|
|
|
|
|
|
by BugsBunnySan
3647 days ago
|
|
|
a) the sockets all connect to a central server in China
b) the sockets identify themselves to that server with their MAC address (kind of makes sense, it's a readily available, global unique (more or less) identifies)
c) if you send a message to a socket (identified by its MAC address) from the app on your phone and your mobile phone can't find it on the local network, the app sends a message to the central server in China, which sends it on to the socket, if that happens to be turned on and is thus connected over the internet to that central server So, it's not that you can suddenly magically access devices by MAC address over the Internet (MAC addresses are still local network only), but since the sockets are all connected to a central server who knows them by their MAC address, that makes it possible to send those messages. This would all not be a problem with good crypto for authentication (and secrecy), but apparently they put pretty much none of that into the product/app. So it should be realtivly easy to find out the MAC address and then very easy to talk to the central server and tell it to send messages to whatever device. (It's a little like an open relay mail server, and bad for similar reasons) |
|
|