Netatmo was storing user WiFi network passwords, then transmitting them in the clear, without any encryption, as part of a data debug dump. The debug information was sent to the Netatmo cloud service, which enables users to track and monitor weather remotely.
Netatmo devices are widely deployed across the U.S., and the company has an online map that shows where devices are located. The purpose of the map is to help users see weather all around the country. Netatmo data can also be uploaded to the Weather Underground crowdsourced weather platform.
Security researcher Johannes Ullrich of the Internet Storm Center (ISC), itself an organization tasked with reporting on the “weather” conditions of the Internet, was the first person to publicly discover and report the WiFi credential flaw.
Netatmo publicly tweeted on Feb. 13 that it has corrected the flaw and thanked Ullrich for his report.
Read the full story at eWEEK:
Netatmo Dumps User WiFi Credentials in the Clear
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.