First Wink bricked their smart home hubs while rolling out an updated cerficates list (in the name of good security, at least). Then Chrysler decided it wasn't a big deal that their cars could be remotely hijacked -- granted they later decided it might be a teensy problem. We knew the trifecta was in play. But who would be the third big IoT company to announce a massive security problem?
Today we find out. It's Honeywell.
As ThreatPost reports:
There are two separate vulnerabilities in the Tuxedo Touch: an authentication bypass bug and a cross-site request forgery flaw. The first vulnerability lets an attacker get around the authentication mechanism in the system.
Hopefully that will change soon.