Heatmiser PRT-TS Wi-Fi thermostat review & troubleshooting tips

Heatmiser PRT-TS Wi-Fi thermostat

I recently decided to replace my central heating programmer with a programmable thermostat, and decided to go for the geeky option: a wi-fi connected model! So I ordered a PRT-TS Wi-Fi from Heatmiser, which can be controlled both via a Web browser and an iPhone app.

Overall, I’m happy with the product but I found it a little tricky to set up. The instructions don’t go into a huge amount of detail, a problem which is compounded by the fact that the Heatmiser support site was devoid of any information on this particular model at the time of writing, so I have discussed my difficulties below and explained how I resolved them.


I won’t go into too much detail on the physical installation, but suffice to say, most people should get the unit fitted by a qualified electrician. There’s only a page and a half of the small (A7 size) manual devoted to it, plus three wiring diagrams, and any mistakes could damage the thermostat and/or the boiler. The thermostat is designed to be flush mounted into a standard 35mm deep single back box. It can be surface mounted but it won’t look as good, particular as the thermostat is a few centimetres larger than the back box at each edge. I chose the latter option to save money, but will have it flush mounted at a later date. I will be interested to see what effect flush-mounting has on the Wi-Fi signal strength, if any.

Appearance & usability

The thermostat is essentially a PRT-TS with an added Wi-Fi card, and it looks exactly the same from the outside. It’s reasonably modern-looking (as far as thermostats go!) with a touchscreen illuminated by a blue backlight. It displays the room temperature in the middle of the screen, which can be adjusting using the up/down icons below it. A slight niggle is that it can be difficult to see what you are doing – the backlight doesn’t come on until you touch an icon, by which time it is too late. I would personally prefer the backlight to come on when touching any part of the screen (not just an icon) and the unit to only respond to icon presses when the backlight is on.

A nice feature is the “Screen” icon which locks the screen for 15 seconds, allowing time to clean it without accidentally activating any functions.

You can also view and set heating programmes, set the clock, enable temperature hold and holiday modes from the touch screen. I found setting the time slightly strange, as the down button changes the hour down and the up button changes the minute up – changing the date works in a similar way with the month and day – but this is something that is rarely necessary to change and can be done from the Web interface or iPhone app anyway.

Wi-Fi setup

Setting up the Wi-Fi connectivity nominally requires a Windows PC and the configuration utility supplied on CD. However, when plugged in via USB, the device presents itself as a USB mass storage device (albeit a very small one: 6.5KB) containing a single file – CONFIG.TXT – which contains the network configuration information in plain text, which could easily be edited by hand by users of other platforms such as Mac or Linux. The file is fairly self-explanatory – the only thing worth pointing out is that the KEYMODE parameter (wireless encryption type) must be either WPA, WEP or OPEN.  There’s a slight security issue in that if someone were to steal your thermostat, they’d have access to your wireless key, thermostat password and PIN, but this is a fairly unlikely scenario!

I had trouble getting the unit to connect to my Wi-Fi network until I switched my router (Linksys WRT54GS with Tomato firmware) from WPA only to WPA+WPA2 encryption. I’m not sure whether this means that the PRT-TS needs WPA2 encryption to operate (despite the configuration utility only showing WPA), or whether there is an issue with my particular router, but if you’re having trouble, it’s worth enabling WPA2 on your router. Before I managed to get WPA+WPA2 working, I tried using WEP encryption as a test but the configuration utility wouldn’t let me save the changes. I didn’t play with the OPEN option, so I’m not sure whether this refers to unencrypted Wi-Fi (and therefore will ignore any username/password) or WEP Open System encryption.

The device requires a static IP address, and port 8068 must be forwarded via the router if remote connection via the iPhone app is required.

It’s worth noting that the front part of the thermostat detaches from the rear, so it can easily be removed once installed, and the front part will power up when attached via USB which means you can set up and test the Wi-Fi connectivity before installing the unit on the wall. This isn’t mentioned in the manual, and neither is the fact that a Wi-Fi icon (similar to the one used on the iPhone) appears on the display when connected successfully.

Browser interface

The browser interface is full-featured if a little basic-looking – it’s reminiscent of a router interface from ten years ago. The so-called “Live View”  panel on the right shows the actual temperature (to one decimal place), set temperature and heat status, and a refresh button as it doesn’t seem to auto-refresh. The main interface allows you to view and adjust heating programmes, temporarily override the temperature, lock the keypad remotely, set the clock and change network settings. There doesn’t seem to be a way to change the port on which the Web interface is accessible, which would be a nice feature to have.

