Reply to post:

Dishwasher has directory traversal bug

Kiwi Silver badge

Add that police, logically enough, typicallly don't prioritize responding to burglar alarms and you have 15-20 minutes to loot.

Even worse.. How many routers damn near automatically trust any access to their config system from inside the local network? These days, how many people are hooking their alarm and camera systems up to said router?

Oh, and there's those nice doorlocks that talk to your phone via bluetooth or the local WiFi (if you're close enough to be on your local net, you're close enough for the door to be unlocked), and other ones that use NFC/RFID.. All of which are configured by a HTML/JS-based app on the device's internal webserver, which of course talks to anything in the localnet IP range...

If you can run arbitrary code on a device linked to the local lan, it's feasible now in a lot of homes that you can take over the security of the home. And heating and other devices as well. Why, you could totally piss the owners off by starting their web-enabled at a time other than when they specified!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020