The internet of things that shouldn't be on the internet

Laptops, Notebooks, Smartphones and Networking

Moderator: Moderators

Post Reply
User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4943
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Sun Apr 14, 2019 12:11 am

Princeton have made available a tool (currently macOS only) for figuring out what your IoT devices are talking to:

https://iot-inspector.princeton.edu/
- An open-source desktop tool with a one-click install process
- Automatically discovers IoT devices and analyzes their network traffic
- Helps you identify security and privacy issues with graphs and tables
- Requires minimal technical skills and no special hardware
Note that using it means you'll be sharing data about your IoT devices with Princeton's research team
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4943
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Mon Apr 15, 2019 12:47 pm

https://www.troyhunt.com/how-to-track-y ... ack-watch/
Keep that exploit in mind - insecure direct object references are as simple as taking a URL like this:

example.com/get-kids-location?kid-id=27

And changing it to this:

example.com/get-kids-location?kid-id=28
In other words, don't let parental paranoia convince you to buy one of these tracking watches.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4943
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Mon Apr 29, 2019 9:52 pm

Of course smart locks are capturing all sorts of data:

https://onezero.medium.com/americas-fav ... 9169a8ab2e
The CEO confirmed landlords can see data regarding access events for systems in common areas. This is one of the main grievances raised in the lawsuit currently unfolding in a rent-regulated building in the Hell’s Kitchen area of Manhattan, where tenants say Latch is tracking them as part of a pattern of harassment by the owners to push them out of their apartments so they can rent them at market rate.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4943
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Thu May 02, 2019 1:35 pm

https://www.vox.com/the-goods/2019/5/2/ ... t-poop-pee
Over the past several years, a patchwork of tech and personal care companies have plunged millions of dollars into a race to control the baby product of the future: smartphone-enabled diapers.
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4943
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Tue Jul 02, 2019 2:14 pm

https://techcrunch.com/2019/07/02/smart ... ock-doors/
When is a smart home not so smart? When it can be hacked.

That’s exactly what security researchers Chase Dardaman and Jason Wheeler did with one of the Zipato smart hubs. In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which when chained together could be abused to open a front door with a smart lock.
Water cooled clay

Post Reply