Ilovetomakestuffup
22630
646
4
Feb 25, 2026 8:55 AM
Ilovetomakestuffup
22630
646
4
RooGryphon
Security > functionality this is how you use tech and write the code that runs them. Secure it, lock it down. Then add functionality when absolutely needed
StephenDaniels
Ahem, Executives from Boeing and Airbus better be fn' listening to this.
tetondons
He's lucky he wasn't charged with a crime when he reported it.
FelonyRaptor
This story is made of words I do not understand, so I don't really know if it's insane.
SuperFlamingTominoHead
I assume this is the source https://www.popsci.com/technology/robot-vacuum-army/
tinyfootprints
When I bought a new Toyota from a dealership in Saudi Arabia, I asked for a key to my new car. The dealer opened a deep drawer that contained probably several thousand car keys. "Take one," he said. Holy shit - all Toyotas in Saudi Arabia have the same ignition key. At least, all the vehicles from that dealership do.
Grapeape2000
internet of shit
Xenarion
That doesn't even surprise me.
It also reminds me of a story I read recently how remotely-controlled sex toy company's system was so bad that it lets anyone access any account's information, including email address, of anyone with a single API call. The guy who reported it posted how it never got fixed for years, and after digging, he was able to easily access ANY account, including admins.
Xenarion
Yup, found the post again, it was Lovense, and boy was it even worse than I remembered. If you muted someone, the server SENT YOU their email address! And from that email and a little bit of know-how, you could take over someone's account without password.
https://bobdahacker.com/blog/lovense-still-leaking-user-emails
notreallyaclevername
This is why I live like a "ludite". No Roomba, no Alexa, and I deactivate all the virtual assistants on all my devices. My PC doesn't have a camera, and I keep my work computer turned off and the webcam unplugged and pointing at my desk whenever it isn't actively in use. Only social media I use is imgur. I've never trusted any of these corporations not to steal from me or not to be sketchy as hell. People called me crazy...
Seethreepeeoh
But will it help me find a dog?
Marsupialmessiah
Yeah, and identify your brown neighbors for the concentration camps, that feature is for mass surveillance, no one spends that much money for 600 dogs a year, aspca does a lot more with a lot less
ChiLLeCheeze
Yeah, he's at home eating. I'm watching you live feed him.
somebackup
I wonder how much Claude actually did. I tried to use it to automate very similar discovery and got nothing. My guess is this guy had a much smarter input parameter than me. Something that now only required testing many things rather than finding the actual solution.
Evi1Gav
Anything home device that requires an online account to use, should be avoided.
Colopty
7000 seems like a low number.
zeekcheek
dude he checked it twice, that's even good enough for santa fucking claus
Colopty
I'm not doubting his report, I'm expressing surprise at the information in it.
cjandstuff
Now I have to wonder whether or not DJI or some government agency knew about that before this story.
derekjohn
Pass this information to the Ukrainians, I'm sure they can do something with it.
iRegretThisUsernameAlready
Cue "Ride of the Valkyries"
MendoncycleSmith
And yet another story helping me feel better about my choices of having no smart devices in my house, and any of the ones that can't be helped, are left as bricked as humanly possible.
jridley
I like home automation but I don't use anything cloud based. Home Assistant and either generic Zigbee sensors or stuff I built myself.
HelpfulCorn
Zwave here. The new refrigerator has Wi-Fi absolutely not
jridley
I'll try to avoid buying appliances with smarts. If I can't avoid it, I make sure it'll function adequately without a connection, because it's never getting one.
VaxxedCanadian
Yesterday it was a Playstation controller
letsnotgothere
That's not really a threat. It's gonna be out of power anyway :P
dalaiyoda
Substitute "gaming controller" and move on with your life.
CammunistManifesto
Is that really the detail inconsistency you feel the need to point out?
m4uboy
rock band guitar
cousteau
Maybe it's one of those universal controllers that work for both consoles.
Ilovetomakestuffup
it's gonna be a Wii controller tomorrow :3
neithermenoryou
Can't wait to see him control it with a power glove.
TorrentialUpPour
You've always been able to control roombas with a power glove. If you can't, it's because you're not good enough at the power glove.
FlyByGRider
Shit I have to go find my power glove to see if I have the power!
GrandmasterSpank
I got a colleague who is into 'connect everything' he even has his fridge and dishwasher connected to his mobile phone. He loves 2 brands. Samsung and one more cant remember. I bet those companies know everything about him. 10 camera's in his home, watching his 24/7, mapping his house, his car, his life. He invited me to his house I said: no thnx. Maybe I'm paranoid but I dont want to be 'mapped'.
unluckyandbored
Why I don't have any of this shit.
theworldcouldbeflat
Minority Report was right.
LtRooney
DarkZalgo
As an embedded software engineer myself, those claiming that are the programmers and engineers that are shit at their job. It's not hard at all to track the outgoing network data from a device on a network you control. It's just sad to think someone working in a relevant field couldn't even manage it.
mithiwithi
I don't have time to babysit my internet house. Easier to just stay analog.
