Insteon Vulnerability Exposed

Is it really hacking or even a vulnerability that someone can access these systems?  The fact that the docs say you should assign a username & password if you are putting it on the internet clearly indicate that it is the users responsibility to secure their system.  Sure, it would have been better to force the username/pw by default, but the real problem is non-tech users.
 
The fact that it is searchable via search engines, though, is a vendor issue.  All of these consumer type devices should include robots.txt files.
 
Lou Apo said:
Didn't even know that "HUB" existed.  ISY is a bit tougher to hack, though no system is unhackable.
Click to expand...
This isn't really about hacking Insteon as much as it is about accessing the application remotely (hardly hacking except when convenient for the law)
 
Hack wasn't my word - you know how these articles go...  The point was there was an issue with some of this insteon hardware, and a lot of people come here to talk Insteon (and plenty who have limited networking knowledge), so it seemed worth mention to me.
 
hack 1  (h
abreve.gif
k)

v. hackedhack·inghacks
v.tr.
1. To cut or chop with repeated and irregular blows: hacked down the saplings.
2. To break up the surface of (soil).
3.
a. Informal To alter (a computer program): hacked her text editor to read HTML.
b. To gain access to (a computer file or network) illegally or without authorization: hacked the firm's personnel database.
Click to expand...
 
See definition 3b.  Hack is exactly the word you would want to use to describe the situation where an un-authorized party gained control of your Insteon network.  The fact that the security to prevent the un-authorized access is slim to none is irrelevant, it is still un-authorized.
 
I think the point here is people get too "stupid" when it comes to cool novelties like controlling your hot tub and bragging to your friends about it....
 
If you don't take the time to learn about what you're installing and how to secure it then you deserve the extremely high electric bill, period!
 
I had on old tech school teacher thal told me one thing, learning costs you money, no matter what. You can pay someone to teach you or you can pay someone to do it for you and watch, or you can pay to do it right when you screw it up.
 
If you are trying to open up ports, etc and you havent read a networking for dummies book or at least spent some time educating yourself on how the IP world works then you are the only one to blame.
 
wuench said:
The fact that it is searchable via search engines, though, is a vendor issue.  All of these consumer type devices should include robots.txt files.
Click to expand...
 
 
This has always been an issue with web connected IP devices like IP cameras and such. All you have to do is look up how to do an "inurl:" search.
 
Its not a vendor issue IMHO. It's called securing your devices with a password other than the default.
 
gatchel said:
I think the point here is people get too "stupid" when it comes to cool novelties like controlling your hot tub and bragging to your friends about it....
 
If you don't take the time to learn about what you're installing and how to secure it then you deserve the extremely high electric bill, period!
 
I had on old tech school teacher thal told me one thing, learning costs you money, no matter what. You can pay someone to teach you or you can pay someone to do it for you and watch, or you can pay to do it right when you screw it up.
 
If you are trying to open up ports, etc and you havent read a networking for dummies book or at least spent some time educating yourself on how the IP world works then you are the only one to blame.
Click to expand...
 
Yup.
 
Although your teacher didn't have cocoontech.  You can get lots of free "learnin" right here.  I guess time is money, so maybe it's not free.
 
You must log in or register to reply here.

Similar threads

pete_c
Key Reinstallation Attacks
Replies
12
Views
1K
pete_c
pete_c
M
Best Options For a Secured HA Platform?
2
Replies
25
Views
1K
RAL
R
electron
Chat Transcript - Securifi (Almond+) - 02/22/2013
Replies
0
Views
3K
electron
electron
electron
Chat transcript 01/20/2006, Cortexa
Replies
1
Views
4K
electron
electron
beelzerob
My house wiring odyssey
5 6 7
Replies
92
Views
18K
beelzerob
beelzerob
Back
Top