Author archives: startimeash

Starting off – how to begin IoT hacking

I thought I’d give some brief references for anyone interested in IoT hacking. My experience here is fairly comprehensive; I have a couple of CVEs already, with a few more in the pipeline. My Masters dissertation was on the topic, and I am writing papers on it as part of my PhD work. BOOKS: There …

Continue reading “Starting off – how to begin IoT hacking”

Fortessa FTBTLD Smart Lock allows unauthorized users to change the device name. Hilarity ensues…

The Fortessa FTBTLD smart lock is a fairly bog-standard type of generic smart lock, sold in the UK by CEF for around £100, and available on auction sites for maybe 3/4 of that price. As can be seen on the sticker on the left hand portion of the lock above, it is configured with a …

Continue reading “Fortessa FTBTLD Smart Lock allows unauthorized users to change the device name. Hilarity ensues…”

Smart Lock or Spyware? The eGeeTouch TSA Travel Lock is a bit of both

In a previous post I discussed the Bluetooth pairing issue that means anyone with a sniffer and access to your lock can open it. However, this is not the most concerning aspect of the device. I’m a big fan of static analysis tools, and use a few when investigating IoT devices; they generally provide useful …

Continue reading “Smart Lock or Spyware? The eGeeTouch TSA Travel Lock is a bit of both”

The eGeeTouch TSA Smart Lock is Anything But

IoT security devices, such as smart padlocks, need to perform at least as well as their non-smart counterparts if consumer trust is to be gained. Unfortunately, many such devices are fundamentally flawed, with poor design meaning they are simple to subvert. Once such device is the eGeeTouch 3rd Generation Travel Padlock. Available in the UK …

Continue reading “The eGeeTouch TSA Smart Lock is Anything But”