Hacker News new | past | comments | ask | show | jobs | submit login

The article and source material are light on details here. My guess is that it is using HTTPS, but the researchers saw the plaintext password in the request and assumed “password in plaintext always bad”.

If the app isn’t using HTTPS, then the story would be much bigger than just the password being plaintext.




How would they have been able to see the content of a request from the router to AWS if it was HTTPS?


You can MITM HTTPS, the device just needs to trust the cert (which isn't hard to do)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: