turn your heat off and freeze your pipes. But they're not gonna do that, probably. Instead the kind of havoc they'll wreak with this access is to wait until some off-peak time and instantaneously fire up all the AC units and shut them down simultaneously, repeatedly, causing a huge demand spike. If supply doesn't ramp up fast enough then frequency will drop and then the grid will start trimming off branches to self-correct (or something like that? I'm not a power grid expert someone correct me) and you basically have chaos.

So you don't need to get individuals to care about it, and there's some argument to be made that they shouldn't, or at least shouldn't have to. But the power company damn well should, and governments damn well should.

https://snowpatch.org/posts/i-can-completely-control-your-sm...

EDIT: the major issue here is the people who are affected by a vulnerability like that aren't the people who purchased and installed the attack vector. They're everyone on the same power distribution network. So it's not like "oh well, they did a dumb thing and trusted a tech company" it's far bigger than that.