DarkZalgo
You don't need to babysit your house. It's to dispel paranoia if you're really that worried about it. At the end of the day you can either keep being paranoid about everything or trust that nobody is actually out to get you unless you have actionable proof.
LtRooney
What mythical fantasy land are you living in?
iRegretThisUsernameAlready
I live this so hard. People get whiplash when I offer to make websites and stuff for them and then reveal I don’t have a smartphone, or social network accounts.
LtRooney
There's some dipshit replying to every comment, pretending to be an expert and telling everyone that, actually, spyware is fun! Your washing machine definitely should have a wifi connection! Yay spyware!
HamSlamwich
The blueprints for your house were filed with the city before it was built. Your home was mapped before you knew it existed.
GrandmasterSpank
Actually I'm in a house build in 1890, there are papers at city hall but those have not been digitized (yet), certainly not the changes that I and previous owners have made. :)
HamSlamwich
Lol k you got me there. In my defense i didn't know I was talking to a member of the Addams Family.
GrandmasterSpank
Most European houses are ooooold.
Almaadin
ANY changes were made by the previous owner. ;-)
GrandmasterSpank
Exactly. I know nothing.
relsky
While I agree with you 100% and I don't have a single network-connected device other than my pc and my phone, I have bad news: you and I are both already mapped.
NickRivieraMD
https://i.imgflip.com/zpanp.jpg
Zammurkele
Yep. https://www.kaspersky.com/blog/dense-pose-recognition-from-wi-fi-signal/51216/
GrandmasterSpank
But there is 'mapped' in different degrees. I dont have wifi. I dont have a smartphone. I dont have a car. I pay cash. That colleague is the exact opposite. I dont sit with him during lunch breaks because he has his phone on the table.
iamthemurray
How and why are you on the platform then? Wifi is not the same as Internet it's just become synonymous. Also no you don't, there are some bills you literally cannot pay with cash. Jobs won't hire you if you don't do direct deposit. Stop pretending to be some "off grid" wannabe
GrandmasterSpank
I never said I;m off grid. And they were talking about a technique which allowed for room mapping and object/people mapping when there is wifi in the house. So if you have wifi, they know where the flowers in your house are. They know when you get new fresh flowers. They know when you feed your cat. They can see when you're in your shower or when nobody is at home. Cable is not wifi.
valen00
See this is where conspiracy stuff comes in. There's a kernel of truth. "using wifi signals pose of people can be estimated" there's the stuff you missed "when they are standing directly in between 2 access points configured using custom firmware in a lab environment after significant training on that specific environment" and there's what you took away from it some mysterious "they" now know when you at home get fresh flowers and feed your cat because you have some random wifi access point/
valen00
You are paranoid. Like I don't mean that as an insult, but you are probably taking "privacy" and fear of "spying" to such an extreme that it is harming you without any commensurate gain in your quality of life. A phone sitting on a table despite many beliefs to the contrary probably isn't taking photos of you or shipping audio anywhere. Your security posture in that regard is on par with those who have state level actors working actively to directly harm them. Security is always a burden,/
GrandmasterSpank
I have been watching how the IDF pinpoints their victims using Palantir. If you have your phone on the table and you talk about .... Palantir a lot for 5 minutes, then go to google search and type in 'pa' it will autofill to palantir. I dont like that. I'm not afraid Israel will bomb me, but I dont like that kind of surveillance. Especially when I hear ICE agents say 'you're in our terrorist database' to protestors. I dont think those are idle threats. I think that database exists.
valen00
you have been watching a lot of conspiracy and confirmation bias. Given what you talk about your algorithm knows if you type pa you and people like you will be searching for that. Phones don't have enough battery to do the thing you think they are doing and still be good phones, unless they are literally hacked by mossad (who don't give a crap about your battery life). As I said, your threat response is correct for someone who is *actually* being targeted by state level actors. btw the / means
valen00
I say this as someone who works professionally in the field. Security is always a cost. That cost *must* be justified. It must gain you something, it must be proportional in response to a real threat. The way you describe your actions is not proportional to the threat posed by a co-worker having an internet connected fridge. I say this as I am literally working to get privileges on the headunit of my new car, which doesn't have built in networking because I don't want it phoning home to china/
valen00
and I want to vet the current 3rd party "root" services offered that let you run other apps on it. But I have a smart phone, I use tap to pay etc. The threat there is marketing, the threat posed by vehicle control software is rather larger.
You're on social media. You're on the internet, unless you're practicing some fairly advanced cyber security stuff you will have a profile, you will be tracked already.
JStengah
Remember kids, the S in IoT stands for security.
Snooj
EaaS. Espionage as a Service.
kaneinencanto
Works when you spell it out, too. "Internet of Things"... it's definitely the last thing on the company's mind.
Quizz25S
But there’s no s in- oh. OOOOOOOOOOH
dirtyFrenchman
mikeatike
IoT stands for Idiot of Things
cousteau
I was already starting to type that comment.
spookyu
Lmao, I'm a CyberSec guy, I'm stealing this.
uzetaab
I'm not in CyberSec and I'm also stealing this ;)
RemtonDulyak
Where's the security, if you can just up and steal stuff?
WoeToHice
@JStengah, are you going to notify your followers of this meme breach?
