
Journey over Unsecured IoT Devices with Kamerka - achillean
https://medium.com/@woj_ciech/journey-over-unsecured-iot-devices-with-kamerka-rtsp-and-mqtt-aba98839574
======
Havoc
Busy looking at IOT for home automation purposes at the moment. Whole
ecosystem looks quite shaky in that regard

e.g. IOTs that will happily accept commands from anything on the local net.

Yesterday I was surprised my hass.io could control a tp link power plug...I
never gave it any auth...it just scanned the lan for things to control

~~~
liability
Simple implementation, convienent UX, secure; pick two.

(Its not necessarily true, but tons of engineers assume its true. Hence, when
making a low-cost product for home consumers, security is purposefully
neglected.)

------
xenospn
I make IoT devices and everything I do is closed by default. You want to
reprogram it? Hard reset the hardware physically by removing the battery and
then you need to know the exact GATT UUIDs and acceptable values to do
anything.

