So many [recent] examples of no validation/verification/authentication. Pathetic. Negligence, pure and simple. Not like SQLi is ~20 years old...
¯\_(ツ)_/¯ 💩 🔥
Pacemakers, TrendMicro AV, automated email, SQLi for years,
http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html
https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities
@sten0_SE security adds no marginal sales value.
I happened across an IoT device once that validated new firmware in-browser with javascript. You could trivially bypass the verification and upload a firmware with a backdoor. Also default hardcoded credentials to access the firmware upload page. It's like they're not even trying. Contact the vendor? "We no longer support that model, you should upgrade to the newest and shiniest hardware."
@Senicar @sten0_SE the newest model, which likely has the same problem. But yeah, this is the major issue with iot