More Woeful IoT Security

This is the kind of thing that hurts my heart about our headlong plunge into connecting every flippin' thing to the Internet. There seems to be a real lack of serious thought about security, sometimes of even the most (one would think) basic kind. Do we not believe that the bad guys will quickly figure these out and create mischief/havoc/disaster accordingly (because that's why they are called "bad guys" y'know).
Netatmo is the latest vendor to be exposed as having weak security to protect user information. The Internet of things (IoT) vendor has several products, including a set of Internet-enabled weather monitoring devices that connect via a user's WiFi network to communicate with the cloud.

The problem is that the Netatmo was storing user WiFi network passwords, then transmitting them in the clear, without any encryption, as part of a data debug dump. The debug information was sent to the Netatmo cloud service, which enables users to track and monitor weather remotely.
 eWeek


Netatmo is the latest vendor to be exposed as having weak security to protect user information. The Internet of things (IoT) vendor has several products, including a set of Internet-enabled weather monitoring devices that connect via a user's WiFi network to communicate with the cloud.
The problem is that the Netatmo was storing user WiFi network passwords, then transmitting them in the clear, without any encryption, as part of a data debug dump. The debug information was sent to the Netatmo cloud service, which enables users to track and monitor weather remotely.
- See more at: http://www.eweek.com/blogs/security-watch/netatmo-dumps-user-wifi-credentials-in-the-clear.html#sthash.8dZDttyr.dpuf
Netatmo is the latest vendor to be exposed as having weak security to protect user information. The Internet of things (IoT) vendor has several products, including a set of Internet-enabled weather monitoring devices that connect via a user's WiFi network to communicate with the cloud.
The problem is that the Netatmo was storing user WiFi network passwords, then transmitting them in the clear, without any encryption, as part of a data debug dump. The debug information was sent to the Netatmo cloud service, which enables users to track and monitor weather remotely.
- See more at: http://www.eweek.com/blogs/security-watch/netatmo-dumps-user-wifi-credentials-in-the-clear.html#sthash.8dZDttyr.dp

Comments