I guess the most plausible explanation is incompetence, there wouldn’t be a reason to do this on purpose (a backdoor), right? Since the company could have easily used different credentials per device that they store anyway?
I would rather say ignorance. They just shit on IT-security for the sake of fast product launches.
A slightly similar event happened to Pudu service robots last year August. An auth token that could be used for all their robots.
SnotFlickerman@lemmy.blahaj.zone
on 22 Feb 21:30
collapse
The backend security bug effectively exposed an army of internet-connected robots that, in the wrong hands, could have turned into surveillance tools, all without their owners ever knowing.
Suprise, if it has cameras, microphones, gps, data mapping capabilities and speaks to a server outside of your home it is by definition is a surveillance tool.
All of this has always been predicated on the idea that the surveillance will never be used against you somehow. I don’t know why anyone ever bought into that.
FineCoatMummy@sh.itjust.works
on 22 Feb 22:33
nextcollapse
if it has cameras, microphones, gps, data mapping capabilities and speaks to a server outside of your home
It has also happened with baby monitors. Well, almost endless other IoT devices too. But baby monitors are a particular issue. They have speakers in them too. Attackers were exploiting it and playing very disturbing sounds to cause extreme distress to babies.
Which is why we need to de-normalize this thought process. People should always ask, why does my vacuum need to go online? Or at the very least, can I turn that “feature” off?
threaded - newest
Gosh, their drones are getting banned in the US. This just seems to help their case.
I guess the most plausible explanation is incompetence, there wouldn’t be a reason to do this on purpose (a backdoor), right? Since the company could have easily used different credentials per device that they store anyway?
I would rather say ignorance. They just shit on IT-security for the sake of fast product launches.
A slightly similar event happened to Pudu service robots last year August. An auth token that could be used for all their robots.
Suprise, if it has cameras, microphones, gps, data mapping capabilities and speaks to a server outside of your home it is by definition is a surveillance tool.
All of this has always been predicated on the idea that the surveillance will never be used against you somehow. I don’t know why anyone ever bought into that.
It has also happened with baby monitors. Well, almost endless other IoT devices too. But baby monitors are a particular issue. They have speakers in them too. Attackers were exploiting it and playing very disturbing sounds to cause extreme distress to babies.
Which is why we need to de-normalize this thought process. People should always ask, why does my vacuum need to go online? Or at the very least, can I turn that “feature” off?