EEVblog Electronics Community Forum

Products => Computers => Security => Topic started by: windsmurf on July 03, 2019, 07:43:32 am

Title: Zipato hardcoded same private SSH key into every one of its hubs
Post by: windsmurf on July 03, 2019, 07:43:32 am

Zipato hardcoded same private SSH key into every one of its hubs, essentially giving everyone within wifi range the keys to open all of their smart door locks
https://blackmarble.sh/zipato-smart-hub/

Correction: If the hub is connected to the Internet, then anyone on the Internet can open your Zipato smart-locked doors.   :o

Title: Re: Zipato hardcoded same private SSH key into every one of its hubs
Post by: Halcyon on July 14, 2019, 10:50:42 am

 :-+ Brilliant
 :palm:

This is why I hate "Internet of Things" -- Essentially devices which have no business being connected to the Internet. What's worse, people who have no idea about networking expose these types of devices to the for everyone to see and abuse (https://www.shodan.io/search?query=Zipato).

Title: Re: Zipato hardcoded same private SSH key into every one of its hubs
Post by: andersm on July 22, 2019, 09:38:08 pm

They're just following in the footsteps of the big guys: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey