inding 1: Hard-Coded Bluetooth PIN
*****Credit: Daniel Crowley of Trustwave SpiderLabs
CVE: CVE-2013-4866
CWE: CWE-259
The "My Satis" Android application has a hard-coded Bluetooth PIN of "0000"
as can be seen in the following line of decompiled code from the
application:
BluetoothDevice localBluetoothDevice =
BluetoothManager.getInstance().execPairing(paramString, "0000")
As such, any person using the "My Satis" application can control any Satis
toilet. An attacker could simply download the "My Satis" application and
use it to cause the toilet to repeatedly flush, raising the water usage and
therefore utility cost to its owner.
Attackers could cause the unit to unexpectedly open/close the lid, activate
bidet or air-dry functions, causing discomfort or distress to user.
Google hasn't announced it yet, but the company earlier this year started offering free beta access to Cloud Source Repositories, a new service for storing and editing code on the ever-expanding Google Cloud Platform. It won't be easy for Google to quickly steal business from source code repository hosting companies like GitHub and Atlassian (with Bitbucket).
Ever thought of sharing solution of a coding problem in form of a video with someone, to teach them how you implemented the solution. Or, wanted to see what's the thought process of a potential employee when he/she solves a difficult problem. Ofcourse you have thought about it.