fedops 💙💛Oct 27

You're a door lock. You have one job.

#ioshit

https://www.heise.de/en/news/Ubiquiti-UniFi-Access-Attackers-can-gain-unauthorized-access-10901192.html

Ubiquiti UniFi Access: Attackers can gain unauthorized access

A critical security vulnerability exists in Ubiquiti's UniFi Door Access, allowing attackers unauthorized access.

heise online
nicoOct 23
[lien] Le crash d'AWS en a empéché certains de dormir - Liens en vrac de sebsauvage #ioshit #cloud #gik #aws #net #wtf #cho
Le crash d’AWS en a empéché certains de dormir

A moins de vivre dans une zone loin de toute actualité, vous avez sans doute entendu parler du crash d'AWS. Le système d'hébergement d'Amazon a mis la pagaille dans le trafic internet mondial en em...

MiniMachines.net
nicoSep 20
[lien] Hate smart home ads? Stop buying stuff that doesn't need a screen - Android Authority #ioshit #gik #ads
If you don't want ads everywhere, stop buying things with screens that don't need them

Samsung's in hot water over plans to serve ads to its smart home fridges, but what did you think was going to do with all that screen space?

Android Authority
nicoSep 19
[lien] Meta CTO explains why the smart glasses demos failed at Meta Connect — and it wasn't the Wi-Fi | TechCrunch #ioshit #zuck #gik #net #wtf
Meta CTO explains why the smart glasses demos failed at Meta Connect — and it wasn't the Wi-Fi | TechCrunch

Meta CTO Andrew Bosworth offered a postmortem on Meta's demo fails this week at its developer conference, where it showed off new smart glasses.

TechCrunch
nicoJul 15, 2025
[lien] Cameradar - L'outil qui trouve et accède aux caméras de surveillance mal sécurisées | Open source | Le site de Korben #security #privacy #chroot #ioshit #gik #net
nicoJun 10, 2025
[lien] 40,000 IoT Cameras Worldwide Stream Secrets To Anyone With a Browser - Slashdot #privacy #ioshit #gik #net
40,000 IoT Cameras Worldwide Stream Secrets To Anyone With a Browser - Slashdot

Connor Jones reports via The Register: Security researchers managed to access the live feeds of 40,000 internet-connected cameras worldwide and they may have only scratched the surface of what's possible. Supporting the bulletin issued by the Department of Homeland Security (DHS) earlier this year,...

Benjamin Carr, Ph.D. 👨🏻‍💻🧬May 22, 2024

Two students find #security bug that could let millions do #laundry for free

Two #SantaCruz students uncover #securitybug that could let millions do their laundry for free
#CSCServiceWorks provides laundry machines to thousands of residential homes and universities, but the company ignored requests to fix a security bug.

Who could have seen a free laundry #exploit for internet-connected laundry machines coming?
https://techcrunch.com/2024/05/17/csc-serviceworks-free-laundry-million-machines/
#IoT #IoShit

EXCLUSIVE: Two students uncover security bug that could let millions do their laundry for free

Laundry services giant CSC ServiceWorks belatedly apologized and thanked the security researchers after ignoring a security flaw for months.

TechCrunch
inks.tedunangst.comFeb 8, 2023

https://www.nist.gov/news-events/news/2023/02/nist-selects-lightweight-cryptography-algorithms-protect-small-devices

The winner, a group of cryptographic algorithms called Ascon, will be published as NIST’s lightweight cryptography standard later in 2023. The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators. They are also designed for other miniature technologies such as implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles. Devices like these need “lightweight cryptography” — protection that uses the limited amount of electronic resources they possess.

#crypto #ioshit #standard

NIST Selects ‘Lightweight Cryptography’ Algorithms to Protect Small Devices

The algorithms are designed to protect data created and transmitted by the Internet of Things and other small electronics

NIST
inks.tedunangst.comJan 22, 2021

https://medium.com/realmodelabs/kindledrip-from-your-kindles-email-address-to-using-your-credit-card-bb93dbfb2a08

Some time ago, we noticed at Realmode Labs that Amazon Kindle has an interesting feature called “Send to Kindle”. This feature allows Kindle users to send e-books to their device as email attachments. We immediately thought of the potential security concerns of this feature: what if we can send malicious e-books to unsuspecting users?

#email #exploit #ioshit #malware #security

inks.tedunangst.comJul 18, 2020

https://www.theregister.com/2020/07/18/samsung_bluray_mass_dieoff_explained/

> This file, when fetched and saved to the device’s flash storage and processed by the equipment, crashed the system software and force a reboot. Upon reboot, the player parsed the XML file again from its flash storage, crashed and rebooted again. And so on, and so on, and so on. Crucially, the XML file would be parsed before a new one could be fetched from the internet, so once the bad configuration file was fetched and stored by these particular Samsung Blu-ray players in the field, they were bricked.

#bugfix #ioshit