Products > Security

Zipato hardcoded same private SSH key into every one of its hubs

(1/1)

windsmurf:
Zipato hardcoded same private SSH key into every one of its hubs, essentially giving everyone within wifi range the keys to open all of their smart door locks
https://blackmarble.sh/zipato-smart-hub/

Correction: If the hub is connected to the Internet, then anyone on the Internet can open your Zipato smart-locked doors.   :o

Halcyon:
 :-+ Brilliant
 :palm:

This is why I hate "Internet of Things" -- Essentially devices which have no business being connected to the Internet. What's worse, people who have no idea about networking expose these types of devices to the for everyone to see and abuse.


andersm:
They're just following in the footsteps of the big guys: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey

Navigation

[0] Message Index

There was an error while thanking
Thanking...
Go to full version