(no title)
ce4
|
1 year ago
There's another thing not mentioned.
From the payload it looks like one may be able to spoof other customers' sensors by altering the serial (maybe it's a contiguous number) and replay the request. Heck, it is just one "curl -X PUT -d ..." command away, the info is all in the article
api|1 year ago