Store log in from WebDM
Martin Albisetti
martin.albisetti at canonical.com
Thu Apr 2 19:10:44 UTC 2015
On Thu, Apr 2, 2015 at 3:57 PM, Alexander Sack <asac at canonical.com> wrote:
> What do other home appliances in the market do here?
>
> My wifi router seems to not care. I configure it through
> http://local.domain. Of course, that one is special because it knows
> that I am accessing it through WPA at least...
Right, most of them don't care. Such is the state of IoT today :)
WPA make it harder for people not on the network to snoop, but does
nothing to prevent people who already are on the network.
Most routers allow you to access them via ssl with a self-signed cert.
The main problem here is that you would be sending your store
credentials (Ubuntu One) in plain text in your local network. And
that's on top of the risks of someone intercepting the session and
taking over the device completely.
I think routers are accessed very infrequently, making the windows of
attack much smaller. We will have all kinds of devices will all kinds
of recurring remote access to the device.
--
Martin
More information about the snappy-devel
mailing list