nice attack
And surely plenty more to come with all el cheapo shit IoT coming from China compared to which Philips gear is golden in terms of security.
Quick (long) story:
I recently bought a security CAM from a reputed Swiss vendor. Mark was SWI***, so possibly swiss, meaning good product.
Looking at the crap closing hatch for the batteries, I wondered how it would achieve IP65, but whatever.
The was an USB port but "only for power". This began to look like crap. How expensive is a real USB port for config ?
Then the config:
- download an app on a mobile phone (Eh ?)
- connect the app to a WIFI network, not using the phone network bizarrely, but only with a passwd between 5 and 32 chars (WTF ?). So no open wifi or very secured wifi.
- then the real part: configure the CAM from the app: press a pairing button on the cam and the app will play a music to configure the CAM !!!! WHAAAT ? A dodgy modulation, inferior to the 90s technology (modems, remember ?). Spent 10 times trying, it never worked.
- spent 2 hours on the web looking for a forum with this model, never found one, only swiss (only) sites selling this shit. Same with comparison sites, no SWI*** ever. Then, I came across a CAM made by a reputable vendor: same perf, same look *EXACTLY*, same functionnalities *EXACTLY*.
End of the day, the day after I went to the shop telling them 2 things:
1- doesn't work, I want my money back. I did.
2- you should remove from the shelves since it is a counter-fact chinese product with Shenzen written all over the docs ! The dude laughed at me telling me it was a swiss model ! What a gullible idiot.
All of the above plus the article tells me the only safe way to IoT is a separate security zone + strict rules NOTHING should exit it at all plus strict rules for incoming traffic.
Biting the hand that feeds IT
