[2.2] Hacking Internet of Things devices - Ivan Novikov
1. OWASP Russia Meetup #2, 28/02/15
research
Hacking Internet of
Things devices
Ivan Novikov (@d0znpp)
2. Internet of Things. Story #1
• Take any device
• Find serial port (buttons + display)
• Connect “WiFi to serial” module
• Profit
• What about this connecter cost?
• What about this device cost?
3. Internet of Things. Story #2
• Take your exists device (wifi router)
• Make /dev/something with magic
• Profit
• What about this device cost?
4. AP at IoT device to configure
• Encryption and credentials (defaults)
• Make sure that configuration interface
disabled after initial setup
How to connect IoT to your WiFi
5. Magic way (have a special name):
• Enter your WiFi SSID and password to app
• Press ENTER
• Profit
• How it works?
How to connect IoT to your WiFi
6. SSID+password encoding to $SP
Find a network with this SSID = $SP
Catch broadcast packet
Decode $SP to SSID and password
Profit
Connection magic
7.
8. Hardcoded IP address
Using as NTP service
Firewalls legitimates
Count devices remotely
Memory corruption vulnerability in response
parsing function?
Backdoor stories
$ strings IoT-6235571.bin | egrep '[0-9]+.[0-9]+.[0-9]+.[0-9]+'
208.67.222.222
10.10.100.254
10.10.100.100
255.255.255.0
http://10.10.100.100/
10.10.10.3
=DHCP,0.0.0.0,0.0.0.0,0.0.0.0
61.ZZZ.YYY.XXX
netname: SHANGHAI-JIAOTONG-UNIVERSITY
country: CN
descr: Shanghai Jiaotong University
mnt-by: MAINT-CN-CHINANET-ZJ-HZ
role: CHINANET-ZJ Hangzhou
address: No.352 Tiyuchang Road,Hangzhou,Zhejiang.310003
country: CN
person: Zhihao Zhou
nic-hdl: ZZ1073-AP
9.
10.
11.
12. 5/5 devices hacked (3 vendors)
3/5 backdoors found (2 vendors)
0/5 physical damage through IoT device
Our stats