Smart-Lock Hacks Point to Larger IoT Problems

In my completely non-rigourous study of adoption patterns (I asked my friends, mostly people in tech/security roles), I’ve concluded that I’m right to be extremely suspicious of ‘smart’ devices. Articles like this just reinforce my world view. For the sake of full disclosure I must state that I’m working with a company that provides smart access services (not just lock/unlock but room reservations, car park slots, wifi codes, coffee, payment systems…) that is much more cautious than slinging some ideas on Indiegogo…:

[…] In conducting a series of searches on Shodan, a search engine for connected devices, Young discovered a server with several pages of MQTT topic names that also kept emerging in searches referencing “lock” and free email providers like “gmail.com.”

“I queried the server myself with Linux command line tools (e.g. mosquitto_sub), and I was instantly inundated with PII apparently from all over the world,” wrote Young, adding that data included email and IP addresses associated with locks and timestamped records of when and where they opened and closed.

[…]

Original article here