Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
How I Hacked My Home, IoT Style
Threaded  |  Newest First  |  Oldest First
RyanSepe
RyanSepe,
 User Rank: Ninja
8/27/2014 | 12:31:29 PM
Assessment Tools
Interesting article.

What tools did you use to discover the vulnerabilities. (Kismet, nessus, etc) And when performing the tests, did you take the mindset of an attacker? Meaning treating this as if you had no inner intel or did you do this as a how am I vulnerable from each vector that is already known to the home owner?

I think these are important tests for anyone to run. Also, we need to ingrain security from the development stage. This comment is directed at the non-encrypted data transit from the smart tv. If we don't make this a priority as the consumer than organizations may be reluctant to change.
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
8/27/2014 | 3:33:03 PM
Re: Assessment Tools & Lock down
David , were you able to lock down your home network -- or any part of it? Also please keep us posted on what you hear back from vendors about their efforts on developing patches .
davidjacoby
davidjacoby,
 User Rank: Author
8/27/2014 | 3:47:55 PM
Re: Assessment Tools & Lock down
Hi Marilyn,


Thank you for your comments... Well what do you mean with "lock down" my home network. Once one of the devices which were on my local network, i could have performed various attacks to make the network unaccessible, such as DoS attacks.


I could also have deleted all the data on the storage device, and i mean ALL data, i could have crashed the entire device, probably same thing for the other devices such as TV. Due to the cost of the device, i did not want to do that :) And i did not want to explain for the kids why the TV was broken :)
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
8/27/2014 | 3:55:34 PM
Re: Assessment Tools & Lock down
Point taken! Hopefully the manufacturers (someday) will take care of those minor details.

:-)
davidjacoby
davidjacoby,
 User Rank: Author
8/27/2014 | 3:52:02 PM
Re: Assessment Tools
Ryan, thank you for your comment.

 

I did not really use any tools in that way. The only "tools" i used where nmap, telnet, netcat, perl, python and my web browser with the "Live HTTP headers" extension installed.

During the audit i developed my own tools on a regular basis to automate some of the tests i wanted to perform. I personally do not have strong faith in the open source "hacking" tools. When you want to audit large networks, they might be useful. but when you only have a handful of devices, its much better with a minimalistic approach.

I am pretty sure any vulnerabiluty scanner would jum pof the roof when it comes to missing security patches, but remember, all the vulnerabilities i discovered were new, and had not been discovered before. Then these tools such as Nessus, does not really work.

 

I hope this helps:)
davidjacoby
davidjacoby,
 User Rank: Author
8/27/2014 | 3:52:27 PM
Re: Assessment Tools
Ryan, thank you for your comment.

 

I did not really use any tools in that way. The only "tools" i used where nmap, telnet, netcat, perl, python and my web browser with the "Live HTTP headers" extension installed.

During the audit i developed my own tools on a regular basis to automate some of the tests i wanted to perform. I personally do not have strong faith in the open source "hacking" tools. When you want to audit large networks, they might be useful. but when you only have a handful of devices, its much better with a minimalistic approach.

I am pretty sure any vulnerabiluty scanner would jum pof the roof when it comes to missing security patches, but remember, all the vulnerabilities i discovered were new, and had not been discovered before. Then these tools such as Nessus, does not really work.

 

I hope this helps:)
RyanSepe
RyanSepe,
 User Rank: Ninja
8/27/2014 | 3:54:52 PM
Re: Assessment Tools
It does, thanks!

What would you recommend for something where you have little control such as the unencrypted smart tv? What are the mitigation options?
davidjacoby
davidjacoby,
 User Rank: Author
8/27/2014 | 3:59:37 PM
Re: Assessment Tools
Ryan, well, the problem with most IoT device is that you have very little control over them, but the most effective way to minimize the post-exploitation phase, and also minimize the risk that someone actually take advantage of these vulnerabilities is to put all your IoT devices in a seperate DMZ / VLAN, and restrict access TO the Internet from these devices.

Why would your printer or NAS need internet access? Maybe for updates? But then you can enable access to the update servers. 

