Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How I Hacked My Home, IoT Style
Threaded  |  Newest First  |  Oldest First
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
8/27/2014 | 12:31:29 PM
Assessment Tools
Interesting article.

What tools did you use to discover the vulnerabilities. (Kismet, nessus, etc) And when performing the tests, did you take the mindset of an attacker? Meaning treating this as if you had no inner intel or did you do this as a how am I vulnerable from each vector that is already known to the home owner?

I think these are important tests for anyone to run. Also, we need to ingrain security from the development stage. This comment is directed at the non-encrypted data transit from the smart tv. If we don't make this a priority as the consumer than organizations may be reluctant to change.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/27/2014 | 3:33:03 PM
Re: Assessment Tools & Lock down
David , were you able to lock down your home network -- or any part of it? Also please keep us posted on what you hear back from vendors about their efforts on developing patches .
davidjacoby
50%
50%
davidjacoby,
User Rank: Author
8/27/2014 | 3:47:55 PM
Re: Assessment Tools & Lock down
Hi Marilyn,


Thank you for your comments... Well what do you mean with "lock down" my home network. Once one of the devices which were on my local network, i could have performed various attacks to make the network unaccessible, such as DoS attacks.


I could also have deleted all the data on the storage device, and i mean ALL data, i could have crashed the entire device, probably same thing for the other devices such as TV. Due to the cost of the device, i did not want to do that :) And i did not want to explain for the kids why the TV was broken :)
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/27/2014 | 3:55:34 PM
Re: Assessment Tools & Lock down
Point taken! Hopefully the manufacturers (someday) will take care of those minor details.

:-)
davidjacoby
50%
50%
davidjacoby,
User Rank: Author
8/27/2014 | 3:52:02 PM
Re: Assessment Tools
Ryan, thank you for your comment.

 

I did not really use any tools in that way. The only "tools" i used where nmap, telnet, netcat, perl, python and my web browser with the "Live HTTP headers" extension installed.

During the audit i developed my own tools on a regular basis to automate some of the tests i wanted to perform. I personally do not have strong faith in the open source "hacking" tools. When you want to audit large networks, they might be useful. but when you only have a handful of devices, its much better with a minimalistic approach.

I am pretty sure any vulnerabiluty scanner would jum pof the roof when it comes to missing security patches, but remember, all the vulnerabilities i discovered were new, and had not been discovered before. Then these tools such as Nessus, does not really work.

 

I hope this helps:)
davidjacoby
50%
50%
davidjacoby,
User Rank: Author
8/27/2014 | 3:52:27 PM
Re: Assessment Tools
Ryan, thank you for your comment.

 

I did not really use any tools in that way. The only "tools" i used where nmap, telnet, netcat, perl, python and my web browser with the "Live HTTP headers" extension installed.

During the audit i developed my own tools on a regular basis to automate some of the tests i wanted to perform. I personally do not have strong faith in the open source "hacking" tools. When you want to audit large networks, they might be useful. but when you only have a handful of devices, its much better with a minimalistic approach.

I am pretty sure any vulnerabiluty scanner would jum pof the roof when it comes to missing security patches, but remember, all the vulnerabilities i discovered were new, and had not been discovered before. Then these tools such as Nessus, does not really work.

 

I hope this helps:)
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
8/27/2014 | 3:54:52 PM
Re: Assessment Tools
It does, thanks!

What would you recommend for something where you have little control such as the unencrypted smart tv? What are the mitigation options?
davidjacoby
50%
50%
davidjacoby,
User Rank: Author
8/27/2014 | 3:59:37 PM
Re: Assessment Tools
Ryan, well, the problem with most IoT device is that you have very little control over them, but the most effective way to minimize the post-exploitation phase, and also minimize the risk that someone actually take advantage of these vulnerabilities is to put all your IoT devices in a seperate DMZ / VLAN, and restrict access TO the Internet from these devices.

Why would your printer or NAS need internet access? Maybe for updates? But then you can enable access to the update servers. 

 

But putting them in a restricted DMZ seems to bean effecting option right now.
Stratustician
50%
50%
Stratustician,
User Rank: Moderator
8/28/2014 | 9:14:00 AM
Re: Assessment Tools
Great idea to put these devices in a DMZ or VLAN isolated from everything else.  While I am sure the hacker community has better things to do right now than target these devices, I am sure as more folks start linking cloud storage to them, or even local storage, the interest will increase significantly and we'll start to see more malware targeted towards these devices.
davidjacoby
50%
50%
davidjacoby,
User Rank: Author
8/29/2014 | 7:22:57 AM
Re: Assessment Tools
Hola!

