the shared MQTT credentials pattern is unfortunately super common in budget IoT.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tomsmithtld 12 days ago \| parent \| context \| favorite \| on: My smart sleep mask broadcasts users' brainwaves t... the shared MQTT credentials pattern is unfortunately super common in budget IoT. seen the exact same thing in smart plugs and air quality sensors. the frustrating part is per-device auth is not even hard to set up, mosquitto supports client certs and topic ACLs with minimal config. manufacturers skip it because per-device key provisioning adds a step to the assembly line and nobody wants to think about key management. so they hardcode one set of creds and hope nobody runs strings on the binary.

		help

RyJones 12 days ago [–]

Why is it that almost all ODB-II dongles you buy have the same MAC address? If you buy two, one for each car, your app can never tell which car you're connected to.

They all come with Bluetooth certified logos, as well.

The ones that don't reuse everything cost like $120, not $15.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact