I think I read about this from the Internet of Shit Twitter account: a lot of this IoT crap can’t be secured (well, or even at all). The joke was, “How do you change the password in a light bulb?” The answer, of course, is “with the app”, but then what if the app doesn’t include this?
Okay, we know in this case there were passwords. What amount of security will the devices work from behind? The only IoT I have is a Fitbit, but a lot of stuff I got as far as checking out the app and deciding not to buy because they wanted access to freaking everything. It was, “Hi, I’m either a RAT it made by a vendor who doesn’t care about customers at all. One or the other.”
Really, since they are a university, they would have been better off making it a multidisciplinary student project.