It doesn’t contain any form of logging functionality, so it’s not possible to view temperature changes over time. This would be nice to see in a future firmware update, but I’n not holding my breath.

iPhone app

The iPhone app, a free download from the App Store, is similarly utilitarian. It allows you to see the current temperature (rounded to the nearest degree, unlike the browser interface), set temperature (which can be adjusted) and heat status. You can also view and adjust heating programmes via the app.

One quirk of the app is that you have to select whether you want to connect locally (i.e. when you are on your home Wi-Fi network)  or remotely (via the Internet). It would be nice if the app could determine whether you are home or away and select the corresponding connection method dynamically.

The interface is fairly bland but it does the job. It’s a shame that the graphics aren’t retina ready, so they look jaggy on the iPhone 4 (which has been out for more than a year, so you would have expected Heatmiser to have updated their app!). It would also be nice if a future version of the app came with iPad support – the current version works fine on the iPad but doesn’t take advantage of the bigger screen.

I was left scratching my head for a while, as I was originally able to connect via my Web browser but not via the iPhone app. This resolved itself once I moved my router closer to the thermostat, so it seems that the protocol used by the iPhone app is less forgiving of low signal strength (and potential packet loss) than standard HTTP over TCP/IP. Again this is something that should perhaps be mentioned in the manual.


It’s a version 1 product, so is sometimes a little rough around the edges, but the hardware is solid and the product could easily be improved with updates to the Web interface and iPhone app. The manual is fairly basic, which I can understand is necessary to minimise the size and weight of the box, but why not include a more detailed version on the included CD and/or on the Web?

One final point is that I was slightly perturbed to find that the thermostat, which I paid £150 plus delivery for via Heatmiser’s own shop, is available for as little as £126 delivered from some resellers, so it pays to shop around!


Heatmiser tweeted me and pointed me towards their document download area which contains some useful information. They also say they’re working on a new version of the iPhone app, iPad and Android support, multi-zone and logging functionality, and suggest that users email support@heatmiser.co.uk with any further suggestions.

Also, the £126.20 price I found is actually ex-VAT (thanks Luke!) so it is actually best to buy from Heatmiser directly.

Samba free mobile broadband

I recently applied for, and was accepted into, a trial for the Samba Mobile free mobile broadband service. Samba provide a 3G USB dongle for which you are able to build up credit by viewing video ads via a Firefox extension which also installs a “battery” icon in your navigation bar showing your available credit in days. The more ads you view, the more days of credit you get.

Once you’ve built up enough credit, you can browse the Internet as with any other 3G dongle. According to the paperwork that was supplied with the welcome pack, the dongle and SIM are provided by Nutshell Mobile, which in turn is an MVNO running on the Three network. The supplied ZTE MF112 dongle is the standard Three device (with a paper Samba logo sticker covering the Three logo!), complete with the same standard 3Connect software that Three supply. It all worked flawlessly on my main Windows machine (although I wasn’t able to send/receive texts or view my account details as presumably these features aren’t available on the Nutshell/Samba SIM) and I was even able to get online using my spare Linux machine thanks to the Sakis3G script.

It’s worth pointing out that there are no ads forced upon you as you use the service, so it doesn’t get in the way of your normal browsing. You just need to remember to keep topping up your credit by viewing ads, which is pretty painless and something you can easily do with the sound turned down while you’re doing something else. I would expect the service to stop working when I run out of credit, but I wonder if it would continue to allow me access to the Samba site to build up some more credit on the go.

The Samba website is fairly basic (complete with the misspelt “live alot” tagline) and sparse in information – I have no idea, for example, what the monthly data transfer limit is – but it’s early days and I’d expect that the site would be fleshed out prior to a public launch. Samba might also want to consider switching to a courier service more reliable than CityLink as it took me well over a month to receive my welcome pack!

Ideally, I’d like to see Samba develop their own multi-platform client software that provides a way to view ads and remaining credit without forcing users to use Firefox (not that I have anything against Firefox, but it’s not my primary browser), and maybe provide other ways of getting online such as MiFi hotspots to support a wider range of devices (think iPod and non-3G iPad users), but these things could come later.

I think the Samba Mobile service has the potential to be really popular with consumers, because it offers a useful service for free that would be fairly costly if  bought directly from an operator such as Three. I only hope that their is enough advertising revenue to keep the service afloat, as it would be a great shame if the service wasn’t able to get off the ground.

