Taking Over Millions of Accounts, Cameras, Locks, etc.

I recently found a simple bug in the implementation of the password reset process for Chamberlain myQ accounts. You can read the write up here. Fun thing about it is that if your account was taken over, the app won’t boot you (at least for the time period I tested). So you could be sitting there essentially oblivious to this having happened. Chamberlain was great, and they had it fixed in about a week. Still a big fan of their stuff.