Management / British Gas ‘smart heating’ app exposed data potentially useful to burglars
British Gas ‘smart heating’ app exposed data potentially useful to burglars
19 August 2015 |
A ‘smart heating’ app from British Gas did not encrypt customer data, allowing burglars to intercept information and figure out when homes would be empty, according to an investigation by Which?.
The Hive Active Heating app is used by the energy firm to allow customers to schedule their heating remotely.
Potential burglars would only have to hack in to customer WiFi to see the unencrypted data, which contained labels such as ‘awake’ and ‘away’.
Hive said that the app never sent data which could pinpoint where someone is in relation to their home.
However, it admitted that it had worked on the assumption that user WiFi would automatically be universally encrypted.
A spokesman for British Gas said that all data related to customers’ heating schedules has now been encrypted.
The investigation also looked at Nest’s smart heating system, which like Hive is owned by Google.
Nest was found to send user postcode information on an unencrypted basis, despite claiming that all information sent was encrypted.
Nest maintained that it only used customer postcodes, which could not be used to identify empty homes. It has since encrypted its postcode data.