Attacking My Landlord's Boiler

RF hack and thermostat security

• Many commenters enjoyed the RF reverse‑engineering and automation, calling it a fun, well‑executed hack and praising the write‑up.
• Others note the protocol’s “encryption” is undermined by lack of replay protection; it’s effectively just obfuscation.
• Concern is raised about unintentionally controlling neighbors’ boilers, but several people point out these systems typically use pairing/binding with unique IDs, so cross‑control is unlikely.

Alternative technical approaches

• Several propose simpler attacks:
  • Put the thermostat in a controllable hot/cold box (Peltier element, ice packs, heating element) to spoof sensed temperature.
  • Replace or bypass the RF receiver with a relay (ESP32, Shelly, Sonoff) wired into the boiler’s call‑for‑heat contacts.
  • Swap the sensor (e.g., thermistor → digital potentiometer) rather than heat/cool the physical device.
• Some argue these would be easier and safer than SDR work; others prefer the RF route to avoid visibly modifying landlord hardware.

Tenant, landlord, and legal issues

• There’s extended debate over what tenants may modify: in some jurisdictions any hard‑wired change is forbidden; in others reversible changes are tolerated.
• Risks mentioned: liability if the boiler fails, surprise inspections, and even no‑cause evictions in some places.
• Some think this level of paranoia is excessive; others with landlord experience say visible “hacked” gear will absolutely trigger conflict.

Thermostat UX and “ideal” design

• People criticize common programmable schedules (“wake/leave/return/sleep”) as mismatched to modern, irregular or WFH lifestyles.
• Preferences split between:
  • “Dumb” dial‑style thermostats that just hold a setpoint.
  • Moderately smart devices (Nest, Ecobee, Tado) with presence detection and remote control—but often with “smart” features disabled.
• Consensus: no one‑size‑fits‑all thermostat; simpler, predictable behavior is often valued over AI “learning.”

Heating efficiency, comfort, and control strategies

• Long, technical back‑and‑forth on whether it’s better to:
  • Run heating nearly continuously at low flow temperatures with outdoor reset (good for condensing boilers/heat pumps, comfort, and efficiency in well‑insulated homes), or
  • Use deep setbacks and short, powerful heat bursts (often better in poorly insulated or radiator‑based systems).
• Participants emphasize:
  • Heat loss scales with temperature difference; a warmer house loses more energy.
  • Condensing boilers and heat pumps are more efficient at lower water temperatures, complicating the simple “turn it off when away” advice.
  • Comfort depends heavily on surface and wall temperatures (ISO 7730, radiant effects), not just air temperature.

SDR, RF tools, and spectrum concerns

• Discussion of HackRF’s “frequency smearing” and harmonics; some warn knockoff SDRs may pollute adjacent bands.
• rpitx on a Raspberry Pi is mentioned as a minimal‑hardware transmitter using GPIO as an antenna, but multiple commenters call this extremely dirty and unsuitable outside a lab.
• Flipper Zero is cited as a capable 433/868 MHz tool under custom firmware; others warn that even legal tools can draw unwanted law‑enforcement scrutiny depending on context and behavior.

DIY home automation experiences

• Several describe rolling their own control with Home Assistant, Zigbee sensors, smart plugs/relays, and per‑room logic (e.g., combined underfloor+radiator strategies, radiator TRVs that can call the boiler).
• Off‑the‑shelf “smart” systems (Honeywell, Tado, Siemens) are criticized as expensive, limited, or opaque compared to a custom HA setup—though some note these DIY systems can be a maintenance nightmare for future owners.

Regulation and Online Safety Act

• Commenters highlight the blog’s removal of its comment section due to the UK’s Online Safety Act, framing it as a disproportionate compliance risk for small, self‑hosted sites and a chilling effect on hobbyist discussion.