IoT Security Research
The details below discuss the vulnerabilities found in the following devices: WAFU Keyless Smart Lock v1.0 An attacker can use a software-defined radio to capture commands sent to the alarm from the remote keyfob. As no rolling code is implemented, it is a simple matter to play back the code and gain full access to …
Continue reading “Wireless Smart Lock Vulnerability Disclosure”
The details below discuss the vulnerabilities found in the following devices: All of the devices above demonstrate the same security weakness. An attacker can use a software-defined radio to capture commands sent to the alarm from the remote keyfob. As no rolling code is implemented, it is a simple matter to play back the code …
Continue reading “Wireless Alarm System Vulnerability Disclosure”
Recently I had a chance to look at a number of intruder alarm systems sold via Amazon and eBay. These devices sell for up to £150, and a number are best sellers As discussed in my last post, RF frequency communication can be captured relatively easily, using a software-defined radio (SDR). All four devices use …
Have you ever wondered how wireless devices like remote controls or wireless sensors work? Chances are they use 433MHz radio technology. However, as with any technology, 433MHz radio signals can be vulnerable to hacking and exploitation. In this blog post, we’ll take a closer look at how 433MHz radio signals work, the tools and techniques …
With all the hype around ChatGPT, I thought I’d give it a go at writing this next post. So here we are: The Internet of Things (IoT) has revolutionized the way we live and work, connecting a vast array of devices and enabling them to communicate and share data. However, as the number of IoT …
I thought I’d give some brief references for anyone interested in IoT hacking. My experience here is fairly comprehensive; I have a couple of CVEs already, with a few more in the pipeline. My Masters dissertation was on the topic, and I am writing papers on it as part of my PhD work. BOOKS: There …
So, for the past two years I have been studying for a Masters in Cybersecurity part time, and thankfully managed to pass with a Distinction. Yay! It’s an itch that I’ve been wanting to scratch for a good long while, and I’m glad to have done it. This leads me on to my next announcement. …
The Fortessa FTBTLD smart lock is a fairly bog-standard type of generic smart lock, sold in the UK by CEF for around £100, and available on auction sites for maybe 3/4 of that price. As can be seen on the sticker on the left hand portion of the lock above, it is configured with a …
In a previous post I discussed the Bluetooth pairing issue that means anyone with a sniffer and access to your lock can open it. However, this is not the most concerning aspect of the device. I’m a big fan of static analysis tools, and use a few when investigating IoT devices; they generally provide useful …
Continue reading “Smart Lock or Spyware? The eGeeTouch TSA Travel Lock is a bit of both”
IoT security devices, such as smart padlocks, need to perform at least as well as their non-smart counterparts if consumer trust is to be gained. Unfortunately, many such devices are fundamentally flawed, with poor design meaning they are simple to subvert. Once such device is the eGeeTouch 3rd Generation Travel Padlock. Available in the UK …
Continue reading “The eGeeTouch TSA Smart Lock is Anything But”