But he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries. The backend security bug
I feel like “bug” is doing a looot of heavy lifting here.
Is it a bug though in this case? To me a bug is when a program behaves in a way that’s not intended. This might very well be a case of the program behaving exactly as intended, except the intentions of the people who made it were wrong.
Not sure I’d agree with that statement. Personally I see it as the correct credentials were provided, and thus access was granted; ergo, the app performed as intended, and there is no bug.
The error here seems to be around the lack of concern for security; nobody considered that using the same credentials for their fleet of robots could pose a threat if discovered. It’s no different to someone using the same email and password for everything, and then wondering why their facebook has been hacked after their Reddit account leaked. The problem isn’t a bug in code, it’s just poor cybersecurity hygiene; what we see here is the same just on a commercial level.
I feel like “bug” is doing a looot of heavy lifting here.
It also illustrates how a security vulnerability is simply a bug, albeit a dangerous one.
Is it a bug though in this case? To me a bug is when a program behaves in a way that’s not intended. This might very well be a case of the program behaving exactly as intended, except the intentions of the people who made it were wrong.
An online service is a program (or a bunch of program).
Giving access when it’s not supposed to falls into behaving in a way that’s not intended.
Therefore, an online service giving access when it’s not supposed to can be classified as a program behaving in a way that’s not intended.
Thus, this case fits into your very definition.
Not sure I’d agree with that statement. Personally I see it as the correct credentials were provided, and thus access was granted; ergo, the app performed as intended, and there is no bug.
The error here seems to be around the lack of concern for security; nobody considered that using the same credentials for their fleet of robots could pose a threat if discovered. It’s no different to someone using the same email and password for everything, and then wondering why their facebook has been hacked after their Reddit account leaked. The problem isn’t a bug in code, it’s just poor cybersecurity hygiene; what we see here is the same just on a commercial level.
I feel like this is extremely generous, but I’m a bit of a cynic.
I don’t see an error at all. All I see is Upskirt Robot working as intended