WHSmith.co.uk – one to avoid!

Earlier this month, I placed at order at WHSmith.co.uk for the first time since 2008. 15 days later and there has been no sign of my item, so I checked my order status on the website. It’s showing as “Part-complete” which apparently means “Some of the items ordered have been sent or cancelled and the others are in progress”. I don’t understand how this can be possible, given that the order is for a single item.

The product page is showing as out of stock  and unavailable to add to the shopping basket, so it seems unlikely that my order would be fulfilled so I’m surprised that it hadn’t been cancelled automatically.

I expected to be able to cancel the order myself via the order management page, but unfortunately this wasn’t an option due to the order’s inexplicable “Part-complete” status. So, intending to ask Customer Services for a refund instead, I headed off to the Contact Us page, clicked on the top option (Contact WHSmith) and was greeted with…. an error message! To their credit, the error message quotes a telephone number for contacting the Customer Services team, but this is only open from 9am to 5.25pm Monday to Saturday. Not much use at 8 o’clock in the evening, then.

So I clicked around a bit more and found the Cancel Order page, which suggests emailing customer.services@whsmith.co.uk. I did this, and very promptly received a response. Unfortunately, it was an Invalid Recipient error from the mail server!

I searched my mailbox and found an old password reset email from support@whsmith.co.uk, so tried this address and I received an autoresponse indicating that my email had been received by the customer services team.

Hopefully I’ll get my refund soon, but needless to say I won’t be shopping at WHSmith.co.uk again.

Update (11 Oct 2010): Looks like my email has been ignored as I haven’t heard anything since I got that autoresponse two weeks ago, and my unfulfilled order is still showing as part-complete. However, the Contact Us page seems to be working now, so I’ll give that a shot!

Update (28 Oct 2010): I have finally received a response from WHSmith: “I can confirm your card was refunded on 29 September 2010, and that the order has been cancelled but, due a system error the status has not changed.”

Review: Standby Saver

Browsing around Tesco on my lunch break today, I picked up a Standby Saver for £20. I’d seen it pitched on Dragons’ Den, and the box boasts of an average electricity saving of £37 per year, which seemed like a decent enough saving given the price of the unit.

At first glance, the Standby Saver looks much like any other 6-way power adaptor. Closer inspection reveals a small headphone-like socket (into which connects the supplied infrared receiver), an LED and a recessed push switch.

Standby Saver

The first thing to do is unplug your devices (for me, the TV, Freesat box, PS3, Wii, CD player and amplifier) from the mains and plug them into the Standby Saver. At this point I should mention that two of the six plugs are switched, so you can use them either as “mains” (e.g. for a Sky+ box or DVD recorder which obviously must remain on to record programs) or “standby” which means that, like the other four sockets, they will be powered down when the Standby Saver is in “standby” mode.

The next step is to plug the unit into the mains, switch it on at the wall, wait a few seconds, then and then push down the recessed “mode” button (the setup guide advises against using anything metallic, which is probably good advice as you’re fairly close to mains electricity – I went for a matchstick) until the LED turns red. Then point the remote at the supplied IR receiver, press the button on your remote (I chose the standby button on my TV remote) twice to set the “on” command, and then press the “off” button (I again went for the TV “standby” button, although you can use different commands for on and off if you wish). And that’s it… theoretically!

Unfortunately I had some problems getting started, which required a visit to the Troubleshooting section of the Standby Saver website. The instructions don’t mention this, but the LED was green when I first switched the unit on (it shouldn’t be illuminated at all) meaning that I had to follow the eight-step guide from the website before I was able to perform the above setup process successfully.

Once the setup is complete, the devices plugged into the four main switches (and either of the two switched ones, if the switches are in “Standby” position) should be completely powered off (as if they were unplugged from the mains). I pressed the Standby button on my TV remote and my devices sprung to life. Pressing Standby again powered everything off. Simples!

I found that “power off” can be a bit finicky – my TV (a Samsung 32″ LCD) reacts to the “standby” button before the Standby Saver, so if I don’t hold down the standby button for long enough to power everything off, the TV goes into standby and everything else stays on. A second push of the button remedies this though.

So, for those reasons, I’m out… no wait, I’m in… and I give the Standby Saver 9 out of 10. Despite the initial frustration in setting it up, it does what it says on the tin, although only time will tell whether it has made the advertised difference to my electricity bills. The two switchable sockets are a nice feature, and the Standby Saver’s clever way of “piggybacking” onto the signal from the chosen remote means that you don’t have to leave a “master” device (e.g. a TV) in standby at all times. A friend has a similar device that instead monitors the power draw of his LCD TV and when the the device believes the TV is in standby, it drops power to his connected devices. Unfortunately this means that if the screen goes dark for a few seconds due to whatever video source he is using, it drops the power!

