The internet of things that shouldn't be on the internet

Laptops, Notebooks, Smartphones and Networking

Moderator: Moderators

Post Reply
User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4642
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Sun Apr 14, 2019 12:11 am

Princeton have made available a tool (currently macOS only) for figuring out what your IoT devices are talking to:

https://iot-inspector.princeton.edu/
- An open-source desktop tool with a one-click install process
- Automatically discovers IoT devices and analyzes their network traffic
- Helps you identify security and privacy issues with graphs and tables
- Requires minimal technical skills and no special hardware
Note that using it means you'll be sharing data about your IoT devices with Princeton's research team
Water cooled clay

User avatar
thegrommit
Ultra nForced
Ultra nForced
Posts: 4642
Joined: Sat Aug 02, 2003 1:24 am

Re: The internet of things that shouldn't be on the internet

Post by thegrommit » Mon Apr 15, 2019 12:47 pm

https://www.troyhunt.com/how-to-track-y ... ack-watch/
Keep that exploit in mind - insecure direct object references are as simple as taking a URL like this:

example.com/get-kids-location?kid-id=27

And changing it to this:

example.com/get-kids-location?kid-id=28
In other words, don't let parental paranoia convince you to buy one of these tracking watches.
Water cooled clay

Post Reply