skip to main content

Heating & Air Conditioning

Anybody here know about security of Bryant Connex?

8 years ago

I replaced my HVAC, and now have Bryant. It includes a Bryant Connex wifi thermostat.

The functionality is good. But I'm worried about the security of this system. I found nothing on the Bryant web site discussing this, so I sent in a query about it. What I heard back is:

"All communication between the wall control and server is initiated by the wall control. When you are not logged in to your user account, the control polls the server 1x per minute. When you log in, the wall control begins polling the server as fast as the connection will allow. This way, changes made at the app will be reflected quickly at the wall.

There is no encryption in the data sent from the control to the server. Communications from the thermostat to the server are authenticated. The authentication key is generated from several seeds that are known by the control and the server that keeps a man in the middle type of attack from happening."

In my opinion this level of laxness on security borders on malpractice. It appears to allow a passive snooper to observe the temperature of your house, when you adjust the thermostat, etc. Since they obviously don't use TLS it is hard to judge how hard it would be to break their authentication. (Sounds like it might be HTTP digest.) If it can be broken, then they could turn your furnace off.)

I have another query in to learn more about what info is communicated when.

Does anyone have more info on this?

Sort by:Oldest

Comments (4)

weedmeister
8 years ago
What is the difference between the 'wall control' and the 'thermostat'? And is the 'server' something that resides in the cloud?

I was going to say that even if they use WiFi, they don't actually have to use secure sockets. They could use something else. Zigbee uses a key-exchange encryption methodology that is different from SSL but it is still 'secure'.
weedmeister
8 years ago
Bear in mind that the WiFi connection should be encrypted already via WEP or WPA/WPA2.
Related Discussions
Anybody here guilty of taking cuttings from nurseries w/o permit?
Q
Comments (70)
What I do when opportunity presents itself is buy plants that have another plant come up in the same pot. That's if it's something that I'd like, even if the original occupant of the pot isn't all that interesting. That's how I got my Gonatopus bovinii. I'd been after one for some time but have never seen them for sale. So when I saw it in another plant's pot I picked that one. At the cash register they were happily going to get rid of the "weed" for me but I insisted it stayed. So I've still got both plants and the Gonatopus has flowered a few times. Sometimes I've got ferns that way, they'll spread their spores readily. I'll also pick plants that can be divided. Got a ginger that divided into 5 plants, made the price seem okay, when divided by 5, lol.
...See More
Anybody else getting Virus Alerts here?
Q
Comments (21)
Someone posted about it on the free help forum at AVG and they have the same problem in GW's kitchen & bath forum and WeUseCoupons.com also! It's probably site-wide here at GW since I had the same problem in the Vegetables forum this morning. I thought I had it fixed but rebooted and it's back again, even after setting Resident Shield to "Remove all threats automatically." I just now looked and "Remove all threats automatically" was UNCHECKED! It could have reset to the default after the tray icon crashed... maybe. When I clicked the Preview button here to post this, the big virus message box no longer comes up but a smaller sliding box comes up near the tray (clock) saying "Threat Removed" and the details and then the box slides back down & disappears. This is the most unobtrusive setting to still be able to read messages and post here for now until "something gives" (or someone!)
...See More
Hybrid System - Trane vs Bryant, Trane XL15I vs XL16I HP
Q
Comments (82)
I'm still waiting for a response from the Contractor, who has been sick the last few days, and I am still pushing for the HW Vision Pro IAQ Stat to be installed. Another question. I am thinking about going with the Air Handler with Heat Strips as the backup system to the Heatpump, instead of having the Gas Furnace. The main reasons for going with the Air Handler and Heat Strips is because the Effeciency ratings are actually higher for the Heatpumps with this configuration, and according to the Contractor the Air Handler and Heat Strips are less complex and should have fewer problems. My question is two fold. 1 - Do you agree with that statement and do you think going with the Air Handler and Heat Strips over the Gas Furnace is a good idea? 2 - Any feedback on what we can expect for the Heat that the Heat Strips put out, vs what we would have with the Gas Furnace? My wife is not thrilled with the so called "Heat" from our existing Heatpump, but that should be better with these new Heatpumps. But she Loves the Warmth of the Gas Furnace when that kicks in, and she wants to make sure that we aren't giving that up by going with Heat Strips vs the Gas Furnace. So any additional advice and input would be greatly appreciated since we have no experience with Air Handlers and Heat Strips as a backup heat source. Thanks!
...See More
Anybody here retired early, like early 50's?
Q
Comments (12)
My husband retired in January at 62, and I retired in April at 55. I am enjoying every day. He says he doesn't feel useful. I took some watercolor classes and am painting and doing crafts. I don't care if I'm useful or not! I stay up as late as I want, and sleep in if I want. Coffee on the back porch watching the birds in the mornings. Shopping when everyone else is at work. Doctor's appts during the day so I don't have to fight evening traffic. Love it. If you don't finish something today, there is always tomorrow. My elderly mother lives with us, so we can't travel unless someone she knows stays here. Luckily we have a neighbor who will stay with her if we need it, but we can't impose too much, so no traveling. But there is so much to do here (Charleston, SC), I really don't care about that. My hub is retired navy, and we each have a supplemental to Tricare through our previous employers. We pay our portion, but it isn't the full amount we would have to pay on our own. I am looking at volunteering with an animal rescue group, as that is also something else I wanted to do when I retired. This winter I'm starting on a cookbook, too. At least, that is the plan right now.
...See More
paul_ma
Original Author
8 years ago
It is both a thermostat and a control, so for this discussion the two terms are interchangeable.

I'm not concerned about the wifi part of the link - that is encrypted. But this all flows up to a server run by Bryant. When you run the Bryant "MyEvolution" app, it connects to the Bryant server. It acts as a middle man in talking to the control/thermostat in your house.

So both the link from the control to Bryant's server and the link from the app to the server are of concern. (After that one can start to wonder about the security of that server itself.)

To be really secure, the server ought to just facilitate the setup of a direct, encrypted, connection between your app to the control. But for now I would be satisfied with knowing that the links to the server were secure and the app is diligent in keeping each user's stuff secure and separate from that for other users.
weedmeister
8 years ago
If it were me, I'd sniff the connection with Wireshark or something similar. Then I could see what was going on.

Related Stories

KNOW YOUR HOUSE Know Your House: Components of a Roof

By Bud Dietrich, AIA

Don't get held up by confusion over trusses, rafters and purlins. Learn about a roof's features and their purposes here

DECORATING GUIDES Here's How to Steer Clear of 10 Top Design Don'ts

By Judith Taylor Designs

Get interiors that look professionally styled even if you're taking the DIY route, by avoiding these common mistakes

LIFE Make Money From Your Home While You're Away

By Laura Gaskill

New services are making occasionally renting your home easier than ever. Here's what you need to know

LIFE Could You Be a Landlord?

By Laura Gaskill

Sure, the extra income would be great. But jumping blindly into owning a rental property could be disastrous. Here's what you need to know

MOST POPULAR Find the Right Glass Door for Your Patio

By Bud Dietrich, AIA

It’s more than just a patio door — it’s an architectural design element. Here’s help for finding the right one for your home and lifestyle

LIFE Create a 'Forever House' Connection

By Laura Gaskill

Making beautiful memories and embracing your space can help you feel happy in your home — even if you know you'll move one day

LIGHTING The Lowdown on High-Efficiency LED Lighting

By Karen LeBlanc Design TV Host & Writer/Blogger

Learn about LED tapes, ropes, pucks and more to create a flexible and energy-efficient lighting design that looks great

CONTRACTOR TIPS Learn the Lingo of Construction Project Costs

By Ventana Construction LLC

Estimates, bids, ballparks. Know the options and how they’re calculated to get the most accurate project price possible

COMMUNITY Discover the Joy of Welcoming New Neighbors

By Alison Hodgson

Don't worry about a perfect presentation — a heartfelt note and a simple treat create a wonderful welcome to the neighborhood

HOME TECH In Rarefied Air: Meet 3 Cutting-Edge Home Sensors

These new all-purpose sensors send alerts to your smart phone about temperature, air quality and a whole lot more. Why not?

Sponsored

More Discussions

Overamping and hard start kits

31

Collar to join two 4 x 10 heat registers

6

Installing a powder room on main floor with hydronic radiant heat theo

3

Moving the furnace? How difficult and how costly?

4

humidifier for a furnace in a closet

0