The only recourse for what problem? Aren't there other plausible creative ways to apply pressure and get it fixed, with less risk to the people unwittingly at mercy of this vendor's negligence?
Or are you speaking of the transactional convention, in which people can break into systems, and then are entitled to publicity for that, so long as they give the vendor advance notice?
The whole responsible disclosure convention seems an imperfect compromise, among various imperfect actors. On occasion, individuals might decide that other options are more appropriate to the specific situation, and to Perfect Tommy it.
I strongly disagree. You’re literally putting people’s lives and possessions at risk who have no knowledge of this. There are many alternative methods, from getting the government involved to giving a a very long lead time to the vendor before you disclose this, to sitting on it and never disclosing.
The information is already sitting on Google for anyone to find, vendor doesn't give a shit.
Best to get it out there, at least if you're stuck in one of these buildings you can log in and change the admin password yourself till your building management does something about it.
Software vendor and building manager are putting people's lives at risk.
Can't software coders ever take responsibility? And this is on the programmer who implemented this, too. You just not let your product manager do this, ever. It's 2025 already.
And this is a security product, wtf? Residents should be suing individual programmers here. OWASP was created 24 years ago. Default credentials is like number 1 on their IoT app security list. Only a moron would not defend against this. If your manager requires this, you just send him:
