ROTF! IMAGINE if the IoT didn't like Demoncrats!
"An anonymous reader writes from a report via Softpedia: > There is an insecure IoT smart electrical socket on the market that leaks > your Wi-Fi password, your email credentials (if configured), and is also > poorly coded, allowing attackers to hijack the device via a simple command > injection in the password field. Researchers say that because of the nature > of the flaws, attackers can overwrite its firmware and add the device to a > botnet, possibly using it for DDoS attacks, among other things. Bitdefender > didn't reveal the device's manufacturer but said the vendor is working on a > fix, which will be released in late Q3 2016. Problems with the device include > a lack of encryption for device communications and the lack of any basic > input sanitization for the password field "Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the internet and bypass the limitations of the network address translation," says Alexandru Balan, Chief Security Researcher at Bitdefender. "This is a serious vulnerability, we could see botnets made up of these power outlets." Links etc: https://news.slashdot.org/story/16/08/18/2231244/smart-electrical-socket-leaks-your-email-address-can-launch-ddos-attacks
signature.asc
Description: OpenPGP digital signature
