Hardcoded AES 256 bit key used in Kankun Smart socket and its mobile App


Vulnerability:

Hardcoded AES 256 bit key used in Kankun Smart socket and its mobile App.

Vulnerability Description

The kankun smart socket device and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP. An attacker on the local network can use the same key to encrypt and send unsolicited commands to the device and hijack it.

CVE ID

CVE-2015-4080

Vendor

www.ikonke.com

Product

Kankun Smart Socket

Disclosure Timeline

  1. 25 May 2015 – Reported to Vendor, no response.
  2. 29 May 2015 – Reminder sent to vendor, no response.
  3. 5 June 2015 – Public disclosure.

Credits

  1. Aseem Jakhar
  2. Since at the time of publishing the finding, we searched online for the same and found that someone else had also published the key. In good faith we would like to mention the same person who goes by the handle: kankun hacker – https://plus.google.com/109112844319840106704/posts although both the research were independent of each other and we do not know who kankun hacker is.

PoC exploit source code

https://bitbucket.org/aseemjakhar/kcmd

Technical details

http://payatu.com/hijacking-kankun

 

Leave a Reply

Your email address will not be published. Required fields are marked *

three × 3 =