Smart thermostats, Rabbits, and TV Pickup

In a paper titled Unintended consequences of smart thermostats in the transition to electrified heating, researchers discovered that most people don’t bother changing the default heating times on these thermostats. As a result at 6am, the strain on the electricity grid peaks as every thermostat clicks on. Akin to launching an inadvertent DDoS attack.

Of course, to those of us who live in the UK, this is nothing new. TV Pickup is a long-standing phenomenon whereby whenever the adverts come on during a popular show, everyone runs to put on the kettle – imposing an extra demand of around 200-400 megawatts.

Fun fact, the largest pickup demand of 2800 MW was in 4 July 1990, England v West Germany world cup semi-final penalty shoot out. The final episode of The Thorn Birds demanded 2600 MW on 22 January 1984.

With more on-demand TV, TV pickup isn’t a big an issue as it once was. But having smart devices all set with the same default time is.

Which is interesting because when we think of defaults on smart devices, we often think of default passwords, or ports, or something else that should (but rarely) be changed.

In February 2022 Microsoft announced it would disable Office macros by default. But then in July the company unexpectedly rolled back the decision. I won’t pretend to understand all the factors that played into reversing the decision, and I’m optimistic that MS will disable macros by default in the future. But it does beg the question – why do we allow insecure as the default to be shipped in products, hardware or software?

A fox can run at about 30-40mph, a rabbit hops at around 18mph. If a rabbit had default settings, it would hop in a straight line and get caught by the fox each and every time.

But a rabbit doesn’t have default settings. It hops in an unpredictable zig zag manner that is often enough to confuse the fox and escape.

What I’m saying is that unpredictability is a really good defensive tactic and can frustrate attackers till they give up and move on. So leaving things at default is not the best idea. I mean, you could even bring down the power grid if you’re not too careful.


Thinking like a rabbit, smart meters, and TV pickups #cybersecurity #smartdevices #defaultpassword

♬ original sound – Javvad Malik