It’s an IoT nightmare. One that is entirely preventable.

Two researchers have disclosed problems with hundreds of vulnerable services using open APIs and trivial passwords (123456), resulting in a multitude of privacy issues including direct tracking. Further, many of the vulnerable services have open directories exposing logged data.

For some, the discovered and disclosed by Vangelis Stykas (@evstykas) and Michael Gruhn (@0x6d696368) aren’t new. They were disclosed during Kiwicon in 2015 by Lachlan Temple, who demonstrated flaws in a popular car tracking immobilization device.

To read this article in full, please click here



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here