HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tkems

no profile record

Submissions

Unmasking Vulnerabilities in Cheap IoT Cameras from One Chinese Manufacturer

trevorkems.com
1 points·by tkems·2 ปีที่แล้ว·0 comments

comments

tkems
·4 เดือนที่ผ่านมา·discuss
One that I have been experimenting with is using analog phones (including rotary ones!) to act as the satellites. I live in an older home and have phone jacks in most of the rooms already so I only had to use a single analog telephone adapter. [0] The downside is I don't have wake word support, but it makes it more private and I don't find myself missing my smart speakers that much. At some point I would like to also support other types of calls on the phones, but for now I need to get an LLM hooked up to it.

[0] https://www.home-assistant.io/voice_control/worlds-most-priv...
tkems
·ปีที่แล้ว·discuss
I can confirm that Aliexpress doesn't allow me to checkout with a USA address and states that items can't be shipped to my region. -edit: Since this post it seems that I can order items again? Very odd.
tkems
·ปีที่แล้ว·discuss
I was shocked when I purchased a domain recently on GoDaddy (I normally use Cloudflare or AWS) and noticed that they have an 'upsell' with more security options (MFA and some other features) for something like $10/yr. Why wouldn't they want their customers to be more secure by default? To me it just reeks of money-grabbing for people that are none the wiser.
tkems
·2 ปีที่แล้ว·discuss
From what I've read, myQ is pretty locked down and doesn't support local control (outside of a HomeKit device that I think is no longer supported).

I would guess that the cert pinning would prevent such MITM attack, but I could be wrong. I'm not a huge fan of Chamberlain and myQ since they are so against 3rd party use of their products [0].

[0] https://www.home-assistant.io/blog/2023/11/06/removal-of-myq...
tkems
·2 ปีที่แล้ว·discuss
Yes, RF (radio frequency) remotes I've seen include my garage door opener, some overhead fans in bedrooms, gates, remote outlet/light controllers.
tkems
·2 ปีที่แล้ว·discuss
I would check out the Unleashed firmware [1]. I've had pretty good luck with it so far.

[1] https://github.com/DarkFlippers/unleashed-firmware
tkems
·2 ปีที่แล้ว·discuss
As someone in cybersecurity, it is handy as a low frequency RFID reader as Android phones only support higher frequency. Having something compact and in a single unit (compared to a Proxmark) makes it easier to 'grab-n-go'. It is neat to show people how insecure common access control systems are.

I've also used it as a universal remote more than a few times on devices that didn't come with a remote. The App running on a phone makes it somewhat easy to transfer new remote templates to the Flipper over Bluetooth.

It also comes in handy as a serial adapter as it has GPIO pins you can connect to things (UART headers).

The RF transceiver is also cool to capture RF remotes (garage doors, overhead fans, etc.) and replay them.
tkems
·2 ปีที่แล้ว·discuss
This is a great run down of the process to extract the firmware from these types of devices without desoldering the flash. I've done a fair amount of reverse engineering and a lot of devices have similar vulnerabilities.

I think more time needs to be spent looking into these commonly used, cheap IoT devices and educating consumers on the risks of using a poorly secured device on their network.

The upside of these vulnerabilities is that you can run your own code on these! 'Declouding' is great as it can extend the lifetime of these devices and make using them more private.