Home devices have a few open doors ;)

“I was surprised to see so many ports open so I started to do some research and found that these devices have an undocumented (and amazingly unsecured) API”

@jwildeboer is any of this news? You can do all of this from the app without authenticating...

@finn it’s not news. But it’s also not fixed since years. You can factory reset devices, disable all notifications (that includes alarms, AFAICS) this way. Without any authentication. Combine that with hotels deploying these devices in all rooms and I think it becomes a bit more of a problem.

@jwildeboer How is that a problem? Presumably a hotel deployment like the one you linked would have proper client isolation, if not that's a larger problem.

@finn I think you just answered yourself ;) In a lot of real world hotel setups client isolation is not a given. Try an nmap next time, it’ll be fun! Max I see is that they use 192.168.x.0/24s per floor where x is the floor number :)

@jwildeboer okay, I'm still not sure why this is a Google Home problem.

@jwildeboer brb, going to protect people from themselves by stopping their google devices connecting to the internet ;)

@jwildeboer yeah, I found this out last month when I opened chrome developer tools and it prompted me to connect to the google home devices on my work network.

@jwildeboer Umm, no one on my network would do such a thin g except me. actually, no one who shares my network could.

@jwildeboer gave this link to someone (a tor user) and they complained that the site is behind cloudflare
Sign in to participate in the conversation

Mastodon instance for people with Wildeboer as their last name