The internet of things that shouldn't be on the internet

Laptops, Notebooks, Smartphones and Networking

Moderator: Moderators

Post Reply
User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4717
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Thu Jan 10, 2019 10:23 pm

https://www.androidpolice.com/2019/01/1 ... employees/
Reportedly, only a customer's email address was required to watch cameras from that person's home. The Intercept's source said, "if [someone] knew a reporter or competitor’s email address, [they] could view all their cameras." Low-level employees allegedly still had access to user information and videos as early as October 2018.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4717
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Fri Jan 11, 2019 12:11 am

This whole thread of "smart"stuff found at CES is hilarious
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4717
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Tue Jan 29, 2019 3:33 am

This is a great analysis of a developing trend, and the threats around it. It started when the author found out the locks in her apartment building were going to be replaced with "smart" locks:

https://tisiphone.net/2019/01/28/securi ... oes-smart/
If you’re a tenant in the US, it’s very likely that a management-provided smart home system is headed your way in the near future. Carefully evaluate your family’s personal threat model, and consider the plausible digital ways which these systems could be exploited.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4717
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Wed Jan 30, 2019 11:53 pm

https://mobilesyrup.com/2019/01/30/lifx ... edentials/
the LIFX bulb stores the Wi-Fi credentials in plaintext on its flash storage. Further, the bulb stores unencrypted RSA encryption keys — commonly used in establishing secure SSL or TSL network connections — on the flash storage.
So, recycling those smart light bulbs might not be the best idea.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4717
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Thu Feb 14, 2019 6:55 pm

https://theintercept.com/2019/02/14/ama ... veillance/
A Ring video that appears to have been produced for police reveals that the company has gone out of its way to build a bespoke portal for law enforcement officers who want access to the enormous volume of residential surveillance footage generated by customers’ cameras.
Customers do have to opt-in, but no warrant is needed to access the footage :-$
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4717
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Tue Feb 19, 2019 2:06 am

Today I learned a "smart" basketball has been on sale for a few years. Only it's about to lose it's smarts:
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4717
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Thu Feb 21, 2019 6:09 pm

https://arstechnica.com/gadgets/2019/02 ... -sneakers/
Calling a smart shoe that can't use its smart features a "brick" might seem a little extreme, but keep in mind, with no manual laces, you need to trigger the self lacing feature to tighten the shoes around your feet. If the firmware update fails and you can't lace up your shoes anymore, they are kind of useless as shoes.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4717
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Sun Mar 10, 2019 2:26 pm

https://www.bbc.com/news/technology-47485731
Security flaws in three specialist car alarms have left vehicles vulnerable to being stolen or hijacked, say researchers.

The bugs were found in alarm apps by Clifford, Viper, and Pandora. The alarms are on three million vehicles.

The security researchers exploited the bugs to activate car alarms, unlock a vehicle's doors and start the engine via an insecure app.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4717
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Tue Apr 09, 2019 2:26 am

https://www.marketplace.org/2019/03/05/ ... apartments
In January 2019, security researcher and blogger Lesley Carhart got a letter from her landlord saying their building was getting internet-connected door locks. Her response was, “No, thank you.” Host Molly Wood talked with Carhart about the big business of smart apartments. The following is an edited transcript of their conversation.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4717
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Tue Apr 09, 2019 10:32 pm

https://arstechnica.com/information-tec ... t-devices/
Researchers at Palo Alto Networks’ Unit 42 security research unit have published details of new samples of the Mirai botnet discovered in late February. The new versions of the botnet malware targeted Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors. These processors are used on a wide range of embedded systems, including routers, networked sensors, base band radios for cellular communications and digital signal processors.
Water cooled clay

Post Reply