JStengah
I'll sign them up for a 12 month period of meme credit monitoring.
AtomicChipmunk
Is dns.adguard.com safe to use? Or are they getting data from the people who use it?
spookyu
I actually use adguard for DNS blocking on my phone (best way to get rid of ads in apps, to include the imgur app). They have a decent reputation so far and their privacy policy is straight forward https://adguard.com/en/privacy.html but just know there's always a degree of risk. That being said, even if they were collecting data and selling it....the amount of data collection their DNS filter stops from other sources would far exceeds that lol
AtomicChipmunk
Thx!
Kotarisu
That company failed to file a proper ID-10T form.
kaneinencanto
Classic PEBKAC issue.
Quizz25S
Pronounced “eye dee ten tango”
Quixus
Or the ID-2T form for those who do not understand binary.
Kotarisu
Well you know, there are 10 types of people: those who understand binary, and those who don't.
Quixus
Exactly.
intaglioguy
If you own a robot vacuum that links to the internet, you're being spied on. Period.
GasBandit
Boy oh boy do we have some news about cell phones
TychoTheMad
You need to go by Pondsmith Cyberpunk rules: If it has an ability to connect to anything else, a netrunner can use it to set your house on fire and explode your genitals.
Ree81
Not really. The camera isn't on, as that would cause users to notice a video feed being sent through their router. So at the most they're sending "this is the guy's design schematics", and maybe "this is they stuff the guy owns". I'm fine with that if it means I don't have to vacuum WITH MY AWESOME DREAME L40 ULTRA AE, WHICH WAS $550 AND DOES EVERYTHIGN! :P
wadatahmydamie
Yeah? Leave a key outside for me, I’ll pop in and do your dishes sometime. It’s free and doesn’t require Internet access
SirButcher
Dude, users happily click on EVERYTHING which looks remotely like a button, and most of them will click on anything which doesn't even look like a button.
99% of the regular users don't even know what a router is.
Ree81
*Power users
As in, at least someone online. And no, there's no such indication here, so if you believe "THEY'RE STREAMING EVERYTHING!!111", then give us a source or STFU.
Scahrossar
You vastly overestimate almost all users and what they notice.
Ree81
It's not about what the general populous notices, it's about how if even just one notices anything (and there's a LOT of nerds like this), then that creates knowledge, and usually an article about the behavior.
There's basically just one such article, where a "no name" Chinese brand was streaming "something", and the user blocked it, which lead to the company bricking the device.
Californiajackson
I know I'm supposed to gasp in horror, but...does it do carpet? Does it handle cat hair? Please?
Ree81
It does. Cat hair is basically just normal "male hair", as we don't usually have long hair.
It's the first robovac I've owned that literally "set and forget". Occasionally you have to change the water, but the amount of gunk in the dirty water tank, even if it's constantly mopping, is surprising. :)
Trastion
If you own ANYTHING that links to the internet, you're being spied on. Period.
TinyLiehon
If you own, you're being spied on. Period.
wadatahmydamie
If you, you’re being spied on. Period.
LespritDeLescalier22
You spied on you.
smittyatyou
On you.
DarkZalgo
Just no, dude. This level of paranoia is so fucking annoying.
slightlybrokenegg
You should go read the whistle blower files from Edward Snowden then remember how long ago that was.
DarkZalgo
Snowden was just trying to make a quick buck. He never even tried going through the actual whistleblower channels, and he leaked a fuckton of completely unrelated information that did nothing but endanger lives of active US military outside of the country as well as military members of our allies.
PanNonOpticon
It's pretty good aproximation.
DarkZalgo
Not really though. There's not much valuable information to be obtained by spying that you aren't already freely giving.
PanNonOpticon
You have an outdated view of social media and what information is valuable.
Trastion
So you think your phone and your little google or apple gadgets are not listening to you all the time. Read some articles. It has been exposed over and over that they are and they store the data. Ask any IT person how much of that shit they have in their home and the answer will as little as possible.
bitwize
Dude, please just try to educate yourself before you type dumb things. Like just a little bit.
Not all devices “spy” or collect telemetry at all; and this is trivial to prove being a sysadmin on a network. Plenty of peripherals fetch content from the internet but don’t expose network servers (low surface area for attack vector), don’t analyze the network map, and have no sensory peripherals to even “spy” in the first place.
Yeah, some things do where you are the product, but not all.
DarkZalgo
I'm an embedded software engineer with a bachelor's in cyber security. I have a published paper in IEEE from a project monitoring an echo dot to see if it listens to you when it shouldn't be. And big fucking surprise, it doesn't. And no, a shitty IT person will tell you that because they don't understand how it impacts their network and what to do about it.
baals
https://media4.giphy.com/media/v1.Y2lkPWE1NzM3M2U1eTF6dWh0b211ZnAxN2Y5NHpla2NlN2ZvamwyMWp5djQxM3dqbGNlbiZlcD12MV9naWZzX3NlYXJjaCZjdD1n/MAWxnzv6ZGd7q/200w.webp
slightlybrokenegg
I read atleast a dozen articles stating the exact same thing about apple and then they lost the law suit because it was conclusively proven they were listening.