|
|
|
|
|
|
by drzaiusapelord
895 days ago
|
|
|
I feel like we're at some weird technological historical point where we have IoT everywhere but we aren't passwordless yet. So we're polluting our world with IoT devices like this but they ship with "admin/password" as the default and expect someone with some technical knowledge to secure it, with the blessings of management who takes security seriously. In many organizations they have either one of these, or none of these. In people's homes, they have none of these. No one would care about IoT wrenches if they forced some app-based auth with mfa. We only care because we can trivially exploit them. Companies like Bosch shipping these things insecure by default is the real problem. Near everything embedded does snmp 'public' with write options and very few devices force strong passwords or passwordless or force mfa. The embedded space is a mess and where computers were pre-2000. This it the classic "we invented cars before seatbelts and don't want to spend money on safety anyways," scenario. Regulation here is badly needed. The market won't fix this itself. Bosch isn't really hurt by this stuff. They can just blame operators, the same way Boeing blames pilots or airlines when their Max's crash or fall apart in the sky. This is a classic perverse incentive of capitalism at play here and now that politics has moved towards idealizing a low-regulatory environment, we're only going to see more awful scenarios like this. |
|
|