Stay up to date with Payatu blog
IoT Security-Part 13 (Introduction to Hardware Recon)
IoT Security Part 13 (Introduction to Hardware Recon) This blog is part of the IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If yo...
IoT Security – Part 8 (Introduction to software defined radio)
Introduction This blog is part of the “IoT Security” series. If you haven’t read the previous blogs (parts 1 - 7) in the series, I urge you to go through them first unless you are already fa...
Raspberrypi as poor man’s hardware hacking tool
I have been wanting to write this blog for quite some time, either I was busy or lazy. I have been asked by so many people on the list of hardware to buy to get started with hardware hacking. To be honest, there are a lot of products available, but not many target beginners. In this blog i will cover about using SPI, I2C, JTAG/SWD and JTAGenum using Raspberry Pi. I will be using Raspberry pi zero w, as it is dead cheap and small. Setting up your Raspberry Pi Before you go into each section, I would suggest you boot into your raspberry pi and enable SPI, I2C, GPIO from the interfacing options in the raspi-config menu. You can follow this link for setting up your Pi. In all the connection pinouts, It is the hardware pin location and not the GPIO number. ...
IoT Security – Part 4 (Bluetooth Low Energy – 101)
If you haven’t read through Part 1 to Part 3 of our IoT Security Blog series I would urge you to go through them first unless you are already familiar with the basics of IoT. Link to the previous blog – IoT security – Part 3 Bluetooth has been a buzz-word as people wanted all their devices to be smart and which basically implies that you get to control things across the devices and not needing to carry wire around. Bluetooth has been in the market for more than a decade. If you’re a millennial, you would have used those classic fancy Nokia phone which has Bluetooth in it. Bluetooth was invented by Ericsson and other vendors have started using Bluetooth. Soon after that, all the major vendors created a consortium called as Bluetooth Special Interest Group – SIG which governs how the standard should be and the interoperability between different versions. We are not going to talk about Bluetooth. Bluetooth by itself is a massive stack and their specification is around 2000+ pages. In this blog, I will be covering only the Bluetooth Low Energy more famously known as BLE. With the advent of connecting all the things to the internet, there comes the problem of power and resource. As I mentioned early, Bluetooth is a huge stack. Implementing it in an end device like a fitness band would take more power and resource. So in the Bluetooth 4.0 standard, they introduced something called Low energy which is specially targeted for IoT and smart devices which runs on memory and power constrained devices. Bluetooth SIG started selling the standard as Bluetooth Smart. Which has two components, Bluetooth smart devices are end devices which have only the Bluetooth Low Energy component and Bluetooth smart Ready are the device which is capable of doing both the Bluetooth LE and the EDR-Bluetooth classic component which could be your central device, ie, mobile phone or laptop. ...
How I Reverse Engineered and Exploited a Smart Massager
I have been working with Bluetooth for quite some time. I chose to reverse engineer a smart device to prove how crazy is the security standard being implemented in these smart devices. In this post, I will be showing you how I reverse engineered a Bluetooth based (Smart) Massager and how I could exploit it to make it lethal. Now how is a massager lethal? Massager works on a principle called as TENS — transcutaneous electrical nerve stimulation. Our entire nervous system works based on neural impulse, which is electric signals. Sense of p inch to the sense of orgasm is an electrical impulse which is going to secrete different hormones in your brain and you feel pain or pleasure....