Sign in / up

back to article AGFEO smart home controllers need patching

Smart-home controllers from German company AGFEO have adopted best practice internet things security by offering an unsecured Web admin interface. The now-patched attack vectors included unauthenticated access to some services, authentication bypass, cross-site scripting (XSS) vulns, and hard-coded cryptographic keys. The …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. John Smith 19 Gold badge
    Unhappy

    Poor configuration control between development and release versions?

    I'm shocked.

    Shocked I tell you.

    And that's still better than their competitors.

    I dream of a day when the average level of IoT security is above "abysmal"

    The weekend is coming and I'm feeling positive.

    2 1 Reply
  2. JakeMS
    Facepalm

    Clearly not very smart...

    This is why we need to stop slapping the "smart" tag and all new tech.

    It's clearly not made by smart people, and the software can only be as smart as the programmer who coded it.

    Some of these vulns should have been easily discovered by the programmers long before it left their computers.

    2 0 Reply
  3. Robert Helpmann??
    Coffee/keyboard

    Best Practice Internet Things Security

    I wonder what kind of questions this new domain will generate for the CISSP or Security+ tests. No, I take it back: this material is already covered on the CEH.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like