Hacker News new | past | comments | ask | show | jobs | submit login

> I get that privacy is important, but I'm struggling to understand why I'm supposed to care about a company logging data on the temperature of the beef I'm cooking. If they want to badly enough to secretly add telemetry code and not tell me? Great, have fun. Enjoy. I'll not lose any sleep over it.

as we learn time and time again with this kind of thing, the scary things don't come from the data and metrics that they want, the scary things come as a form of collateral damage that occurs when the company does whatever they have to do in order to harvest the metrics that they're interested in.

Here's a devils' advocate leap that isn't too far from the realities of IoT devices: Company X's telemetry function is broken, allowing arbitrary remote code execution. The IoT device receives a command that causes property or personal damage -- or it becomes a node in a much larger destructive network.

These things happen when features get packed in faster than the security can follow.

Yeah, yeah, the Weber product is just a thermometer. It can still be a node in a malicious network, given attacker incentive.

This is a poor example -- it's an interface that accepted and expected inputs -- but I think it serves as a good example of IoT doing security wrong.

https://www.wired.com/story/snoo-smart-bassinet-vulnerabilit...






Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: