[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Notes from the Internet of THings
Some interesting quotes from the article. Xed out the name of the company in the quotes since I think this may be a typical example and not a particular manufacturer's practice. http://www.securityweek.com/serious-vulnerabilities-found-wireless-thermosta ts "A quick search performed by the researcher using the Shodan search engine revealed that there are roughly 7,000 accessible thermostats" "Furthermore, the default PIN required to access the system from a smartphone or a tablet is "1234." Even if this PIN is changed by the user, because there is no rate limiting or lockout on port 8068, an attacker could easily perform a brute-force attack considering that there are only 9,999 combinations." ..."anyone using the same IP address as the device's owner can access the thermostat simply by visiting its administration page, without the need for login credentials" "...a firmware update requires a special programmer from [xxxx], and the process involves taking the device apart," ".....company says it has started contacting customers and advising them to close port 80 on their thermostat." "....is not the first researcher to find security issues in Wi-Fi thermostats from [xxxxx]. In January 2013, [xxx] reported similar vulnerabilities to the company, but his notifications had not been taken seriously.