While there is some tongue in cheek in the previous post, I would generally tell someone to be careful about loading firmware found off sites that seem to have no purpose but to deliver the one file.
If you examine the download, and compare its content to what HomeSeer is handing out in their firmware upgrades, you will find that no matter how you shift things around, the two files are not the same. Maybe the contents of the files off the website are garbage or maybe they do something, but whatever they do it is not the same as what the HomeSeer firmware is doing.
Looking around online, there is at least one PDF attached to a similar set of files that will just redirect you to one of three malware sites.
Making the assumption the firmware posted is malware for a switch, and if not some will come along at some point, then the question would be “how much damage could someone do?”
User upgrades a bunch of switches and then at a later point the switch get flipped on and off at whatever rate the relay will allow. Odds of some device not appreciating this? I would say decent odds are something would sparkOdds of some device not appreciating this? I would say decent odds are something would spark.
The above scenario would require mischief of malevolence, both of which normally require a personal attachment to the outcome.
More likely? Malware invades home and requires someone to pay a ransom to recover their home. Will the average person pay over doing the tedious and expensive chore of replacing all the devices held hostage in the home? Probably.
Is there a large enough market to support someone building a malware stack to do what I just wrote about? Probably not, but if not today, then tomorrow is more likely.
Looking at the two scenarios I temper my opinion about number one being unlikely mainly because since the dawn of the BBS, so before mass adoption of the Internet, we would see people publish applications which did nothing more then annoy people. It is sadly not out of scope.
Even before I compared the HEX output, the website raised an alarm in me. If someone wanted to just post a file that wouldn’t need to go to the expense of installing a website just to post a file.