Thanks for your comment and i agree that these attacks are not very popular. Thats not the point. Please read my entire article at Securelist and you will understand.

 

http://securelist.com/analysis/publications/66207/iot-how-i-hacked-my-home/
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/28/2014 | 3:55:38 PM
Re: Assessment Tools
Hi there David--Cool project! One common theme I've seen with a lot of the home automation stuff is that you need local/physical access to compromise these devices. How much did physical access play in your research? 

BTW, good thing you didn't mess with the kids' TV. 
davidjacoby
50%
50%
davidjacoby,
User Rank: Author
8/29/2014 | 7:20:20 AM
Re: Assessment Tools
Hola Kelly,

Ill paste you the answer i gave to another user here, it applies on your question too:

Just a small note, event that these devices where located on my local network, i could trigger the vulnerabilities remotely by a simple JavaScript. When any "real" device, such as a laptop, visisted my malicious website, the vulnerabilities in the storage device was triggered, and i would access the local area network again.


Once again, i think one of the best options here, is to restrict access to the Internet for the devices.

But to develop my JavaScript i still needed some information about the local area network.
Cybdiver
100%
0%
Cybdiver,
User Rank: Apprentice
8/28/2014 | 4:22:48 PM
Re: Assessment Tools
I went through the same drama at home, and then went and invested in a firewall appliance.  It cost a few bucks but much more secure than the NAT from a DSL modem or router.  Articals like these are always good reminders to check our networks. 

The sad truth is many manufacturers are so eager to give us online this or that they forget or ignore security concerns to get their products working or just out to market.  I went through this with of all companies Microsoft and an Xbox.  It's quite a gymnastic task getting the right ports open so you can communicate with their servers.  This holds true for items like a streaming media player.  Since I don't want manufacturers snooping around my network I finally tossed much of that stuff into a DMZ and monitored it for outbound traffic when I wasn't using it.   A sub 500 dollar firewall might seem like alot of money just think of the cost of having someone steal or delete your stuff.  No network is truly safe these days but at least you can send the majority looking for easier pray.  I especially recommend a firewall for even the smallest of businesses.  Now if I could only convince people that yes the first password I will try when hacking your system is "Password".
davidjacoby
50%
50%
davidjacoby,
User Rank: Author
8/29/2014 | 7:18:55 AM
Re: Assessment Tools
Hi Cybdiver,

 

Just a small note, event that these devices where located on my local network, i could trigger the vulnerabilities remotely by a simple JavaScript. When any "real" device, such as a laptop, visisted my malicious website, the vulnerabilities in the storage device was triggered, and i would access the local area network again.


Once again, i think one of the best options here, is to restrict access to the Internet for the devices.
Cybdiver
50%
50%
Cybdiver,
User Rank: Apprentice
8/29/2014 | 8:19:58 AM
Re: Assessment Tools
Restricting access to the internet does not seem likely except during a test phase.   I notice that even the smallest of storage devices these days shouts out to the net checking to see if it's software is up to date.  Also many newer devices are selling home cloud solutions.

You and I are probably among the few that go to the extent of trying to lock down a network.  Most folks just plug gear in and go with it.  I've even come across that at larger companies.  Their IT staff is overloaded with just keepign the users working and printers full of ink they take a firewall install it with defaults and figure that's good enough.  I'm kinda grateful they do that. 
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
8/29/2014 | 9:28:16 AM
Re: Assessment Tools
Curious to know how many of the techniques described here would translate to an enterprise security manager suddenly faced with managing so many non-computer devices? What will be the effects of IoT in the business?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24930
PUBLISHED: 2021-09-27
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
CVE-2021-37270
PUBLISHED: 2021-09-27
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
CVE-2021-37274
PUBLISHED: 2021-09-27
Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes.
CVE-2021-41095
PUBLISHED: 2021-09-27
Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the `stable` branch, versions 2.8.0.beta6 and earlier of the `beta` branch, and versions 2.8.0.beta6 and earlier of the `tests-passed` branch. Rendering of some error...
CVE-2021-41096
PUBLISHED: 2021-09-27
Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm (RSA/ECB/PKCS1Padding). The issue will be patched in v2.3 for release builds and 426 onwards for night...