 

But putting them in a restricted DMZ seems to bean effecting option right now.
Stratustician
Stratustician,
 User Rank: Moderator
8/28/2014 | 9:14:00 AM
Re: Assessment Tools
Great idea to put these devices in a DMZ or VLAN isolated from everything else.  While I am sure the hacker community has better things to do right now than target these devices, I am sure as more folks start linking cloud storage to them, or even local storage, the interest will increase significantly and we'll start to see more malware targeted towards these devices.
davidjacoby
davidjacoby,
 User Rank: Author
8/29/2014 | 7:22:57 AM
Re: Assessment Tools
Hola!

Thanks for your comment and i agree that these attacks are not very popular. Thats not the point. Please read my entire article at Securelist and you will understand.

 

http://securelist.com/analysis/publications/66207/iot-how-i-hacked-my-home/
Kelly Jackson Higgins
Kelly Jackson Higgins,
 User Rank: Strategist
8/28/2014 | 3:55:38 PM
Re: Assessment Tools
Hi there David--Cool project! One common theme I've seen with a lot of the home automation stuff is that you need local/physical access to compromise these devices. How much did physical access play in your research? 

BTW, good thing you didn't mess with the kids' TV. 
davidjacoby
davidjacoby,
 User Rank: Author
8/29/2014 | 7:20:20 AM
Re: Assessment Tools
Hola Kelly,

Ill paste you the answer i gave to another user here, it applies on your question too:

Just a small note, event that these devices where located on my local network, i could trigger the vulnerabilities remotely by a simple JavaScript. When any "real" device, such as a laptop, visisted my malicious website, the vulnerabilities in the storage device was triggered, and i would access the local area network again.


Once again, i think one of the best options here, is to restrict access to the Internet for the devices.

But to develop my JavaScript i still needed some information about the local area network.
Cybdiver
Cybdiver,
 User Rank: Apprentice
8/28/2014 | 4:22:48 PM
Re: Assessment Tools
I went through the same drama at home, and then went and invested in a firewall appliance.  It cost a few bucks but much more secure than the NAT from a DSL modem or router.  Articals like these are always good reminders to check our networks. 

The sad truth is many manufacturers are so eager to give us online this or that they forget or ignore security concerns to get their products working or just out to market.  I went through this with of all companies Microsoft and an Xbox.  It's quite a gymnastic task getting the right ports open so you can communicate with their servers.  This holds true for items like a streaming media player.  Since I don't want manufacturers snooping around my network I finally tossed much of that stuff into a DMZ and monitored it for outbound traffic when I wasn't using it.   A sub 500 dollar firewall might seem like alot of money just think of the cost of having someone steal or delete your stuff.  No network is truly safe these days but at least you can send the majority looking for easier pray.  I especially recommend a firewall for even the smallest of businesses.  Now if I could only convince people that yes the first password I will try when hacking your system is "Password".
davidjacoby
davidjacoby,
 User Rank: Author
8/29/2014 | 7:18:55 AM
Re: Assessment Tools
Hi Cybdiver,

 

Just a small note, event that these devices where located on my local network, i could trigger the vulnerabilities remotely by a simple JavaScript. When any "real" device, such as a laptop, visisted my malicious website, the vulnerabilities in the storage device was triggered, and i would access the local area network again.


Once again, i think one of the best options here, is to restrict access to the Internet for the devices.
Cybdiver
Cybdiver,
 User Rank: Apprentice
8/29/2014 | 8:19:58 AM
Re: Assessment Tools
Restricting access to the internet does not seem likely except during a test phase.   I notice that even the smallest of storage devices these days shouts out to the net checking to see if it's software is up to date.  Also many newer devices are selling home cloud solutions.

You and I are probably among the few that go to the extent of trying to lock down a network.  Most folks just plug gear in and go with it.  I've even come across that at larger companies.  Their IT staff is overloaded with just keepign the users working and printers full of ink they take a firewall install it with defaults and figure that's good enough.  I'm kinda grateful they do that. 
DarkReadingTim
DarkReadingTim,
 User Rank: Strategist
8/29/2014 | 9:28:16 AM
Re: Assessment Tools
Curious to know how many of the techniques described here would translate to an enterprise security manager suddenly faced with managing so many non-computer devices? What will be the effects of IoT in the business?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...