Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Hardcoded AES 256 bit key used in Kankun Smart socket and its mobile App

Vulnerability:

Hardcoded AES 256 bit key used in Kankun Smart socket and its mobile App.

Vulnerability Description

The kankun smart socket device and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP. An attacker on the local network can use the same key to encrypt and send unsolicited commands to the device and hijack it.

CVE ID

CVE-2015-4080

Vendor

www.ikonke.com

Product

Kankun Smart Socket

Disclosure Timeline

  1. 25 May 2015 – Reported to Vendor, no response.
  2. 29 May 2015 – Reminder sent to vendor, no response.
  3. 5 June 2015 – Public disclosure.

Credits

  1. Aseem Jakhar
  2. Since at the time of publishing the finding, we searched online for the same and found that someone else had also published the key. In good faith we would like to mention the same person who goes by the handle: kankun hacker – https://plus.google.com/109112844319840106704/posts although both the research were independent of each other and we do not know who kankun hacker is.

PoC exploit source code

https://bitbucket.org/aseemjakhar/kcmd

Technical details

http://payatu.com/hijacking-kankun

DOWNLOAD THE DATASHEET

Fill in your details and get your copy of the datasheet in few seconds

CTI Report
DOWNLOAD THE EBOOK

Fill in your details and get your copy of the ebook in your inbox

Ebook Download
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download ICS Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Cloud Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Code Review Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Red Team Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download DevSecOps Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Product Security Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Mobile Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Web App Sample Report

Let’s make cyberspace secure together!

Requirements

Connect Now Form

What our clients are saying!

Trusted by