Browsed by
Author: Ash Allen

Computers and Security – Peer Reviewed Publication

Computers and Security – Peer Reviewed Publication

Happy to announce that my first paper is available via open access in Springer’s Computers and Security journal. CoSe is one of the top three cybersecurity journals worldwide, so this being the venue for my first paper is amazing. We are also starting to see citations as well, which shows the impact of our work and where it is published. The paper can be read for free via https://www.sciencedirect.com/science/article/pii/S0167404823005977

CVE-2022-46480, CVE-2023-26941, CVE-2023-26942, CVE-2023-26943

CVE-2022-46480, CVE-2023-26941, CVE-2023-26942, CVE-2023-26943

Introduction The following technical report provides background information relating to four CVEs found in the following products: Ultraloq UL3 BT (2nd Generation) (Firmware 02.27.0012) – CVE-2022-46480 Yale Conexis L1 Smart Lock (Firmware v1.1.0) – CVE-2023-26941 Yale IA-210 Intruder Alarm (Firmware v1.0) – CVE-2023-26942 Yale Keyless Smart Lock (Firmware v1.0) – CVE-2023-26943 The work discussed here was carried out by Ash Allen, Dr. Alexios Mylonas, and Dr. Stilianos Vidalis as part of a wider research project into smart device security. Responsible…

Read More Read More

In Defence of Academic Qualifications in Cybersecurity

In Defence of Academic Qualifications in Cybersecurity

The consensus at the moment seems to be that academic qualifications for cybersecurity are expensive, out of date, and do not prepare students for life in the real world. I agree. However, that does not mean they are not useful, and indeed I would say that they are probably the first thing hiring managers should look at. Especially in the USA, but increasingly in the UK and the rest of the English-speaking world, the path into security is laid out…

Read More Read More

Smart Security Device RFID Vulnerability Disclosure

Smart Security Device RFID Vulnerability Disclosure

The details below discuss the vulnerabilities found in the following devices: The use of low-frequency (LF) RFID tags is a significant security issue. These tags do not support any form of encryption and so can be read using an NFC-equipped mobile phone or dedicated reader in under a second. The only information encoded is a number, and so using software to write to blank tags it is possible to create any number of duplicate tags possessing the same permissions as…

Read More Read More

Wireless Smart Lock Vulnerability Disclosure

Wireless Smart Lock Vulnerability Disclosure

The details below discuss the vulnerabilities found in the following devices: WAFU Keyless Smart Lock (firmware v1.0) – CVE-2023-34553 An attacker can use a software-defined radio to capture commands sent to the alarm from the remote keyfob. As no rolling code is implemented, it is a simple matter to play back the code and gain full access to the alarm’s functions. As an example, see the following image, comparing subsequent keypresses of the arm/disarm keyfob: As of 22nd May, 2023,…

Read More Read More

Wireless Alarm System Vulnerability Disclosure

Wireless Alarm System Vulnerability Disclosure

The details below discuss the vulnerabilities found in the following devices: All of the devices above demonstrate the same security weakness. An attacker can use a software-defined radio to capture commands sent to the alarm from the remote keyfob. As no rolling code is implemented, it is a simple matter to play back the code and gain full access to the alarm’s functions. As an example, see the following image, comparing subsequent keypresses of the AGSHome Alarm keyfob: As of…

Read More Read More

Wireless Alarm System Vulnerabilities

Wireless Alarm System Vulnerabilities

Recently I had a chance to look at a number of intruder alarm systems sold via Amazon and eBay. These devices sell for up to £150, and a number are best sellers As discussed in my last post, RF frequency communication can be captured relatively easily, using a software-defined radio (SDR). All four devices use 433MHz RF to communicate between the sensors and the base station. Capturing transmissions from each device proved extremely simple; the following shows the result of…

Read More Read More

Hacking 433MHz Radio – An Overview

Hacking 433MHz Radio – An Overview

Have you ever wondered how wireless devices like remote controls or wireless sensors work? Chances are they use 433MHz radio technology. However, as with any technology, 433MHz radio signals can be vulnerable to hacking and exploitation. In this blog post, we’ll take a closer look at how 433MHz radio signals work, the tools and techniques used for hacking them, and the potential risks and benefits of such activities. To understand how to hack 433MHz radio, it’s important to first understand…

Read More Read More

Starting off – how to begin IoT hacking

Starting off – how to begin IoT hacking

I thought I’d give some brief references for anyone interested in IoT hacking. My experience here is fairly comprehensive; I have a couple of CVEs already, with a few more in the pipeline. My Masters dissertation was on the topic, and I am writing papers on it as part of my PhD work. BOOKS: There are three that should be on any bookshelf. They are: “The IoT Hacker’s Handbook” by Aditya Gupta “Practical IoT Hacking” by Fotios Chantzis and Ioannis…

Read More Read More