
A new smart device that “takes the guesswork out of watering.” An IoT device that extends the boundaries of your smart home into the yard? Sure, what could go wrong? Turns out, sometimes, when things are designed with security in mind, not as much. The Rachio smart sprinkler controller is a highly-reviewed IoT device that lets you start and stop your sprinklers from your phone. As another of the growing number of consumer IoT devices in your home network, it is also another potential infection vector for malware or attack vector for hackers. This blog details the methodology used to explore the potential attack surface on the device. The intention was to find vulnerabilities as that’s what I do for my day job. However, I was pleasantly surprised given my past exploration of similar IoT devices. My research didn’t dig up any vulnerabilities in the Rachio3. Rachio3 smart sprinkler controller....