Sure, sure… All that stuff has good sec…oops…
Sammy Azdoufal used Claude Code to build an app to link his brand-new DJI Romo vacuum to a PS5 controller. Then he noticed something strange. The app wasn’t just controlling his vacuum. It was controlling thousands.
He hadn’t hacked DJI’s servers, he said. Instead, he extracted his own Romo’s private token—a key meant to prove you’re allowed to access your own machine—but DJI’s servers returned the data of thousands of other customers as well. “I didn’t infringe any rules. I didn’t bypass, I didn’t crack, brute force, whatever,” he said.
Full article HERE from Inc.com
Once again, we see a manufacturer that ‘thought’ they had things covered…
But they didn’t. Simply put, security is almost always the LAST thing companies think about, other than as a PITA, because it makes the engineers, CSRs, and techs have to work harder to actually DO anything to the particular product.
We’ve seen vehicles hacked to the point that they controlled braking, engines, etc. So called ‘secure’ systems have turned out to not be secure at all, and we all know hackers are out there everyday, including Chinese schools and who knows whom else that are hitting military systems, universities, networks, infrastructure, phones, individual computers, and pretty much anything connected to the web 24/7/365.
And this doesn’t even account for the ‘simple’ phishing attempts that go on daily by the middle easterners, or Nigerian ‘princes’…
Those who’ve fallen for the ‘smart home’ schtick are just begging to get all of their data taken. When everything in your house is connected, everything you do is available/sold to third parties by those manufacturers.
Your fridge reports what you buy/eat/how often you open the door? That’s sold to advertisers. Your fridge door isn’t opened for a day or two? Criminals rob your house. That smart thermostat? Well, you don’t actually control your house temps, the electric company does. Too much draw? They turn the temp up or down as required…
That smart electric meter? Criminals monitor those for usage drops, so they know the homeowners/renters are gone, and they home is ‘available’ for robbery.
And the list goes on and on…
No, I don’t have any ‘smart’ devices in my home, nor any ‘subscriptions’ in my vehicle either. And I don’t plan on ever having any! I’ve done everything I can to sequester my router and limited wireless access to it with the recommendations provided by Borepatch at his blog, HERE.
Yes, I’m old, yes, I’m grumpy… YMMV and all that stuff…
Same here on smart devices, subscriptions, internal network behind a firewall, no new devices permitted to sign into my WiFi at my routers unless I specifically allow ’em, and a linux firewall at the head of the network (had one of those since ’95.)
Borepatch’s blog is at:
https://borepatch.blogspot.com/
If you want to get just the internet security posts, find his post post “Don’t buy TP-Link home firewalls” (as of right now it’s on the main page) and at the bottom, click on the tag “security” or “recommended security tools” and you’ll get all the posts with the tag you selected.
Speaking of monitoring online behavior…
Are you still working on the next Rimworld? You posted excerpts of a promising start.
Bell’s Chronicles first!
I’m jonesing….
You and me both, Ed!
Good thing he wasn’t trying to mow his lawn.
🤣
Fortunately I have my grandson who’s won national contests in Computer Security and was just promoted in that capacity yesterday.
Yes I am proud.
Those smart devices connect the stupid, embolden criminals, and are the cheapest form of marketing ever developed. With the spying added, someone can’t even go to the bathroom without the phone they carry reporting to a pharmaceutical manufacturer it’s time to fill their social media advertising with commercials for constipation relief.
top men
our nations best and brightest
in particular, the EU advice on computer technologies and on privacy represents the finest minds and thinking of the aggressor nation and of the circle trigon party
Sure they have ruined their basic incentives and capabilities, but some protectionism will fix all of that.
(Which is me drawing perhaps silly and unfounded connections between the fad of ‘internet of things’, a number of other broad fads in technology industries, and EU regulatory pissyness about speech, anonymity, certain approaches in FOSS, and ‘AI’. I could be persuaded that Altman is entirely a crook, and at the same time be skeptical of Breton or Leyton doing legal novelties to ‘catch Altman’, or what ever it is that they currently say they are doing.)
Security always takes a back seat to convenience in IT, and that has been true for the nearly 40 years I’ve been in the business. Default passwords for highly privileged accounts not changed. Every file share on the network (including HR and Finance) set Global Read/Write/Delete access because it was too hard to tailor permissions. PCs not scanned in the morning because 5 minutes was too long to wait. Single Sign On so users didn’t have to remember more than 1 password so when hackers got that one they had the keys to the kingdom…
There are two ways to have a secure PC: Either encase it in concrete or never turn it on. Otherwise, the user is the weak link.
All- Thanks for the comments, and I see y’all are pretty much in agreement with me. I’m working on both the Rimworld and Bell Chronicles books! I’m getting there!!! Just not as fast as y’all would like, but at least I’m back to writing!
I have zero smart things in my apartment, other than my cell phone. My two computers run either AVG (on the Windows 7) or Aura (on the Windows 11) Both have the camera masked. I don’t own a television. Yes, I’m a Latter Day Luddite and am missing out on all the wondrous things modern technology offers. No financial information has ever been accessed on my smart phone. I could probably do better but that would involve reading instructions.
There a story out today that someone managed to jailbreak Claude into helping him hack into Mexican databases and stealing voter, tax, and federal employee IDs. Anyone care to bet it isn’t an isolated case?