Comment

Comment on Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House

At first I thought ”Well, duh!”, but the manufacturer having a remote kill switch when he network blocked his vacuum from sharing his home map data with them, as well as unprotected root access when connecting to the vacuum… urgh.

source

Sort:hotnew top

justsomeguy@lemmy.world ⁨2⁩ ⁨months⁩ ago
All crappy IoT devices ever made. They aren’t used in bot nets all the time because hackers like the challenge of hacking them so much. Security simply isn’t a priority.

source
- Xerxos@lemmy.ml ⁨2⁩ ⁨months⁩ ago
  The ‘S’ on IoT stands for security!
  
  source
  - SatansMaggotyCumFart@piefed.world ⁨2⁩ ⁨months⁩ ago
    There isn’t an s in IoT silly.
    
    source
    Alfaspyke@lemmy.zip ⁨2⁩ ⁨months⁩ ago
    Woosh? Either Yours or mine :)
    
    source
    Arcane2077@sh.itjust.works ⁨2⁩ ⁨months⁩ ago
    I keep seeing you everywhere and the only reason I won’t block you is because of your username brightening my day every time I see it. Curse you!
    
    source
    -> View More Comments
pipe01@programming.dev ⁨2⁩ ⁨months⁩ ago
Is it just me, or is having ADB exposed physically not that big a deal?

source
- KazuyaDarklight@lemmy.world ⁨2⁩ ⁨months⁩ ago
  Tend to agree, security is always the goal but if someone is in my house hacking my vacuum, I have bigger issues. The no-notice remote kill is the bigger issue to me.
  
  source
  - subignition@fedia.io ⁨2⁩ ⁨months⁩ ago
    The much bigger concern is that the pathway used to send the remote kill command could very easily be utilized by nefarious actors.
    
    source
    krashmo@lemmy.world ⁨2⁩ ⁨months⁩ ago
    To do what, wear out one section of carpet faster than the rest of your house?
    
    source
    -> View More Comments
- kylian0087@lemmy.dbzer0.com ⁨2⁩ ⁨months⁩ ago
  It is not good. But in most cases just adb doesnt grand root access. That’s just bad.
  
  source
  - riskable@programming.dev ⁨2⁩ ⁨months⁩ ago
    NO! It’syour device, you should have root! The fact that the manufacturer gives their product owners root is a good thing, not bad!
    
    I will die on this fucking hill.
    
    source
    kylian0087@lemmy.dbzer0.com ⁨2⁩ ⁨months⁩ ago
    I agree with you. But granting root straight from adb with 0 auth is not good.
    
    source
    -> View More Comments
Monument@lemmy.sdf.org ⁨2⁩ ⁨months⁩ ago
A few years ago I noticed an annoyance with a soundbar I had. After allowing it onto my WiFi network so we could stream music to it, it still broadcast the setup WiFi network.

While dorking around one day, I ran a port scan on my network the soundbar reported the port was open. I was able to log in as root and no password.
After a moment of “huh, that’s terrible security.” I connected to the (publicly open) setup network and successfully logged into ssh and copied the wpa_supplicant.conf file from the device and verified it had my WiFi info available to anyone with at least my mediocre skill level, and factory reset the device, never to entrust it with credentials again.

source
givesomefucks@lemmy.world ⁨2⁩ ⁨months⁩ ago

At first I thought ”Well, duh!”

There was an ARS article years ago about it…

source