I should point out that there’s also a USB version of the Standby Saver available, which I haven’t tried but appears to work in a similar way: instead of the IR receiver, it has a USB lead, which is plugged into your PC or laptop. When machine is powered off, the Standby Saver detects this and drops power to connected peripherals.

The Geil iBall

I recently bought the 512MB iBall from Geil, a company perhaps better known for their high-performance computer memory. Labelled as a “GMV Player” (or “MPV Player” on some versions), it can play video files on its tiny OLED screen as well as acting as a simple MP3 player. I haven’t experimented with the video feature beyond watching the included sample clips, and I have to say that I wasn’t impressed with the quality.

Geil iBall

It looks fairly stylish and works perfectly as a standard MP3 player bar one somewhat major flaw – it won’t resume from where you left off if you switch the unit off and on again, so you end up having to skip the tracks you’ve already heard. This would probably have caused me to return the player if it wasn’t so cheap (£2.99 from the Overclockers B-Grade section, no more left unfortunately!).

The player also packs an FM radio no better nor worse than those I’ve seen bundled into other MP3 players and mobile phones, an e-book/text file viewer which allows you to view an impractical 24 characters at a time, a voice recorder which  haven’t experimented with, and a picture viewer which I imagine is of similar quality to the video player.

All in all, it’s a fun little toy but not what I’d consider a serious digital audio player. Much more details over at Dan’s Data, an independent PC hardware and gadgets blog which I recommend highly, by the way.

Pixmania review

I recently ordered a printer from Pixmania, something I would normally buy from Ebuyer but for some reason they kept cancelling my order.

The site is nicely designed, but it has a number of quirks. Firstly, every time I go to pixmania.co.uk or pixmania.com, I’m asked for my country. I’d expect to go straight to the UK site when using the .co.uk domain, and perhaps to be asked once when using the .com. Ebuyer looks at my IP address and automatically sends me to the UK site; kelkoo.com asks me my country every time but at least kelkoo.co.uk takes me straight to the UK site.

Anyway the shopping process seemed OK – their “Zen Engagement” extended warranty and “VIPix” loyalty card was automatically added to the basket but thankfully I was able to remove them. I have no need for an extended warranty on a disposable printer (I’m replacing my old Samsung ML-1510 simply because I need a new cartridge, and it’s almost as cheap to buy a whole new printer) and while the loyalty card scheme – £14 for a year’s free delivery and 7% discount off certain products – might be useful for regular buyers, I don’t expect to buy from Pixmania again in the near future.

It becomes obvious that Pixmania is a French site, hastily translated to suit other markets, because of the examples of broken English scattered through the site: “Your delivery mode”, for example.

Order tracking is a bit strange too: my printer was dispatched 4 days after placing my order, but I didn’t get an email advising me of this; I had to keep checking the order tracking page on the website, which on one occasion appeared in French! Even when it did display in English, I clicked on the parcel number to go to the Parcelforce online track & trace service as instructed, but then had to enter the tracking ID manually; I’d have expected it to go straight to the details for my parcel as happens with countless other online suppliers. The Parcelforce site isn’t particularly helpful either – I’m told that “Progress of the parcel you’ve enquired about is displayed below” but there’s nothing there!

I must say I’m slightly regretting ordering from a site that has so many annoyances. Ebuyer and even Amazon aren’t perfect, but in the case of Pixmania, it just seems like the effort to make the shopping experience “as fluid as possible” (from their own About Us section) just hasn’t been made.

Anyway, the order worked out slightly cheaper than Ebuyer would have, and although it hasn’t arrived yet, I’m not in a huge rush, although it would be nice to have it by Saturday (a week after I placed the order).

Update: It arrived eventually, and the printer is a pretty good. Interestingly, the Dell 1100 printer is built around the same chassis and print engine, although the Samsung is faster.

Why I don’t recommend the Belkin OmniView E-Series 4-port KVM


I have acquired a new machine which I’m currently using for Linux (Ubuntu) experimentation, bringing my total up to three, so I decided to replace my old 2-port KVM (a cheap one from Ebuyer) with a 4-port Belkin model from Aria.

