This JSON request instructs the alarm clock on every “alarmSound” event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk.
By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vulnerability. An attacker with the ability to set subscriptions on the alarm clock can effectively send HTTP messages to any device or internet property they want. If this is done across enough devices, a DDOS vulnerability is created.
Toast popping out of a toaster or a car driving across a road traffic sensor could be the trigger of a future large scale DDOS against a web property.
Now that many online services rely on sending SMSes to your phone to authenticate your identify, thieves and stalkers have created a whole "SIM swap" industry where they defraud your phone company or bribe employees to help them steal your phone account so they can break into all your other accounts.
Bruce Schneier's Foreign Policy essay in 5G security argues that we're unduly focused on the possibility of Chinese manufacturers inserting backdoors or killswitches in 5G equipment, and not focused enough on intrinsic weakness in a badly defined, badly developed standard wherein "near-term corporate profits prevailed against broader social good."
Aestetix writes, "HOPE 2020 [ed: Hackers on Planet Earth, the triennial, astoundingly great hacker con put on by 2600 Magazine] is in a brand new location and will be bigger and better than ever with lots more activities and space - all without leaving New York City! It will be held from July 31st to […]
It seems like AI is everywhere these days, from the voice recognition software in our personal assistants to the ads that pop up seemingly at just the right time. But believe it or not, the field is still in its infancy. That means there’s no better time to get in on the ground floor. The […]
Whether you own or rent your place, insurance on that home is a necessary hassle – but a new tech-driven company called Lemonade is starting to show that while it might indeed be a necessity, it doesn’t have to be a hassle. Here’s the way insurance typically works: You pay premiums and hope an accident […]