Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A bit of a dick move to remove the root password on an IOT device of a flat you only rent.


It was completely non-functional before, so there's really no loss.


I see half of the article about how he struggled to get the password, so not that dysfunctional.


It was powered off entirely! He had to replace a fuse to get it to have any baseline of functionality.


The landlord didn't know what it was and apparently doesn't care at all.


If it was powered off before, it’s clearly not a selling point of the apartment.


Considering that: - the Wi-Fi is password protected - root privileges can already be granted via the "backdoor" - exactly as the author did

I don't think it's a dick move, the device security wasn't decreased (or increased) since RCE was already possible via the tcf port




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: