News
SHARE
Facebook X Pinterest WhatsApp

Thermostat Security: Trane Was Slow to Fix Issues, Cisco Reports

Why are IoT device makers so slow to fix security flaws?

Written By
thumbnail
Sue Walsh
Sue Walsh
Feb 10, 2016

Cisco announced Feb. 8 that they had found three vulnerabilities in the Comfortlink II IoT thermostats manufactured by Trane. The thermostat security flaws could have allowed hackers to take over the device and network it was connected to.

Trane has since fixed the issue, but Cisco was quick to point out they’d been notified of the issue two years ago and had just now gotten around to fully patching it. They issued a partial fix in April of 2015 and a full patch on Jan 27, which can be downloaded as firmware update here.

“The unfortunate truth is that securing internet-enabled devices is not always a high priority among vendors and manufacturers,” said Cisco threat researcher Alex Chiu, a Cisco threat in a blog post Monday. “While IoT devices such as smart thermostats, home lighting, and security systems bring an added level of convenience into our lives, these vulnerabilities highlight the dangers of insecure development practices.”

 Related: Why IoT security remains abysmal

The flawed firmware provided two sets of user credentials with hardcoded passwords. A hacker could have used SSH to undermine thermostat security by logging into the device and gain access to a fully functional Linux OS toolkit called BusyBox. It also allowed buffer overflows to be used to gain unauthorized access to the device.

Aside from issuing the patched firmware, Trane hasn’t publically commented on the matter.

Trane is not the only company to have issues with thermostat security or IoT-device security in general. Princeton university researchers announced Jan. 20 that they found security flaws in Nest smart thermostats, as well as home IoT devices such as smart speakers and video cameras.

Want more? Check out our most-read content:

White Paper: How to ‘Future-Proof’ a Streaming Analytics Platform
Research from Gartner: Real-Time Analytics with the Internet of Things
E-Book: How to Move to a Fast Data Architecture
The Value of Bringing Analytics to the Edge
 What’s Your Business Intelligence System? How About Your Culture
Video: Rocana Rolls Out 1TB of Free IT Monitoring

Liked this article? Share it with your colleagues!

thumbnail
Sue Walsh

Sue Walsh is News Writer for RTInsights, and a freelance writer and social media manager living in New York City. Her specialties include tech, security and e-commerce. You can follow her on Twitter at @girlfridaygeek.

Recommended for you...

thumbnail
Open Source Talent Shortage Expected To Increase in 2022
News
Open Source Talent Shortage Expected To Increase in 2022
David Curry
Jul 12, 2022
thumbnail
Volvo Puts IoT and AI in the Driver’s Seat for Vehicle Connectivity
News
Volvo Puts IoT and AI in the Driver’s Seat for Vehicle Connectivity
Sue Walsh
Nov 6, 2020
thumbnail
Cybersecurity and Digital Trust Companies Team for IoT Threats Detection
IoT Security
Cybersecurity and Digital Trust Companies Team for IoT Threats Detection
Sue Walsh
Oct 12, 2020
thumbnail
Cornell Researchers Create the Country’s First Statewide IoT Network
Internet of Things
Cornell Researchers Create the Country’s First Statewide IoT Network
Sue Walsh
Oct 9, 2020

Featured Resources from Cloud Data Insights

thumbnail
The Difficult Reality of Implementing Zero Trust Networking
Governance
The Difficult Reality of Implementing Zero Trust Networking
Misbah Rehman
Jan 6, 2026
thumbnail
Cloud Evolution 2026: Strategic Imperatives for Chief Data Officers
AI/ML
Cloud Evolution 2026: Strategic Imperatives for Chief Data Officers
Salvatore Salamone
Dec 25, 2025
thumbnail
Why Network Services Need Automation
AI/ML
Why Network Services Need Automation
Salvatore Salamone
Dec 15, 2025
thumbnail
The Shared Responsibility Model and Its Impact on Your Security Posture
Cloud Strategy
The Shared Responsibility Model and Its Impact on Your Security Posture
Nazy Fouladirad
Dec 6, 2025
RT Insights Logo

Analysis and market insights on real-time analytics including Big Data, the IoT, and cognitive computing. Business use cases and technologies are discussed.

linkedin
x
facebook
rss

Company

About us Contact us Our Team Engage with Us Write for us Brain Trust

Categories

IoT Real-Time Analytics Artificial Intelligence Big Data Industries Use cases Reports Resources

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information