'Smart' Electrical Socket Leaks Your Email Address, Can Launch DDoS Attacks

An anonymous reader writes from a report via Softpedia: There is an insecure IoT smart electrical socket on the market that leaks your Wi-Fi password, your email credentials (if configured), and is also poorly coded, allowing attackers to hijack the device via a simple command injection in the password field. Researchers say that because of the nature of the flaws, attackers can overwrite its firmware and add the device to a botnet, possibly using it for DDoS attacks, among other things. Bitdefender didn't reveal the device's manufacturer but said the vendor is working on a fix, which will be released in late Q3 2016. Problems with the device include a lack of encryption for device communications and the lack of any basic input sanitization for the password field. "Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the internet and bypass the limitations of the network address translation," says Alexandru Balan, Chief Security Researcher at Bitdefender. "This is a serious vulnerability, we could see botnets made up of these power outlets."

dumbasses

[YrWrstNtmr]

I'm getting ready to replace all the switches and outlets in my 1982 era house.
IoT will not be present. I want an outlet to do 2 things. Connect to the circuit breaker box, and provide electricity to my stuff without blowing up.

Can't leak what doesn't exist.

Internet of Terrors

[JustAnotherOldGuy]

That's what the IoT is, the Internet of Terrors.

Mark my words- this is only going to get worse and worse and worse, and eventually somebody will die from some shoddy piece-of-shit consumer crap that's been weaponized by some asshole hacker.

Re:Internet of Terrors

[Stinky+Cheese+Man]

I am sick of "smart" products. From the smart text selection in MS Word, which always selects more or less text than I actually want, to the climate control in my car, which insists on turning on the A/C when I just want some cool fresh air, they invariably get it wrong. I know what I want and I am smart enough to make my own choices.

Re:Fuck This Softpedia Bullshit!

[JustAnotherOldGuy]

They can't tell you the details until they come up with a snappy name for the vulnerability.

They already have, it's "IoT".

If it's some piece of consumer-shiny-bling-bullshit and it's internet-enabled, there's your vulnerability.