(jamesbvaughan.com)

287 points jamesbvaughan | 1 comments | 25 Jul 24 15:11 UTC | HN request time: 0s | source

Show context

xyst ◴[27 Jul 24 00:12 UTC] No.41083506[source]▶

Why do speakers even expose a web api in the first place? It’s just easily available without any security?

Hope this person segmented this device away from other devices. The lack of basic security in the IoT space is astounding to me.

1. denysvitali ◴[27 Jul 24 05:51 UTC] No.41084691[source]▶

I was looking for this comment. Basically he managed to get a sort of unauthenticated R/W access to the file system.

This is really concerning

Reverse-engineering my speakers' API to get reasonable volume control