<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Connor Wolf did some hacking of a smart outlet, he bypasses the relay so he can just monitor power without some chucklehead potentially turning off his servers<br><br>Video <a href="https://youtu.be/rjry28Ym7kI">https://youtu.be/rjry28Ym7kI</a><br>Sent from my iPad</div><div><br>On 21/05/2015, at 18:12, Nick Rout <<a href="mailto:nick.rout@gmail.com">nick.rout@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><span>On Tue, Apr 21, 2015 at 6:51 PM, Volker Kuhlmann</span><br><span><<a href="mailto:list0570@paradise.net.nz">list0570@paradise.net.nz</a>> wrote:</span><br><blockquote type="cite"><span>On Tue 21 Apr 2015 18:05:42 NZST +1200, Richard Jones wrote:</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span><a href="http://www.aliexpress.com/item/EU-AU-UK-US-Smart-plug-WiFi-Smartphone-Remote-control-socket-power/32272099666.html">http://www.aliexpress.com/item/EU-AU-UK-US-Smart-plug-WiFi-Smartphone-Remote-control-socket-power/32272099666.html</a></span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>I'm still considering the security implications that were raised at last</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>nights meeting.</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>The plug you mention above is cloud based:</span><br></blockquote><blockquote type="cite"><span>"use your smartphone to turn off appliances when you're out"</span><br></blockquote><blockquote type="cite"><span>"Accurate feedback: ... whether you're in LAN or remote network"</span><br></blockquote><blockquote type="cite"><span>And the giveaway:</span><br></blockquote><blockquote type="cite"><span>"Double protection and more safety", "LonHand Server"</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>That means someone somewhere always knows exactly what you're doing in</span><br></blockquote><blockquote type="cite"><span>your house, whether you're home or not. Assume that this info gets</span><br></blockquote><blockquote type="cite"><span>stored permanently. Assume that this someone eventually gets bought out</span><br></blockquote><blockquote type="cite"><span>by google or likewise, including your personality profile. Orwell would</span><br></blockquote><blockquote type="cite"><span>have a field day.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>As I must have said previously, personally I put this kind of thing into</span><br></blockquote><blockquote type="cite"><span>the class of "consumer junk" with respect to network security.</span><br></blockquote><blockquote type="cite"><span>Irrespective of what big words their marketroids come up with and how</span><br></blockquote><blockquote type="cite"><span>many times they mention "password protected", bugs won't get fixed. The</span><br></blockquote><blockquote type="cite"><span>key is a feel-good instrument if the lock doesn't need it when you look</span><br></blockquote><blockquote type="cite"><span>at it sideways. For wifi I suspect that that unfortunately is a fairly</span><br></blockquote><blockquote type="cite"><span>safe assumption. The firmware is complex and made for time to market and</span><br></blockquote><blockquote type="cite"><span>low cost.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>If you have a good firewall and don't allow these things to connect out</span><br></blockquote><blockquote type="cite"><span>a technically advanced neighbour / passersby may turn your light/fridge</span><br></blockquote><blockquote type="cite"><span>off. You might not care, assuming the thing still "works", which it</span><br></blockquote><blockquote type="cite"><span>might not. It still is a gateway for attacks on your home network</span><br></blockquote><blockquote type="cite"><span>though.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><span></span><br><span>Yes I don't know why every home control software has to 'connect to</span><br><span>the cloud' to make it work from outside your LAN. What happened to</span><br><span>running a VPN?</span><br><span></span><br><span></span><br><blockquote type="cite"><span>Volker</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>--</span><br></blockquote><blockquote type="cite"><span>Volker Kuhlmann</span><br></blockquote><blockquote type="cite"><span><a href="http://volker.top.geek.nz/">http://volker.top.geek.nz/</a>      Please do not CC list postings to me.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>_______________________________________________</span><br></blockquote><blockquote type="cite"><span>Chchrobotics mailing list <a href="mailto:Chchrobotics@lists.linuxnut.co.nz">Chchrobotics@lists.linuxnut.co.nz</a></span><br></blockquote><blockquote type="cite"><span><a href="http://lists.ourshack.com/mailman/listinfo/chchrobotics">http://lists.ourshack.com/mailman/listinfo/chchrobotics</a></span><br></blockquote><blockquote type="cite"><span>Mail Archives: <a href="http://lists.ourshack.com/pipermail/chchrobotics/">http://lists.ourshack.com/pipermail/chchrobotics/</a></span><br></blockquote><blockquote type="cite"><span>Meetings usually 3rd Monday each month. See <a href="http://kiwibots.org">http://kiwibots.org</a> for venue, directions and dates.</span><br></blockquote><blockquote type="cite"><span>When replying, please edit your Subject line to reflect new subjects.</span><br></blockquote><span></span><br><span>_______________________________________________</span><br><span>Chchrobotics mailing list <a href="mailto:Chchrobotics@lists.linuxnut.co.nz">Chchrobotics@lists.linuxnut.co.nz</a></span><br><span><a href="http://lists.ourshack.com/mailman/listinfo/chchrobotics">http://lists.ourshack.com/mailman/listinfo/chchrobotics</a></span><br><span>Mail Archives: <a href="http://lists.ourshack.com/pipermail/chchrobotics/">http://lists.ourshack.com/pipermail/chchrobotics/</a></span><br><span>Meetings usually 3rd Monday each month. See <a href="http://kiwibots.org">http://kiwibots.org</a> for venue, directions and dates.</span><br><span>When replying, please edit your Subject line to reflect new subjects.</span><br></div></blockquote></body></html>