Researcher discovers security flaw in Netatmo weather station

Gigaom

The Netatmo weather station, a popular and beautiful connected weather station, apparently sends your Wi-Fi password as well as other device and network information over the internet in an unencrypted format. Johannes Ullrich, CTO at the SANS Internet Storm Center in Jacksonville, Florida, posted a blog on Thursday documenting the device’s lack of security. He was pretty mild-mannered about the lapse, pointing out that the transmission of his credentials only happened at the setup and wasn’t replicated when he restarted the device again, explaining:

[blockquote person=”” attribution=””]So what happened? After looking at the full capture of the data, I found that indeed the weather station sent my password to “the cloud”, along with some other data. The data include the weather stations MAC address, the SSID of the WiFi network, and some hex encoded snippets.

Not only should data like this not be transmitted “in the clear”, but in addition…

View original post 257 more words

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s