It came to just over £33 for the Belkin OmniView E-Series KVM (Belkin part number F1DB104P) and four sets of 1.8m cables (part number F3X1105B) – not exactly expensive, but nevertheless I expected it to work properly, especially with the Belkin name.

I connected up my primary system and immediately noticed visible ghosting/shadowing, similar to what I would expect from using unshielded cables. I was surprised as the cables seemed fairly thick and weighed a lot more than the cables which were bundled with my old 2-port. I’m using a Samsung SyncMaster 173s (17″ TFT) running at 1280×1024 pixels with 32-bit colour and a 60Hz refresh rate, driven by a GeForce 5200 card. Interestingly, the ghosting was less noticeable when using a VGA adaptor on the DVI port instead of the VGA port directly, but it was still there.

Belkin have cunningly used a non-standard cable design – whereas all KVMs I have seen use male PS/2 and VGA connectors on both ends, Belkin KVMs require male PS/2s on either end, a male VGA on one end and a female on the other. This makes it difficult to use non-Belkin cables as neither standard male-male KVM cables (as supplied with my previous KVM) nor male-female KVM extension cables can be substituted.

Out of curiosity, I took the KVM out of the equation and used one of the cables as a monitor extension, plugging the male end into my graphics card and the female end into my monitor’s VGA plug. The ghosting still happens, and reading around suggests that the cables aren’t suitable for resolutions above 1024×768 – indeed, lowering my resolution causes the ghosting to disappear, but this is hardly an acceptable solution.

I have considered returning the KVM and cables to Aria, but their online system refuses to issue an RMA for the KVM until I call their 60p/minute technical support line first, and insists that I must contact Belkin in order to return the cables. On top of that, there is a £2.99 testing fee and £6.95 return postage payable per item should they fail to identify a fault, plus the cost of me sending the item to Aria. So it’s not really worth returning the item for the sake of £33, but I’ll certainly learn from this experience and use an alternative supplier in future.

I have ordered both a VGA gender changer (so I can use my old KVM cables) and an SVGA extension cable (instead of the Belkin male-female cable) to see what works best and whether I’m able to solve the problem myself. The two came to just under £7 from Redfish Computing, a company I found through eBay. I won’t recommend them or otherwise until I’ve received the goods (or otherwise!)

Even if I’m able to solve the ghosting, there are still a couple of annoyances with the unit itself. The beep it makes when switching displays as horrible – much louder than my old KVM – and, more seriously, the mouse goes mad when switching from my Windows machine to my Ubuntu box. I haven’t tested my old KVM on this particular Linux machine, so can’t say if it’s only the Belkin’s fault, but I will experiment later. A couple of things you can try is editing /etc/modules (sudo vi /etc/modules) and changing the psmouse line to:




I haven’t been able to get this working 100% yet – sometimes the mouse still loses control when switching, but I am able to use the keyboard to switch to and log in to a text-only session (Ctrl+Alt+F1) then type the following:

sudo modprobe -r psmouse
sudo modprobe -a psmouse

I can then switch back to the graphical X session (Ctrl+Alt+F7) and the mouse works perfectly, until next time I switch.

I’ll keep experimenting and update this post with my findings, but for now I commend you to think very carefully before purchasing from Aria or Belkin.

Update: I haven’t tried this yet, but according to the fantastic SayNoTo0870 website, it may be possible to reach the Aria technical support team via an 0870 or non-geographical landline number as an alternative to the extortionate 0906 number listed on the website.

Update 2: To make it slightly quicker to fix the mouse in Ubuntu, I’ve created a shell script which runs modprobe whenever I type fixmouse. To make your own, type sudo vi /usr/bin/fixmouse and enter the following lines (press ‘i’ first to enter insert mode):

sudo modprobe -r psmouse
sudo modprobe -a psmouse

Then hit Esc, then ‘w’, then ‘q’ to save your changes and quit the editor. Unfortunately you’ll still have to enter your password unless you have sudo’ed recently or are running in an interactive sudo session.

Update 3: I received my VGA extension and gender changer from Redfish promptly, however the new cable exhibited the same ghosting, as did my old KVM cables and a good-quality shielded VGA cable, although in the latter case it could have been the gender changer that was introducing problems. I’ll try another graphics card in my main PC and see if that solves the problem – I suspect it will, as other computers I’ve tried seem not to exhibit the ghosting issue.

I also noticed that the cables Aria recommended were not the same as Belkin recommend on the box, but that’s probably by the by.

