I haven’t been able to find a reliable source for this story, other than that it was recounted by Leo Laporte on the Security Now podcast episode #561. However, the scenario illustrates a couple of interesting risks from using Smart devices, where the devices may have been returned by an original purchaser, and then purchased by somebody else.
While I have been pointing out the risks of using Smart Devices and adopting the Internet of Things (IoT) over the past year, there has definitely been a gathering recognition among the security industry - and now the news media - about these risks. Certainly, the high profile outage of Twitter, Spotify, Pinterest, Google and Netflix last week focused attention on the security vulnerabilities within IoT devices. Now people are starting to realize the potentially scary scenarios that are just wait to happen thanks to the poor security around these devices.
It's great that more people now share my concern, and many are trying to identify solutions. But here are my reasons why many of the devices you've already purchased may always be vulnerable - and you may need to throw them away to stay safe.