Doesn't disclosing this to the world at the same time as you disclose it to the company immediately send hundreds of black hats to their terminals to see how much chaos they can create before the company implements a fix?
Perhaps the author is not a coward, but is giving the company time to respond and commit to a fix for the benefit of other owners who could suffer harm.
but is giving the company time to respond and commit to a fix for the benefit of other owners who could suffer harm.
If that's the case then they should have deferred this whole blog post.
It took me 30 seconds with ChatGPT by saying:
Identify the kickstarter product talked around in this blog post: (link)
To think some blackhat hasn't already did that is frankly laughable. What I did was like the lowest of low-bars these days.
Put the product name in the title & maybe it sends thousands instead of hundreds of blackhats…
We often treat doxxing the same way, prohibiting posting of easily discovered information.
So your plan is to let the blackhats in the know attack user devices, rather than send out a large warning to "Quit using immediately"?
If we applied this similar analogy to a e.coli infection of foods, your recommendation amounts to "If we say the company name, the company would be shamed and lose money and people might abuse the food".
People need to know this device is NOT SAFE on your network, paired to your phone, or anything. And that requires direct and public notification.
And ChatGPT hallucinated a misleading answer that you are confidently regurgitating.
their original message said "my guess", not ChatGPT's, talk about responsible disclosure...