(jmswrnr.com)

318 points walterbell | 2 comments | 15 Apr 25 03:12 UTC | HN request time: 0.396s | source

Show context

Havoc ◴[15 Apr 25 07:33 UTC] No.43689992[source]▶

The recent drama around the unitree robot being effectively a beachhead on network has made me much more wary of connecting anything. Think I’ll stick to tasmota and zigbee going forward

replies(1): >>43690111 #

1. simonjgreen ◴[15 Apr 25 07:52 UTC] No.43690111[source]▶

>>43689992 #

Can you tell me more about the Unitree drama?

replies(1): >>43690214 #

2. walterbell ◴[15 Apr 25 08:11 UTC] No.43690214[source]▶

>>43690111 (TP) #

https://news.ycombinator.com/item?id=43604706

  Upon gaining access to the CloudSail API, which they did using a recovered API key, they could:

    List all connected devices and their IP addresses
    Establish remote tunnels to those devices
    Access the robot dog’s web interface with no authentication
    Use the robot’s cameras for live surveillance
    Log in via SSH using default credentials (pi/123)
    Move laterally within internal networks to which the robot is connected

↑

Hacking a Smart Home Device (2024)