OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

obix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Notes from the Internet of THings

Some interesting quotes from the article.  Xed out the name of the company
in the quotes since I think this may be a typical example and not a
particular  manufacturer's practice.

"A quick search performed by the researcher using the Shodan search engine
revealed that there are roughly 7,000 accessible thermostats"

"Furthermore, the default PIN required to access the system from a
smartphone or a tablet is "1234." Even if this PIN is changed by the user,
because there is no rate limiting or lockout on port 8068, an attacker could
easily perform a brute-force attack considering that there are only 9,999

..."anyone using the same IP address as the device's owner can access the
thermostat simply by visiting its administration page, without the need for
login credentials"

"...a firmware update requires a special programmer from [xxxx], and the
process involves taking the device apart,"

".....company says it has started contacting customers and advising them to
close port 80 on their thermostat."

"....is not the first researcher to find security issues in Wi-Fi
thermostats from [xxxxx]. In January 2013, [xxx] reported similar
vulnerabilities to the company, but his notifications had not been taken

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]