When I had a quick look at the android app a while back I also found the insecure CoAP, but there was also a hardcoded api-key for what looked like a aws endpoint(http://uqeh6fio3g.execute-api.us-east-1.amazonaws.com/prod)
Also a really bad default passphrase(key_file.txt) which I think is used for generating some kind of key/cert.... I have not looked at the actual gateway at all yet.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2017-04-10 09:19 am (UTC)Also a really bad default passphrase(key_file.txt) which I think is used for generating some kind of key/cert.... I have not looked at the actual gateway at all yet.