> “it was found that all communication is performed in clear text without any encryption nor security mechanism. Sensor identification information (sensorid), commands, etc. could be observed being transmitted in clear text.”<p>> Because the sensors’ firmware is also not digitally signed and access to them is not restricted to authorized parties, an attacker can alter the firmware or modify the configuration of the sensors.<p>Who deploys systems out into the wild these days without even giving a moment of consideration to security? This seems like "amateur hour" systems design. Did not a single engineer step up and say "Hey, uh, guys, do we want to at least take basic steps to obfuscate this stuff?"<p>Sounds like negligence. Not surprising their vice president of engineering has "nothing more to add to the matter."