Smart Home Devices: assets or liabilities? – Part 3: Looking at the future

This blog post is the last part of a series, if you are interested in the security or privacy of smart home devices, be sure to check out the other parts as well! TL;DR: In our previous blog posts we concluded that there is quite a long way to go for both security and privacy … Continue reading Smart Home Devices: assets or liabilities? – Part 3: Looking at the future

Smart Home Devices: assets or liabilities? – Part 2: Privacy

TL;DR - Part two of this trilogy of blog posts will tackle the next big topic when it comes to smart home devices: privacy. Are these devices doubling as the ultimate data collection tool, and are we unwittingly providing the manufacturers with all of our private data? Find out in this blog post! This blog … Continue reading Smart Home Devices: assets or liabilities? – Part 2: Privacy

Smart Home Devices: assets or liabilities? – Part 1: Security

This blog post is part of a series, keep an eye out for the following parts! TL;DR - Smart home devices are everywhere, so I tested the base security measures implemented on fifteen devices on the European market. In this blog post, I share my experience throughout these assessments and my conclusions on the overall … Continue reading Smart Home Devices: assets or liabilities? – Part 1: Security

Testing Ripple20: A closer look and proof of concept script for CVE-2020-11898

TL;DR: We use a proof of concept script to attack a Digi Connect ME 9210 device affected by CVE-2020-11898, part of the newly-released Ripple20 series of vulnerabilities. Ripple20 In June 2020, JSOF released information about a series of 19 vulnerabilities dubbed "Ripple20". Ripple20 affects the popular Treck network stack, which is used by many connected … Continue reading Testing Ripple20: A closer look and proof of concept script for CVE-2020-11898

Introducing IOXY: an open-source MQTT intercepting proxy

TL;DR: IOXY is an open source MQTT intercepting proxy, developed by NVISO for our IoT pentest needs, and now available on GitHub. Features include a GUI, live packet interception and modification and MQTTS support. The need for IOXY In the web and mobile application worlds, intercepting proxies like Burp and OWASP ZAP occupy a central … Continue reading Introducing IOXY: an open-source MQTT intercepting proxy

IoT hacking field notes #2: Using bind mounts to temporarily modify read-only files

TL;DR: The second of our short, IoT-related posts shares a simple trick we use in IoT pentests to temporarily change the contents of read-only files in Linux-based devices. Very useful when trying to proxy network traffic or temporary change the behavior of a device! IoT field notes is a series of short stories about interesting … Continue reading IoT hacking field notes #2: Using bind mounts to temporarily modify read-only files

IoT hacking field notes #1: Intro to glitching attacks

TL;DR: First in a new series of short, IoT-related posts, this tells the story of a simple glitching attack we used to get a bootloader shell and ultimately root a device. IoT field notes is a new series of short stories about interesting (hopefully 🙂 ) observations, vulnerabilities and techniques, inspired directly from the IoT … Continue reading IoT hacking field notes #1: Intro to glitching attacks

Will they melt? Testing the resistance of flash memory chips

Firmware: the holy grail of most Internet of Things (IoT) security assessments! Sometimes, getting access to a device's firmware can be as easy as visiting the vendor's website. Other times, the only option is to dump it directly from the hardware, and this is where things get interesting. Some procedures used for dumping can expose … Continue reading Will they melt? Testing the resistance of flash memory chips

Enabling Verified boot on Raspberry Pi 3

TL;DR: Verified boot is a fundamental security technology and it is important to be able to experiment with it on easily accessible hardware. However, creating a Verified boot demo on a Raspberry Pi 3 is harder than it sounds. We set out to find resources on the internet. Unfortunately, some of these were outdated, others … Continue reading Enabling Verified boot on Raspberry Pi 3