Home devices have a few open doors ;)

“I was surprised to see so many ports open so I started to do some research and found that these devices have an undocumented (and amazingly unsecured) API”


@jwildeboer is any of this news? You can do all of this from the app without authenticating...

@finn it’s not news. But it’s also not fixed since years. You can factory reset devices, disable all notifications (that includes alarms, AFAICS) this way. Without any authentication. Combine that with hotels deploying these devices in all rooms and I think it becomes a bit more of a problem. zafiro.tv/blog/2017/11/16/chro

@jwildeboer How is that a problem? Presumably a hotel deployment like the one you linked would have proper client isolation, if not that's a larger problem.


@finn I think you just answered yourself ;) In a lot of real world hotel setups client isolation is not a given. Try an nmap next time, it’ll be fun! Max I see is that they use 192.168.x.0/24s per floor where x is the floor number :)

· Tootle for Mastodon · 1 · 0 · 0

@jwildeboer okay, I'm still not sure why this is a Google Home problem.

Sign in to participate in the conversation

Mastodon instance for people with Wildeboer as their last name