A simple bug exposed access to thousands of smart security alarm systems

U.S. power and electronics giant Eaton has fixed a security vulnerability that allowed a security researcher to remotely access thousands of smart security alarm systems.
Security researcher Vangelis Stykas said he found the vulnerability in Eaton’s SecureConnect, a cloud-based system that allows customers to remotely access, manage, and arm and disarm their security alarm systems from a phone app.
Stykas said the vulnerability allowed anyone to sign up as a new user and assign that account to any other group of users, including a “root” group, which has access to all of the

リンク元