The internet of things that shouldn't be on the internet

Laptops, Notebooks, Smartphones and Networking

Moderator: Moderators

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4536
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Thu Jan 10, 2019 10:23 pm

https://www.androidpolice.com/2019/01/1 ... employees/
Reportedly, only a customer's email address was required to watch cameras from that person's home. The Intercept's source said, "if [someone] knew a reporter or competitor’s email address, [they] could view all their cameras." Low-level employees allegedly still had access to user information and videos as early as October 2018.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4536
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Fri Jan 11, 2019 12:11 am

This whole thread of "smart"stuff found at CES is hilarious
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4536
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Tue Jan 29, 2019 3:33 am

This is a great analysis of a developing trend, and the threats around it. It started when the author found out the locks in her apartment building were going to be replaced with "smart" locks:

https://tisiphone.net/2019/01/28/securi ... oes-smart/
If you’re a tenant in the US, it’s very likely that a management-provided smart home system is headed your way in the near future. Carefully evaluate your family’s personal threat model, and consider the plausible digital ways which these systems could be exploited.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4536
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Wed Jan 30, 2019 11:53 pm

https://mobilesyrup.com/2019/01/30/lifx ... edentials/
the LIFX bulb stores the Wi-Fi credentials in plaintext on its flash storage. Further, the bulb stores unencrypted RSA encryption keys — commonly used in establishing secure SSL or TSL network connections — on the flash storage.
So, recycling those smart light bulbs might not be the best idea.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4536
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Thu Feb 14, 2019 6:55 pm

https://theintercept.com/2019/02/14/ama ... veillance/
A Ring video that appears to have been produced for police reveals that the company has gone out of its way to build a bespoke portal for law enforcement officers who want access to the enormous volume of residential surveillance footage generated by customers’ cameras.
Customers do have to opt-in, but no warrant is needed to access the footage :-$
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4536
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Tue Feb 19, 2019 2:06 am

Today I learned a "smart" basketball has been on sale for a few years. Only it's about to lose it's smarts:
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4536
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Thu Feb 21, 2019 6:09 pm

https://arstechnica.com/gadgets/2019/02 ... -sneakers/
Calling a smart shoe that can't use its smart features a "brick" might seem a little extreme, but keep in mind, with no manual laces, you need to trigger the self lacing feature to tighten the shoes around your feet. If the firmware update fails and you can't lace up your shoes anymore, they are kind of useless as shoes.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4536
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Sun Mar 10, 2019 2:26 pm

https://www.bbc.com/news/technology-47485731
Security flaws in three specialist car alarms have left vehicles vulnerable to being stolen or hijacked, say researchers.

The bugs were found in alarm apps by Clifford, Viper, and Pandora. The alarms are on three million vehicles.

The security researchers exploited the bugs to activate car alarms, unlock a vehicle's doors and start the engine via an insecure app.
Water cooled clay

Post Reply