+ Reply to Thread
Page 1 of 2 1 2 LastLast
Posts 1 to 10 of 14

Thread: IoT weakness

  1. #1

    I live on CUK

    vetran is always on top

    vetran's Avatar
    Join Date
    Jul 2005
    Location
    Come Friendly Bombs
    Posts
    26,099
    Thanks (Given)
    707
    Thanks (Received)
    2462
    Likes (Given)
    6138
    Likes (Received)
    5144

    Default IoT weakness

    Half Baked IoT Stove Could Be Used As A Remote Controlled Arson Device | Hackaday

    [Pen Test Partners] have found some really scary vulnerabilities in AGA range cookers. They are connected by SMS by which a mobile app sends an unauthenticated SMS to the AGA to give it commands for instance preheat the oven, You can also just tell your AGA to turn everything on at once.

    The problem is with the web interface; it allows an attacker to check if a user’s cell phone is already registered, allowing for a slow but effective enumeration attack. Once the attacker finds a registered device, all they need to do is send an SMS, as messages are not authenticated by the cooker, neither is the SIM card set up to send the messages validated when registered.
    You could burn half of Islington down!
    "If you didn't do anything that wasn't good for you it would be a very dull life. What are you gonna do? Everything that is pleasant in life is dangerous."

    I want to see the hand of history on his collar.

  2. #2

    TripleIronDad

    BrilloPad is always on top

    BrilloPad's Avatar
    Join Date
    Aug 2006
    Posts
    94,634
    Thanks (Given)
    18527
    Thanks (Received)
    4939
    Likes (Given)
    18527
    Likes (Received)
    8638

    Default

    Office really hot today. It was reported last night - however night shift do not have internet access so could do nothing until day shift arrived.

    Someone was telling me MBNA Chester heating was controlled from the USA. Great fun with the time difference.
    Katy Perry - don't be afraid to catch feels. Taylor Swift - feels $1 a go.

  3. #3

    TykeLike

    SimonMac is a fount of knowledge

    SimonMac's Avatar
    Join Date
    Aug 2010
    Location
    God's Own Republic Of Yorkshire
    Posts
    21,947
    Thanks (Given)
    224
    Thanks (Received)
    1052
    Likes (Given)
    798
    Likes (Received)
    2876

    Default

    Wasn't there something recently about a similar vulnerability in washing machines?
    “Live a good life. If there are gods and they are just, then they will not care how devout you have been, but will welcome you based on the virtues you have lived by. If there are gods, but unjust, then you should not want to worship them. If there are no gods, then you will be gone, but will have lived a noble life that will live on in the memories of your loved ones.”

    ― Marcus Aurelius

  4. #4

    I live on CUK

    vetran is always on top

    vetran's Avatar
    Join Date
    Jul 2005
    Location
    Come Friendly Bombs
    Posts
    26,099
    Thanks (Given)
    707
    Thanks (Received)
    2462
    Likes (Given)
    6138
    Likes (Received)
    5144

    Default

    Quote Originally Posted by SimonMac View Post
    Wasn't there something recently about a similar vulnerability in washing machines?
    yep kiddies with libraries they don't understand.
    "If you didn't do anything that wasn't good for you it would be a very dull life. What are you gonna do? Everything that is pleasant in life is dangerous."

    I want to see the hand of history on his collar.

  5. #5

    キツネの帽子をかぶる

    WTFH is a fount of knowledge

    WTFH's Avatar
    Join Date
    Nov 2012
    Posts
    8,337
    Thanks (Given)
    8
    Thanks (Received)
    976
    Likes (Given)
    813
    Likes (Received)
    2947

    Default

    The old oil/wood ones don't have any electrics in them, never mind electronics. Great when there's a blackout.
    Strong and Stable Moderation

  6. #6

    Godlike

    original PM - scorchio!

    original PM's Avatar
    Join Date
    Apr 2008
    Location
    Cheshire
    Posts
    8,525
    Thanks (Given)
    21
    Thanks (Received)
    257
    Likes (Given)
    67
    Likes (Received)
    1164

    Default

    another reason why the IoT is just pretty dumb and pointless!

  7. #7

    Godlike

    barrydidit - scorchio!

    barrydidit's Avatar
    Join Date
    Oct 2012
    Location
    at the end of my tether
    Posts
    6,416
    Thanks (Given)
    363
    Thanks (Received)
    450
    Likes (Given)
    1601
    Likes (Received)
    2360

    Default

    Quote Originally Posted by SimonMac View Post
    Wasn't there something recently about a similar vulnerability in washing machines?
    And a dildo.

  8. #8

    Godlike

    northernladyuk - scorchio!

    northernladyuk's Avatar
    Join Date
    Nov 2011
    Location
    Working the streets of your imagination
    Posts
    5,298
    Thanks (Given)
    667
    Thanks (Received)
    363
    Likes (Given)
    292
    Likes (Received)
    1568

    Default

    Quote Originally Posted by original PM View Post
    another reason why the IoT is just pretty dumb and pointless!
    Another reason why original PM is just pretty dumb and pointless!
    Where there's muck there's brass.

  9. #9

    Super poster

    bobspud 's job has never been outsourced


    Join Date
    Jan 2009
    Posts
    3,095
    Thanks (Given)
    159
    Thanks (Received)
    80
    Likes (Given)
    826
    Likes (Received)
    412

    Default

    Yep IoT is a bloody nightmare and most organisations are not even remotely aware how ****ed they are.

  10. #10

    Godlike

    Paddy is NOT a disguised employee

    Paddy's Avatar
    Join Date
    Jul 2006
    Posts
    8,462
    Thanks (Given)
    56
    Thanks (Received)
    144
    Likes (Given)
    250
    Likes (Received)
    463

    Default

    How about a Wifi toilet paper dispenser. Instructions on how to download the app behind the toilet door.
    Brexitentropy...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Content Relevant URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.