Reply to post: Re: "...open a remote management mobile app while on a poorly secured coffee shop Wi-Fi network"

If you haven't updated your ThroughTek DVR since 2018 do so now, warns Mandiant as critical vuln surfaces

FlamingDeath Silver badge

Re: "...open a remote management mobile app while on a poorly secured coffee shop Wi-Fi network"

Coffee shop:

Nothing wrong with that, so long as they know what they're doing, such manually specifying the DNS servers they're going to use, and sending data via an encrypted tunnel (VPN, SSH, etc), preferably on a service which has 2FA built into the authentication

(DVR / Cameras)

I suspect these (L)users just plug the device in and voila UPNP enabled router opens ports up, included also is an API horrorshow? as part of the registration?

I've read about some of these ill-thought out API systems, dude buys camera, registers it, then sends it back for refund, they dont want it anymore for whatever reason. consumers rights etc. Another dude buys the same camera that was returned, the previous owner can now see inside the new owners home via their "account", but the new owner has no idea, its also registered to his account. In other words the software engineers didnt bother to think about this very highly likely scenario

Literally the most stupid people are allowed to design IoT products, and more

Wired systems:

Definitely and where possible also with 802.1x wired authentication

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon