Guess a MAC, change a light switch
Here’s a great discussion on Amazon reviews about a Smart WiFi switch. You buy it, bring it home, plug it into your wall, and plug some appliance into it. Then you can simply hit a button on your phone and that appliance goes to work. Perhaps its a light, perhaps a blender! Sounds simple and innocuous. But where it gets interesting is in how it works when you are not at home. Lets say you are on the way home and want to turn that appliance on. Open phone, poke icon, done. But what is behind the scenes?
Turns out its terrible. The widget in your home opens a connection to an IP in china (22.214.171.124). And then anyone who sends an unauthenticated packet to that IP w/ your MAC address inside it will turn your widget on. Huh. Hard to imagine e.g. 4chan having fun with this. No encryption, no authentication. And its an outbound connection, so your firewall doesn’t say anything, just lets it go.
Lots of devices uses the same reference platform, so it probably affects millions of ‘Smart’ things. E.g. this one from WiOn, etc. So i guess i’m saying don’t use this to control your table saw.
Now, guessing a MAC address. That sounds hard, there are 2^48 of them after all? Well, they are assigned sequentially within a manufacturer. So go to the store, look @ one of these devices, read its mac, go home and try the other mac in the range and imagine the scream of rage in far off cities as peoples lights go on and off randomly.
To restore your faith in humanity, I present you the worlds biggest optimist, someone who is selling a used manual for a VCR for $5, just down the street from me.