Is it just me, or is having ADB exposed physically not that big a deal?
Comment on Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House
Regna@lemmy.world 3 weeks ago
At first I thought ”Well, duh!”, but the manufacturer having a remote kill switch when he network blocked his vacuum from sharing his home map data with them, as well as unprotected root access when connecting to the vacuum… urgh.
pipe01@programming.dev 3 weeks ago
KazuyaDarklight@lemmy.world 3 weeks ago
Tend to agree, security is always the goal but if someone is in my house hacking my vacuum, I have bigger issues. The no-notice remote kill is the bigger issue to me.
subignition@fedia.io 3 weeks ago
The much bigger concern is that the pathway used to send the remote kill command could very easily be utilized by nefarious actors.
krashmo@lemmy.world 3 weeks ago
To do what, wear out one section of carpet faster than the rest of your house?
kylian0087@lemmy.dbzer0.com 3 weeks ago
It is not good. But in most cases just adb doesnt grand root access. That’s just bad.
riskable@programming.dev 3 weeks ago
NO! It’syour device, you should have root! The fact that the manufacturer gives their product owners root is a good thing, not bad!
I will die on this fucking hill.
kylian0087@lemmy.dbzer0.com 3 weeks ago
I agree with you. But granting root straight from adb with 0 auth is not good.
Monument@lemmy.sdf.org 3 weeks ago
A few years ago I noticed an annoyance with a soundbar I had. After allowing it onto my WiFi network so we could stream music to it, it still broadcast the setup WiFi network.
While dorking around one day, I ran a port scan on my network the soundbar reported the port was open. I was able to log in as root and no password.
After a moment of “huh, that’s terrible security.” I connected to the (publicly open) setup network and successfully logged into ssh and copied the wpa_supplicant.conf file from the device and verified it had my WiFi info available to anyone with at least my mediocre skill level, and factory reset the device, never to entrust it with credentials again.givesomefucks@lemmy.world 3 weeks ago
At first I thought ”Well, duh!”
There was an ARS article years ago about it…
justsomeguy@lemmy.world 3 weeks ago
All crappy IoT devices ever made. They aren’t used in bot nets all the time because hackers like the challenge of hacking them so much. Security simply isn’t a priority.
Xerxos@lemmy.ml 3 weeks ago
The ‘S’ on IoT stands for security!
SatansMaggotyCumFart@piefed.world 3 weeks ago
There isn’t an s in IoT silly.
Alfaspyke@lemmy.zip 3 weeks ago
Woosh? Either Yours or mine :)
Arcane2077@sh.itjust.works 3 weeks ago
I keep seeing you everywhere and the only reason I won’t block you is because of your username brightening my day every time I see it. Curse you!