logo
logo

Security researcher gets threats over Amazon review

avatar
Charles Gilbert
Jul 01, 2016 17:12
img

Amazon retailers sometimes go to extreme lengths to guarantee good reviews, as security developer Matthew Garrett recently discovered when he wrote a one-star review of an internet-connected electric socket.

When Garrett politely pointed out that the socket in question was woefully insecure, he received emails from the manufacturer claiming that the review would get employees fired and that other reviewers were campaigning to get Garrett s review taken down.

The AuYou Switch works whether or not you re home — so you can switch your lights on in your apartment while you re still in your office.

But like so many Internet of Things devices, the AuYou switch seems to have a serious security flaw.

The result is that the unique network ID of your socket is transported in an unencrypted form to the Chinese server — and anyone who gets their hands on the ID can then control the socket.

The only way Garrett could prevent his socket from being compromised was to block the server, which would keep anyone, including him, from controlling the socket remotely.

collect
0
avatar
Charles Gilbert
Jul 01, 2016 17:12
guide
Zupyak is a free content platform for publishing and discovering stories, software and startups.