Sign in / up

back to article Boffins find hundreds of thousands of woefully insecure IoT devices

More than 140,000 internet-of-things devices, from routers to CCTV systems contain zero-day vulnerabilities, backdoors, hard coded crackable passwords and blurted private keys, according to the first large scale analysis of firmware in embedded devices. Four researchers from EURECOM France found the flaws when conducting a …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    >internet-of-things devices, from routers to CCTV systems contain

    Since when did routers and IP CCTV cameras become "IoT" devices?

    3 1 Reply
    1. VinceH
      Reply Icon

      "Since when did routers and IP CCTV cameras become "IoT" devices?"

      They're "things" and they're connected to networks/the internet - just like your computer.

      Which is why IoT is such a stupid term.

      3 0 Reply
  2. Nate Amsden

    just wait

    till we get this "smart grid" bullshit, it will make these security bugs look like I don't know pretty trivial by comparison.

    3 0 Reply
  3. John Smith 19 Gold badge
    Unhappy

    The IoT. All the s**t development practices of the real internet

    baked into potentially life threatening hardware.

    How could a fellow possibly resist signing up for such a delightful package?

    And remember this is a small team with limited resources just trying to prove a point.

    Think what happens when someone decides to do it for the money.

    "Dear Siemens/Hotpoint/Zanussi unless the sum of 10 euros per machine is paid to us we will use the security flaws we have discovered in your appliances to destroy or disable them permanently.

    A hacker collective."

    Welcome to the future.

    7 0 Reply
    1. Stevie
      Reply Icon

      Re: The IoT. All the s**t development practices of the real internet

      All your lightbulb are belong to us.

      3 0 Reply
      1. John Smith 19 Gold badge
        Reply Icon
        Unhappy

        "All your lightbulb are belong to us."

        Exactly*

        *Note I'm not advocating anyone do this, merely that if the IoT expands without security, privacy and access control built into the architecture of the products (and their controllers) this is simply inevitable given human greed.

        It'll just be (to some) another money making opportunity.

        0 0 Reply
  4. Sanctimonious Prick
    Coat

    Minimum

    What is the absolute minimum number to be considered to be in the hundreds of thousands? :D

    1 0 Reply
    1. QuietLeni
      Reply Icon

      Re: Minimum

      200,000? Literally?

      1 0 Reply
      1. John G Imrie
        Reply Icon
        Headmaster

        Surly...

        200,001 as he asked for in the hundreds of thousands, not on the boarder of hundreds of thousands.

        Icon chosen as it's the only pedant available.

        2 1 Reply
        1. QuietLeni
          Reply Icon
          Headmaster

          Re: Surly... (or Surely?)

          Hmm. He did ask for the absolute minimum number. There are two "one-hundred thousands" in 200,000, thereby satisfying the criteria and 200,001 is more than the absolution minimum.

          2 0 Reply
    2. Trigonoceps occipitalis
      Reply Icon

      Re: Minimum

      one and a half cup?

      one and a half cups?

      Ergo the minmum is 100,101

      (For those more pedantic than me, 100,100.001 - insert as many "0" after the decimal point as you like.)

      1 1 Reply
  5. Anonymous Coward
    Anonymous Coward

    hmm

    not so much "contraptions" as "compcraptions"

    1 0 Reply
  6. -tim

    Internet of Things?

    Maybe something more along the lines of Internet Devices ____ of Things would be more appropriate?

    0 0 Reply
  7. Eddy Ito

    Once again proving that consumer grade kit isn't worth the hardware it's built from and I'd wager some "commercial grade" kit is just the same thing with a higher price. It's also why I keep a virtual BSD firewall on my laptop for when I'm traveling and don't know what kit I may need to connect through at the hotel or company I'm at.

    0 0 Reply
  8. 4ecks

    I refer to my previous post exactly 1 year ago....

    http://forums.theregister.co.uk/forum/1/2011/08/18/linux_kernel_long_term_support/

    Doesn't allow for the stupidity of hard-coded passwords though!

    0 0 Reply
  9. Stevie

    Bah!

    Oh my god I did not see that coming (through my needlessly internet connected binoculars).

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like