"Smart" electrical outlets stealing passwords, 'helping the Russians' botnet the DNC

Razer rayzer at riseup.net
Fri Aug 19 10:04:08 PDT 2016


ROTF! IMAGINE if the IoT didn't like Demoncrats!


"An anonymous reader writes from a report via Softpedia:

> There is an insecure IoT smart electrical socket on the market that leaks your Wi-Fi password, your email credentials (if configured), and is also poorly coded, allowing attackers to hijack the device via a simple command injection in the password field. Researchers say that because of the nature of the flaws, attackers can overwrite its firmware and add the device to a botnet, possibly using it for DDoS attacks, among other things. Bitdefender didn't reveal the device's manufacturer but said the vendor is working on a fix, which will be released in late Q3 2016. Problems with the device include a lack of encryption for device communications and the lack of any basic input sanitization for the password field


"Up until now most IoT vulnerabilities could be exploited only in the
proximity of the smart home they were serving, however, this flaw allows
hackers to control devices over the internet and bypass the limitations
of the network address translation," says Alexandru Balan, Chief
Security Researcher at Bitdefender. "This is a serious vulnerability, we
could see botnets made up of these power outlets."


Links etc:
https://news.slashdot.org/story/16/08/18/2231244/smart-electrical-socket-leaks-your-email-address-can-launch-ddos-attacks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20160819/5ea85b56/attachment-0002.sig>


More information about the cypherpunks mailing list