Cybersecurity

6111 readers

27 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

[email protected]

FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance (thehackernews.com)

submitted 3 weeks ago by [email protected] to c/[email protected]

10 comments fedilink hide all child comments

top 10 comments

sorted by: hot top controversial new old

[–] [email protected] 16 points 3 weeks ago (1 children)

Guaranteed to have a backdoor installed?

[–] ILikeTraaaains 6 points 3 weeks ago

Same security as a TSA approved lock?

[–] deafboy 3 points 3 weeks ago (1 children)

Meanwhile, the vendors are introducing security vulnerabilities marketed as features, even in protocols that would be reasonably secure otherwise...

[–] [email protected] 4 points 3 weeks ago (2 children)

Such as?

[–] [email protected] 2 points 3 weeks ago (1 children)

Well apple just got in trouble for eavesdropping on it's users, so..

[–] [email protected] 2 points 3 weeks ago

I doubt Siri eavesdropping was a bug.

[–] deafboy 2 points 3 weeks ago (1 children)

Zigbee devices that can be remotely reset back into pairing mode.

[–] [email protected] 1 points 3 weeks ago (1 children)

Oh man I was just about to zigbee everything in my house. Have you got more information about this?

[–] deafboy 1 points 3 weeks ago

It's a vendor specific thing, so if that bothers you, just look up the pairing procedure for each device before buying.

As far as I remember, the philips bulbs can be reset by holding on and off buttons on the remote. This functinality has a limited range, but a sophisticated attacker could probably just bring a better antenna.

In practice, the compatibility issues will probably keep you busy enough not to think about the theoretical attacks.

Sorry, I didn't mean to discourage you. Practically all the lights in my house, and some other stuff like blinds and aquarium equipment, are running on zigbee. When you finally tune it just right, it's pretty great.

[–] [email protected] 2 points 3 weeks ago

"Goddamnit, Cyber Trust Mark! None of these devices are remotely secure enough! I knew we should have sprung for the more expensive Cyber Trust Kelly, but everyone was like, 'nO, tHiS mOdEL iS BaSiCaLly tHe SaMe...SaVe A fEw DoLlArS...'"