There is no problem that can’t be made worse with a thick layer of software slathered all over it.
So, in summary: it’s a device that infringes my copyright, gives you root access in response to trivial credentials, has access control that depends entirely on nobody ever looking at the packets, is sufficiently poorly implemented that you can crash both it and the bulbs, has a cloud access protocol that has no security whatsoever and also acts as an easy mechanism for people to circumvent your network security. This may be the single worst device I’ve ever bought.
The IoT is turning out to be a weird mix of mild convenience, and catastrophe.
I want that on a T-Shirt.
EDIT: Changed graphic to broken lightbulb.
What, no credit to the original author?! ;_;
I feel my copyright has been violated! ;)
heh heh. I hereby release my pithy parent post under a “do whatever the hell you want” license.
Dang, I forgot to ask you, all this was done in a hurry, at first as a joke. ;)
Do you have a name you’d like it to be attributed to?
The quasi anonymous “lobste.rs/trousers” would be awesome.
Credits added :)
Holy crap, that was fast! Ordering one now! :D
Take a look at this before ordering, we may want to do a group order ;) https://lobste.rs/s/c5r0vh/iot_t-shirt
Ah cool, thanks for the quick reply.
No problem :) I think we get a discount as well for more than 6 orders.
Was it clear to anybody how it infringes the author’s copyright? It didn’t seem as though that part was described in the article.
https://en.wikipedia.org/wiki/Matthew_Garrett I assume he was talking about it running some Linux derivative, as he has contributed code to Linux, without providing source code (eg being in violation of GPL).
That would make sense. Thanks. :)
Just a guess, something to do with the company claiming copyrighting on the API or works using it?
I was confused about that part as well.
Keep this in mind the next time you read a blog-post or magazine article about the glorious future of the Internet of Things.
Welcome to the Internet of Shit.
I use Turd instead, so it nicely has the same acronym.
Turd seems more… bold and tasty. More expressive.
I remember hearing about an internet-connected barbeque grill, which can be turned on by a remote attacker, and thinking that probably nobody will have a house fire caused by these because probably they won’t be very popular.
It did inspire me to coin the term “internet of hubris”, which I’d like to promote here as well. :)
From the article:
The login has some length data, a header of “MQIsdp”, a long bunch of ascii-encoded hex, a username and a password.
I can’t add much here but that’s MQTT and its basic authentication. It’s intended that you wrap that CONNECT with TLS but hey, why the hell bother.
EDIT: Went back and read the article comments, someone else noticed that it’s MQTT and the author confirmed.