Comment by thrtythreeforty

thrtythreeforty Aug 29, 2024 parent

What the hell, why does a control system need an AES-secured control channel at all? The only possible intention is to make interop more difficult. If they wanted security then they wouldn't use a hard coded AES key.

gstar Aug 29, 2024

It 100% is designed so that you have to use their hardware.

cameldrv Aug 29, 2024

The biggest maker of garage door openers in the U.S. has done the same thing. For a button that goes on the wall to open the door, now it sends an encrypted code instead of just shorting two wires so that you have to use their button instead of a regular doorbell button like people have been doing for decades.

cyberax Aug 29, 2024

I can't recommend ratgdo (Rage Against the Garage Door Openers) project highly enough. It implements the protocol and allows you to interact with the door: https://paulwieland.github.io/ratgdo/

The protocol itself is crazy, with obfuscated ternary data (instead of binary). People who reversed it are heroes.

spikej Aug 29, 2024

Which company, and which product did you see this with?

cameldrv Aug 29, 2024

Chamberlain and Liftmaster do this. They’re both owned by Chamberlain group and I believe they are the two most popular brands.

It’s caused tons of headache for people doing home automation stuff, especially since Chamberlain has cut off API access to home assistant. Then the home assistant people figure they’ll just rig a raspberry pi or something to short two wires, but then they hit this encryption nonsense.

spikej Aug 31, 2024

That's nuts!

For what it's worth, I bought this for my old chamberlain. https://gotailwind.com

I was looking into replacing the old unit with a new one with myq but then read about all the problems and decided to give this a shot. 3 years in and it's been a good decision.

rogerrogerr Aug 30, 2024

Heh, bet you can just short the contacts the button usually closes. Really hard to DRM a button.

coupdejarnac Aug 29, 2024

Chamberlain devices do this. Genie devices do not.

1-more Aug 30, 2024

Genie is nice; you can add Homekit with any of Meross's garage door doodads for $50ish

WWLink Aug 30, 2024

I blame it on cybersecurity experts lol. They probably went all alarmist and decided that having that was a giant security risk.

Arrath Aug 29, 2024

God that's just insane.

Liquix Aug 29, 2024

so if the company has established they're willing to go that far to lock customers into their ecosystem and milk for $$$... it's not inconceivable that they also engineered (or chose not to fix) the cheap flash + chatty logging hardware failure for the same purpose.

raxxorraxor Aug 29, 2024

I would switch brands instantly. This is a company that has no customer orientation and I have never seen a company recover from that (they might have financial success, but they will never create good products again). They probably will sell you expensive crap. This time the device was fixable, but the manufacturer worked against the user on that.

tracker1 Aug 29, 2024

So, you'd rather spend $12k+ to replace the entire system just to spite the manufacturer over making a minor patch to support a new tablet yourself?

voyagerfan5761 Aug 29, 2024

Shouldn't have to replace the aircon/heat-pump components, only the controller hardware. OP indicated that a new control system would be about $1700 (I assume AUD), or 14-17% of their 10k-12k estimate for the whole build.

Unless this scummy manufacturer also works with the aircon makers to lock those to their controllers. (That would be a great lawsuit to watch.)

yuye Aug 29, 2024

Seems those tablets die not long after the warranty expires.

I'm willing to bet money on that it's planned obsolescence, especially considering their "technology keeps moving forward" bullshit.

zeroflow Aug 29, 2024

I'm offering you a different viewpoint:

They made the analysis, how long the flash will live and saw, that it will make it out of the warranty period. Thus they did not opt for more durable and expensive flash and/or software change.

I've seen this myself before. One process step before release of the control module was a write cycle analysis to make sure the unit will live for at least 10 years (i think) before the guaranteed write cycles of the flash memory were consumed.

audunw Aug 29, 2024

You're both missing one of the more likely explanation.. that nobody gave much thought about how long the device would last. "It's solid state electronics, it'll probably outlast the warranty anyway".. I can imagine an aircon company puts a lot of effort into analyzing the air-conditioning unit itself to make sure it lasts at least as long as the warranty, with good margin. But I can totally see them winging it on an external control device, which was perhaps even a project they outsourced anyway.

I don't think actual malicious planned obsolescence is as prevalent as many believe. A device breaking right after warranty is not a good strategy to get repeat customers. It's also a huge risk if you miscalculated and you suddenly get a lot of warranty cases. You want a lot of margin there.

I've been involved in the design of a thing myself, where something the manufacturer hadn't clearly communicated - and we just barely caught - could have made the device die just around a typical warranty period for such a device. When we found out, of course we worked on this problem to make sure it didn't die prematurely.

14 More Comments →

yuye Aug 29, 2024

>Thus they did not opt for more durable and expensive flash and/or software change.

Opting out of a more durable solution when you know the device will break right after warranty is still planned obsolescence.

muppetman Aug 29, 2024

Isn't that kinda the definition of planned obselence? You plan so that past you point you have to care, it could well die/become useless?

TeMPOraL Aug 29, 2024

Planned obsolescence is when you purposefully design it to fail as soon as possible (but past any warranty period), to force repeat purchase.

WhyNotHugo Aug 29, 2024

In other words, _Never attribute to malice that which is adequately explained by stupidity._

This device should not need to write to storage. It has to save settings when the user manually changes them, which can't be more than a few kilobytes per year. Any other writes are likely an oversight on the developer's part.

nikau Aug 29, 2024

I'd guess they just didn't think of flash wear, like Tesla did in the early model s , and they got lucky they failed outside the warranty period.

foobarian Aug 29, 2024

Everybody forgets the noatime thing at least once in their career

datavirtue Aug 29, 2024

Companies don't encrypt anything unless required. Except for code and databases...they encrypt and obfuscate those to keep people running back to them.

Source: my customers

marcus0x62 Aug 29, 2024

Anti circumvention laws don’t require good locks to provide the manufacturers a legal cudgel to use against anyone with the temerity to think they have the right to use and fix things they have paid for. The law (DMCA in the US, it looks like something called the Digital Agenda Act in Australia) is the real lock, not that AES key.

c_o_n_v_e_x Aug 30, 2024

In theory, connected devices that control large energy loads ("large" on a household level of energy consumption) can be coordinated at scale to "attack" the power grid via instantaneously switching 1000's of units on and off at the same time.

That being said it's more likely the hardware mfg is just trying to claw in more margin.

This item has no comments currently.

Preferences

Keyboard Shortcuts

Story Lists

Navigation

Miscellaneous