Security issue...Site bug


(Tom) #1

https://www.evernote.com/shard/s76/sh/b94dc8e9-288b-48b1-92bd-d5628cd1cd1a/48add2289e2ed976f492d70bd54cc131

I am not sjstone… I logged in using Twitter authentication.

Is everyone sjstone I wonder?

Might want to take a look at that. I could see this guy’s e-mail and change his password as far as I can tell…


(Solardave1) #2

Mabe it’s Sharon Stone.
Does kind of bring up the whole issue ofse unity on cloud based systems like this. Theoretically, I someone hacks the server they could gain control of your hub?
And lights?
And door locks?
Etc?


(Brian Steere) #3

There is definitely potential risk in having a cloud system with access to your home. I don’t know that it is more significant for SmartThings than any other kind of automation with cloud access. It just means the people behind SmartThings really need to be on top of their security game.


(Sjstone) #4

I have replicated this using Twitter authentication and notified our engineering team. Thank you for the report.


(Solardave1) #5

Excuse me, I’m busy flashing the lights at all the ST employees homes :slight_smile:


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #6

Definitely worth repeating and demonstrating more (endless) examples.

Cloud (software-as-service) security breaches and simple lack of privacy (NSA anyone?) are a risk that has been shown time and time again to be very “real”.

If particular HA cloud providers become very popular (rah rah Smart Things!), then they will become targets for aggressive hacking.

Being able to run “off the cloud / off the grid” (possibly by adding a slightly more powerful personal HA server to the SmartHub) would address a lot of fears.

But that is definitely not in the foreseeable future of SmartThings’s business plan.


(Solardave1) #7

I keep thinking the NSA could run a restore service and become a profit center, maybe even pay off the National Debt. Imagine if you could just request a download of every email, text, tweet, document, phone call, Skype conversation and who knows what else. Put Carbonite out of business overnight. The ultimate cloud storage service - you don’t even have to do anything on your end, they just automatically Hoover up everything in your life. Like this post for example.

Yeah kind scary if someone hacked ST’s servers and unlocked your doors, turned off your ip cams, etc. good thing I tie a hand grenade to the door lock before I leave in the morning. It works great - but only once.


(Andrew Urman) #8
good thing I tie a hand grenade to the door lock before I leave in the morning. It works great – but only once.

lulz