Plus, I unleash the secrets to effortlessly bring your business online. Learn the ultimate hack to share grocery lists for events. But that’s not all – get ready to capture breathtaking photos while hiking the Appalachian Trail with the ultimate photo gear recommendations. And wait, there’s more – I’ve got puns that will have you rolling on the floor with laughter
Your Wi-Fi was part of 2.7 billion records leaked
© Andrew Angelov | Dreamstime.com, © Denisismagilov | Dreamstime.com
I bet you’ve never heard of Mars Hydro. It’s a company headquartered in Communist China that makes Internet of Things (IoT) devices. Their speciality? LED lights and hydroponics equipment.
Security researcher Jeremiah Fowler (I had him on the show about other breaches, and he’s a smart, standup guy) was digging around and found they had a massive 1.17TB database online for anyone to see. There was no encryption and no password required.
The database contained 2,734,819,501 sensitive records. My first thought is why does a hydroponics company have so much data?
What is Mars Hydro?
Stick with me because it’s a mess. The records Fowler found belong to a California-registered company, LG-LED Solutions Limited. Within those are also database details and URLs to LG-LED Solutions, Mars Hydro and a company called Spider Farmer.
They make and sell grow lights, fans, cooling systems and other gear used for agriculture. Mars Hydro is based in Shenzhen, China, with warehouses in the U.S., U.K. and Australia.
So, why was an agriculture company collecting all this data and storing it all in an unsecured database? Probably because it’s the last place someone might look.
- Over 100 million Wi-Fi network names (SSIDs) with passwords
- IP addresses
- Device ID numbers
- All the devices connected to these Wi-Fi networks, including make, models and other details
- App error logs
When Fowler spotted the Mars Hydro code and asked if the app was involved, LG-LED dodged the question. Their only response? “This app is the official product of Mars Hydro.” Translation: They’re not denying it.
The Mars Hydro app page for Google Play (Android) shows over 10,000 downloads and an abysmal 1.9-star rating. I didn’t spot a single rating on the iPhone App Store, which is common for apps that aren’t all that popular.
Interestingly, the privacy section says no data is collected and nothing is shared with third parties. Well, we already know they lied about at least one of those things. The app store shows the same thing: “The developer does not collect any data from this app.”
Once the vulnerability was reported, the database was locked down. You can bet there are copies of the database floating around the Dark Web. But there’s a bigger picture here. This is not just about one bad data breach. It’s about negligence in the IoT industry.
Bring a Trailer $1B car blog, Clever smart plug hacks & $10K/mo dream job travel blogging the world
Making your household items smarter
Even things you own that aren’t already smart, don’t have to stay that way. An inexpensive smart plug can make your dumb appliance, lamp or hair dryer smart. Kim gives some tips on inexpensive ways to start upgrading your home to a smart home. Learn more about your ad choices. Visit megaphone.fm/adchoices