this post was submitted on 15 Jul 2023
508 points (99.0% liked)

Technology

60367 readers
7908 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

LG to offer subscriptions for already purchased appliances and televisions, evolving into a provider for “Home as a Service”::Subscription fatigue is a thing and regulators are circling, but Korean giant reckons you're ready to cough up after buying hardware

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 70 points 2 years ago (6 children)

I bought a $3k+ LG OLED. I intentionally never agreed to any TOS so that it would act as a dumb TV. I wanted it on the network so that I could control it through Home Assistant and Apple HomeKit so I put it in my IoT VLAN. Within a day it was trying to port scan my network! It is now fully isolated with no outgoing connections allowed.

[–] Kelly 21 points 2 years ago* (last edited 2 years ago) (3 children)

I have a 2017 era Samsung TV. I use it to connect to a media server that my router runs if I plug in a USB drive. This just worked so I assumed it was an open unauthenticated service.

Then I tried to use VLC running on my phone to connect and found myself presented with a login screen. When I investigated further I found the router's media server defaulted to using the the router's admin credentials.

So it looks like the TV had been programmed to try common default router creds before showing a login prompt to the user as a "convenience".

[–] magikmw 7 points 2 years ago (2 children)

That's good UX, the real fuckup is using default admin credentials om your router.

[–] postmateDumbass 5 points 2 years ago

Im safe.

I changed u:admin p:admin to u:root p:service

[–] Kelly 2 points 2 years ago* (last edited 2 years ago)

I wasn't too concerned previously as my routers are only exposing their services to the local network.

I understand the view that it's a superior UX but I was taken aback that it was guessing passwords for other devices on the network.

load more comments (2 replies)