SoylentNews is people
SoylentNews
Submitted via IRC for Bytram
Consumers Urged to Junk Insecure IoT Devices
A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state of IoT security.
More than 2 million connected security cameras, baby monitors and other IoT devices have serious vulnerabilities that have been publicly disclosed for more than two months – yet they are still without a patch or even any vendor response.
Security researcher Paul Marrapese, who disclosed the flaws in April and has yet to hear back from any impacted vendors, is sounding off that consumers throw the devices away. The flaws could enable an attacker to hijack the devices and spy on their owners – or further pivot into the network and carry out more malicious actions.
“I 100 percent suggest that people throw them out,” he told Threatpost in a podcast interview. “I really, I don’t think that there’s going to be any patch for this. The issues are very, very hard to fix, in part because, once a device is shipped with a serial number, you can’t really change that, you can’t really patch that, it’s a physical issue.”
Marrapese said that he sent an initial advisory to device vendors in January, and after coordinating with CERT eventually disclosed the flaws in April due to their severity. However, even in the months after disclosure he has yet to receive any responses from any impacted vendors despite multiple attempts at contact. The incident points to a dire outlook when it comes to security, vendor responsibility, and the IoT market in general, he told Threatpost.
b-b-b-b-but it is still working!
(Score: 3, Interesting) by RS3 on Wednesday June 19 2019, @09:11PM (3 children)
You're preaching to the choir brother! I occasionally get flack for keeping and fixing older things. I just like the way things were made "back in the day"- when people took pride in making quality, before the MBAs took over.
That video gives me a melancholy memory of an awesome toaster we (parents / family) had for 20+ years. Had to fix a few things in it. Even patched the heating elements when they broke. Someone eventually tossed it. Grrrrr.
It had a strong spring, but also had a "dashpot" to bring your toast up slowly. One late night a friend and I decided to disable the dashpot. The next day my mom wanted to know why her toast was on top of the refrigerator. When I finally stopped laughing I put the dashpot back in.
(Score: 2) by takyon on Wednesday June 19 2019, @09:35PM (1 child)
My toaster heats up subsequent toastings more, making them browner or burnt faster. And the toast does not peek out of the top, so I have to reach inside if I'm being lazy or get tongs. This is an example of a consumer appliance that has clearly regressed in functionality.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by RS3 on Wednesday June 19 2019, @10:17PM
Muahahaha, it's all part of a master plan to cull the herds.
But seriously (or was I), I've noticed the springs are so weak I have to lift up on the handle to get the toast (waffle, etc.) high enough to grab. But then it does this thing that almost seems intentional- the mechanism will jamb with the handle all the way at the top. I've taken it apart more than once, to discover there's some kind of mechanical catch, and some kind of handle motion will release it, but it rarely happens and I forget and it's infuriating. They just want you to buy a new IoT toaster. And now even newer ones.
(Score: 2) by Dr Spin on Thursday June 20 2019, @06:51AM
That video gives me a melancholy memory of an awesome toaster we (parents / family) had for 20+ years. Had to fix a few things in it.
But did you update the NetBSD release?
Warning: Opening your mouth may invalidate your brain!