30 Sep '14, 8am

Finding a Shell in a Bose SoundTouch

Finding a Shell in a Bose SoundTouch

The article forgot to say that the username is ‘root’ and the password is .. wait, there is NO PASSWORD! Right, a completely unsecured root shell on an internet connected device that is being sold to general public. Even better, one can get the root shell remotely! I was going to write whether this thing is secure against exploits like the recent Shellshock bug, but no need, it comes with a free backdoor already! Why are hardware companies shelling out millions for nice looking product design but then outsource firmware writing to the lowest bidder producing atrocious crap in the process? I am really wondering whether we should start treating all these “smart” devices or “Internet-of-things” gizmos as “hacked by default” because of the universal incompetence of the manufacturers. Soon my fridge is going to attempt to steal my washing machine credentials so that my bank acc...

Full article: http://hackaday.com/2014/09/30/finding-a-shell-in-a-bose-...

Tweets

steal his look : BAP Youngjae durian shell : fr...

twitter.com 05 Oct '14, 8pm

To bring you Twitter, we and our partners use cookies on our and other websites. Cookies help personalize Twitter content,...