So, for the past two years I have been studying for a Masters in Cybersecurity part time, and thankfully managed to pass with a Distinction. Yay! It’s an itch that I’ve been wanting to scratch for a good long while, and I’m glad to have done it. This leads me on to my next announcement. I’m going to be studying for a PhD in IoT Security part time, alongside my current work commitments. A couple of people have asked me…
The Fortessa FTBTLD smart lock is a fairly bog-standard type of generic smart lock, sold in the UK by CEF for around £100, and available on auction sites for maybe 3/4 of that price. As can be seen on the sticker on the left hand portion of the lock above, it is configured with a default device name. The lock offers a variety of features, such as auto-locking, key sharing, and so on, and in the main they work pretty…
In a previous post I discussed the Bluetooth pairing issue that means anyone with a sniffer and access to your lock can open it. However, this is not the most concerning aspect of the device. I’m a big fan of static analysis tools, and use a few when investigating IoT devices; they generally provide useful starting points for further investigation, and so it proved here. In this instance, MobSF produced a report that pointed at a couple of insecure Firebase…
IoT security devices, such as smart padlocks, need to perform at least as well as their non-smart counterparts if consumer trust is to be gained. Unfortunately, many such devices are fundamentally flawed, with poor design meaning they are simple to subvert. Once such device is the eGeeTouch 3rd Generation Travel Padlock. Available in the UK for £19.90 from Amazon, the lock boasts a number of features, including Bluetooth operation via the companion smartphone app, RFID tag support, and a TSA…