Prevent Exploitation in IOT

in dxchain •  6 years ago 

Researchers have already been analyzing connected Apparatus for Many years, but concerns around cyber security in the IoT globe are still there, putting users under considerable risk. In our prior analysis, potential attack vectors impacting both a device and a network to which it has connected have been discovered. This time, we have chosen an intelligent hub designed to control sensors and devices installed in the home. It can be used for different purposes, such as energy and water management, monitoring and even security systems.

Connected to it, and when something happens or goes wrong, it instantly notifies its user via telephone, SMS or email in compliance with its preferences. An interesting issue is that it's also possible to connect the hub to local emergency services, thus alarms will be sent to them so. So, what if someone was able to interrupt this wise home's system and gain control over home controllers? We decided to look at a hypothesis and as a result found logical vulnerabilities supplying cybercriminals with several attack vectors opportunities.
First, we decided to check what could be available for Exploitation by an attacker being out of the network. We discovered that the hub's firmware is available publicly and can be downloaded with no subscription in the vendor's servers. Therefore, once downloading it, anyone can easily revise the documents inside it and examine them.

We found that the password in the root account in the shadow File is encrypted with the Data Encryption Standard (DES) algorithm. As practice shows, this cryptographic algorithm is not thought of as protected or highly resistant to hacking, and therefore it is possible for an attacker to successfully acquire the hash via brute-force and discover out that the ‘root' password.

To access the hub 'root' rights and therefore modify files or execute various commands, physical access is necessary. However, we don't neglect the hardware hacking of apparatus and not all of them survive later.

Physically, but of course not everybody would be able to do this. However, our further analysis showed there are different choices to gain remote access over it.
For hub control, users can either use a special mobile Program or a web-portal through which they can set up a private configuration and check all the connected systems.

To execute it, the owner sends a command for synchronization at the moment, all settings are packed from the config.jar file, which the hub then implements and downloads.

But as we can see, the config.jar file is sent through HTTP and the device's serial number is used as the device identifier.

Developers prove otherwise: consecutive numbers are not very well shielded and can be brute-forced using a byte selection strategy. To check the serial number, remote attackers can send a specially crafted request, and depending on the server's reply, will get information if the device is already registered in the system.
Screenshot_9.png
Moreover, our initial research has shown that users, without even realizing it, put themselves at risk by publishing their tech reviews online or submitting photos of a hub in social networks and publicly presenting devices' serial numbers. And the security consequences won't be long in coming.

While assessing the confer file Archive, we discovered that it contains login and password details -- all of the necessary data to access a user's account through the web-interface. Even though the password is encrypted in the archive, it can be broken by hash decryption with the help of publicly available tools and open-sourced password databases. This makes password extraction easier.

Screenshot_9.png

Consequently, we gained access to an individual's smart home with all the settings and sensor information being available for any changes and manipulations. The IP address is also listed there.

It is also possible that there could be other private sensitive Data in the archive, given the fact that users frequently upload their phone numbers into the machine to receive alerts and notifications.

Pocket -- a smart light bulb, which does not have any important use, neither for security or security. However, in addition, it surprised us with some -- but still worrying -- security difficulties.
The Wise bulb is connected to a Wi-Fi network and controlled over a mobile program. To set it up a user must first download the mobile program (is or Android), switch on the bulb, connect to the Wi-Fi access point created by the bulb and provide the bulb with the SSID and password from a local Wi-Fi network.

And change different feature of the light, including its density and color. Our goal was to find out whether the device might help an attacker in any way to get access to a local community, where it would finally be possible to run an attack.
After several tries, we had been lucky to discover a way to get to the device's firmware through the cell application. An interesting fact is that the bulb does not interact with the mobile application right. Rather, both the bulb and the mobile application are connected to a cloud support and communication goes through it. This explains why while sniffing the local network traffic, almost no interaction between the two was discovered.

We found that the bulb requests a firmware upgrade from the Server and downloads it through an HTTP protocol that doesn't secure the communication with servers. If an attacker is in the same network, a man-in-the-middle kind of attack will be a simple task.

The hardware Reconnaissance with flash linking directed us not only to the firmware, but to consumer data also. With a quick look at the data shared with the cloud, no sensitive information appears to have been uploaded from the device or the internal network. But we found all of the credentials of their Wi-Fi networks to which the bulb had connected before, which are saved in the device's flash indefinitely with no encryption -- even after a “hard" reset of the device this data was available. Thus, reselling it on online market places is surely not a fantastic idea.

It's quite scary how Venerable apparatus are, so we need to protect ourselves, we can do it through Blockchain, decentralization of data allows it to be distributed all over the Globe and not in one stage, this is the dream of Dxchain.

Referral link : https://t.me/DxChainBot?start=2pjvb1-2pjvb1
DxChain’s website : https://www.dxchain.com/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://securelist.com/iot-hack-how-to-break-a-smart-home-again/84092/

@samjackson, I gave you an upvote on your post! Please give me a follow and I will give you a follow in return and possible future votes!

Thank you in advance!

Congratulations @samjackson! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 1 year!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!