Raspberrypi as poor man’s hardware hacking tool
I have been wanting to write this blog for quite some time, either I was busy or lazy. I have been asked by so many people on the list of hardware to buy to get started with hardware hacking. To be honest, there are a lot of products available, but not many target beginners. In this blog i will cover about using SPI, I2C, JTAG/SWD and JTAGenum using Raspberry Pi. I will be using Raspberry pi zero w, as it is dead cheap and small. Setting up your Raspberry Pi Before you go into each section, I would suggest you boot into your raspberry pi and enable SPI, I2C, GPIO from the interfacing options in the raspi-config menu. You can follow this link for setting up your Pi. In all the connection pinouts, It is the hardware pin location and not the GPIO number.
“MyMiko” – Responsible Vulnerability Disclosure
This is my another case of a vulnerable IoT device. In my previous blogs, we talked about vulnerabilities there was found in Smart lock and beacons. This one is a fun device, which is made for kids to learn to code and play with it. I don’t have access to the device, so I just checked on the mobile app and found series of vulnerability. These are my findings on a Connected smart toy – MyMiko by Emotix from their Android app. Findings 1: Hard Coded information in the android app It was identified on extracting the android app. several hard-coded information is present. These hard-coded information involves API calls, Web Endpoints and other information which could pose a threat. Steps:
“Find – Bluetooth Tracker” Responsible Vulnerability Disclosure – Blog
With the advent of IoT, everything is getting connected to the internet. Bluetooth is one such protocol which is used to connect devices to the internet as the most mobile device has Bluetooth Capability, you can check this blog on how to reverse a Bluetooth communication. There are devices called Bluetooth beacons which are used to track devices which are in close proximity, companies have started connecting these beacons to the internet with geolocation and this is one such example. This is a case of my findings on a Smart Bluetooth Beacon from Sensegiz The testing was done on their Android Mobile Application. For User's privacy, the IP/End-Point is not disclosed. It will be replaced by xxx. Findings 1: Directory indexing
Another case of a Vulnerable Smart Lock
Disclaimer: The smart lock which i got is pretty common and it is even available in amazon. Several thousands devices are already in the market, I have changed the name of the brand to something imaginary – “*unhackable*” Smart Lock. Smart Lock: The lock which i got is from a company called as *unhackable*, which is a chinese company . You also get the same lock locally from amazon. So people do use these devices. The specifications are good too.
IoT Security – Part 4 (Bluetooth Low Energy – 101)
If you haven’t read through Part 1 to Part 3 of our IoT Security Blog series I would urge you to go through them first unless you are already familiar with the basics of IoT. Link to the previous blog – IoT security – Part 3 Bluetooth has been a buzz-word as people wanted all their devices to be smart and which basically implies that you get to control things across the devices and not needing to carry wire around. Bluetooth has been in the market for more than a decade. If you’re a millennial, you would have used those classic fancy Nokia phone which has Bluetooth in it. Bluetooth was invented by Ericsson and other vendors have started using Bluetooth. Soon after that, all the major vendors created a consortium called as Bluetooth Special Interest Group – SIG which governs how the standard should be and the interoperability between different versions. We are not going to talk about Bluetooth. Bluetooth by itself is a massive stack and their specification is around 2000+ pages. In this blog, I will be covering only the Bluetooth Low Energy more famously known as BLE. With the advent of connecting all the things to the internet, there comes the problem of power and resource. As I mentioned early, Bluetooth is a huge stack. Implementing it in an end device like a fitness band would take more power and resource. So in the Bluetooth 4.0 standard, they introduced something called Low energy which is specially targeted for IoT and smart devices which runs on memory and power constrained devices. Bluetooth SIG started selling the standard as Bluetooth Smart. Which has two components, Bluetooth smart devices are end devices which have only the Bluetooth Low Energy component and Bluetooth smart Ready are the device which is capable of doing both the Bluetooth LE and the EDR-Bluetooth classic component which could be your central device, ie, mobile phone or laptop.
6 tools you need to be aware of if you are into device pentesting
IoT and smart devices are dominating the market at a tremendous rate. But with growing competition in the market, these devices often forgo proper standard and security procedures leadin g to attacks, including, Mirai botnet, reaper attack, and others that are yet to be discovered. The good news is these incidents have cautioned companies to take security testing more seriou sly. This has resulted in a host of security testers, developers and software security professionals getting into IoT penetration testing.
How I Reverse Engineered and Exploited a Smart Massager
I have been working with Bluetooth for quite some time. I chose to reverse engineer a smart device to prove how crazy is the security standard being implemented in these smart devices. In this post, I will be showing you how I reverse engineered a Bluetooth based (Smart) Massager and how I could exploit it to make it lethal. Now how is a massager lethal? Massager works on a principle called as TENS — transcutaneous electrical nerve stimulation. Our entire nervous system works based on neural impulse, which is electric signals. Sense of p inch to the sense of orgasm is an electrical impulse which is going to secrete different hormones in your brain and you feel pain or pleasure.