Vulnerability:
Hardcoded AES 256 bit key used in Kankun Smart socket and its mobile App.
Vulnerability Description
The kankun smart socket device and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP. An attacker on the local network can use the same key to encrypt and send unsolicited commands to the device and hijack it.
CVE ID
CVE-2015-4080
Vendor
Product
Kankun Smart Socket
Disclosure Timeline
- 25 May 2015 – Reported to Vendor, no response.
- 29 May 2015 – Reminder sent to vendor, no response.
- 5 June 2015 – Public disclosure.
Credits
- Aseem Jakhar
- Since at the time of publishing the finding, we searched online for the same and found that someone else had also published the key. In good faith we would like to mention the same person who goes by the handle: kankun hacker – https://plus.google.com/109112844319840106704/posts although both the research were independent of each other and we do not know who kankun hacker is.
PoC exploit source code
https://bitbucket.org/aseemjakhar/kcmd