Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You're worried about someone with physical access and time to dump info from a JTAG header gaining the WiFi password?


Target throws out coffee maker. Threat actor goes through trash. They don't have to break into the building to get it.


If someone is targeting you that precisely they are sorting through your trash for a coffee maker, then I would posit you are already in deep trouble and they'd likely do something easier like wait for you to leave and insert physical access into your network then...


The $5 password circumvention device comes to mind. https://xkcd.com/538/


Exactly! Sniffing passwords out of coffee makers is hard to scale. Lots of tech needed/knowledge. Wrenchs scale linearly with people given wrenchs, and typically one does not need training to apply brute force with wrench. You may be able to save on labor even as other primates can use the wrenchs better and with more force than humans.


Most offices are going to notice if someone abducts the IT manager and beats the wifi password out of them. They're probably not going to notice that someone took away the trash they threw out.


Who’s your wrench guy? You’re wayyy overpaying


And you propose what instead, that the target verifies their coffee maker manufacturers disable the JTAG interface on production units so that they can throw it away without worrying about this?

Seems like the wrong solution to an already absurd/niche threat model.


I'd propose not buying wifi coffee makers if you're worried about security.


Yeah ok exactly? So why care about JTAG enabled?


I commented on the fact that you don't need to break in to get the coffee maker. Stop trying to pick a fight.


That's why lots of companies crush perfectly good Surfaces and 2242 SSDs when recycling.


The irony, of course, being that those can generally be properly wiped to safely resell. Or, if it matters, the thing should have been using full disk encryption so it's irrelevant.


People are allowed to throw out a piece of paper with their wifi password written on it as well.


A plausible scenario I can think of would be in an office space, a shared smart coffee machine that would be stolen to gain WIFI access.


Surely the shared coffee machine would be on a guest network with no access to internal resources?

Having separate "guest wifi" is a great idea and provides much better security than trying to ensure none of your IoT devices expose your password.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: