• AmbiguousProps@lemmy.today
    link
    fedilink
    English
    arrow-up
    59
    arrow-down
    1
    ·
    1 month ago

    although Ecovacs accounts are password-protected, and a further four-digit PIN code is required to access the video feed, that PIN code is not validated server-side—meaning anyone with the basic know-how of a tool like Chrome web inspector could bypass it

    • lad@programming.dev
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 month ago

      Reminds me of how Xiaomi password protected smart kettle was only password protected in the UI. I think, it’s an industry standard nowadays 🥲