Y
Hacker News
new
|
ask
|
show
|
jobs
by
firesteelrain
332 days ago
Assuming the only reason this works is because the washing machine and app don’t use TLS 1.2 and instead some homegrown Caesar cipher?
Otherwise, you would need some MitM style attack?
2 comments
ethan_smith
332 days ago
Many of these consumer IoT devices use either plaintext protocols or implement weak encryption with hardcoded keys in the firmware, making packet capture and analysis possible without traditional MitM techniques.
link
firesteelrain
332 days ago
I understand. I am asking whether if the certs were in the device and the app would this have fixed it
link
timedout_uk
332 days ago
The washing machine doesn't use TLS at all and instead opts to just XOR data, explained later in the post.
link
firesteelrain
332 days ago
I understand. I was saying how this could have been avoided by the manufacturer
link