[fsckin]

A few years ago, I bought an internet module add on for a Honeywell alarm system and was shocked to find that the control UI communicated in plain text with no authentication to the internet module. The module broadcast its address across the entire network every few seconds.

At any location that has one of these installed on a weak WiFi network (an unfortunately likely combination), it would be feasible to crack the network and brute force disable the alarm from the outside, disabling the alarm before ever setting foot inside.

Let's just say I wont be buying any Honeywell products in the future.