In hindsight, although I’d still hesitate to recommend the Belkin, it’s not a bad unit for the price I paid. However, it is still unlikely that I will be purchasing with Aria again, because their premium-rate support line and over-complicated RMA policy is unacceptable in my eyes.

Update 4: I replaced the FX 5200 card with an ATI Radeon 9250, and the ghosting problem has disappeared. Unfortunately, I’m still getting some noticeable artifacts when I’m using my main machine and one of my other machines (with a Radeon 7500 card) is powered on, but at least it’s more acceptable than constant ghosting.

Royal Mail’s Smart Stamp

I recently heard about Royal Mail’s Smart Stamp Service, which negates the need for physical stamps by allowing users to print their own postage paid envelopes and labels.

Subscription costs £49.99 for a year or £4.99 per month, with a 3 month free trial period currently available. Postage at standard rate is payable on top of this fee.

The service looks well suited to small to medium businesses as an alternative to franking machines, and private users who make heavy use of the postal service; regular Ebayers, for example.

As a very light user of “snail mail”, I can’t justify the cost, but nevertheless had a play with the trial version, which Royal Mail lets you have for free after registering for an account on their site and providing some demographic information. I would post a direct link, but Royal Mail use a custom download wrapper to prevent this.

System requirements are fairly modest – 200MHz CPU, 64MB RAM, 20MB HDD space, 800×600 resolution – but unfortunately Smart Stamp only supports Windows (from 98SE up to XP). It supports laser and inkjet printers of 300dpi or higher resolution (which covers pretty much all modern models) and requires IE 5.01 SP1 or later, as it’s an HTML application (urgh).

Note that while the site specifically lists Windows XP SP1 as supported, the software works fine with SP2. I’d imagine Windows Server 2003 will work too. I’ve not tried running Smart Stamp under Wine in Linux but I suspect that its IE dependencies might complicate the process.

The trial version has the same features as the full version, but partially obscures the “stamp” (a kind of barcode) with a “Specimen” box. UK and overseas postage is supported, and it is possible to customise your envelopes with a slogan or logo, several examples of which are included.

There’s also a diagnostic tool, which requires a ticket number supplied by the Smart Stamp support team (although I just made one up). It spits out a passworded ZIP file – no prizes for spotting the privacy implications!

Further digging around in the software’s installation directory uncovers all the images and HTML code used by the application, and curiously some German-language text files suggesting that Smart Stamp is based on Deutsche Post’s StampIt service.

Extra-geeky observation: I noted that Smart Stamp prints its URL – SmartStamp.co.uk – on all envelopes and labels, but the server in fact requires a leading “www”. Doh!

All in all, it’s an interesting offering, and means that we in the UK now have access to what the US has offered for a long time, with one major difference: we are being charged for the privilege, while the US has traditionally offered discounts to electronic stamp users. I hope to see Smart Stamp re-emerge as a free service once Royal Mail have recouped their costs, and maybe even pass the associated savings on to users. At that point, I suspect that I will not be alone in wanting to give it a go.

However, only time will tell whether Royal Mail have got it right. The software has some good features and looks pretty, but the way it has been implemented with its reliance on IE worries me slightly in terms of security. I fully expect hackers to have a field day with this, and would not be in the least bit surprised if someone manages the defeat the system and get free postage. Just think – spam will be the least of your worries when Smart Stamp is cracked and you have 100 ads for Viagra, penis enlargement, cheap loans and solicitations for Nigerian investments on your doorstep every day ;)

OK, so maybe I’m being a little paranoid, but I can see a number of potential vulnerabilities:

  • Illicitly inflating a Smart Stamp account balance on Royal Mail’s servers, tricking the software into accepting a fake balance or spoofing the link between the local machine and the server to prevent an account being debited
  • Using refunded, used or randomly-generated “e-stamps” in the hope that they will somehow slip through the system unnoticed (are Royal Mail actually scanning every piece of Smart Stamped mail and checking it against their database?)
  • Hacking the software to prevent the trial print function from hiding the stamp, or regenerating the stamp from its human-readable code (this relies on the assumption that trial prints include valid stamps, which could indeed be true as each new document has a new code)
  • Reverse-engineering the stamp generation mechanism to produce arbitrary valid stamps (if Royal Mail don’t check stamps against their records)

Royal Mail will be in trouble if they don’t have effective mechanisms for the prevention and detection of these and another attacks, and prosecuting offenders will prove difficult as the postal system is effectively anonymous.

And of course there are the traditional problems associated with e-commerce: account hijacking and credit card fraud to name but two.

Good luck, Royal Mail…