Researchers have already been analyzing connected Apparatus for Many years, but concerns around cyber security from the IoT globe are still there, putting users under significant risk. In our prior analysis, possible attack vectors affecting both a device and a network to which it has connected have been discovered. This time, we have chosen a smart hub made to control sensors and devices installed at home. It can be used for different purposes, such as water and energy management, monitoring and even security systems.

This tiny box receives information from all of the devices Connected to it, and if something happens or goes wrong, it immediately notifies its user via phone, SMS or email in compliance with its preferences. An interesting issue is that it's also possible to connect the hub to local emergency services, thus alerts will be sent to them accordingly. So, what if somebody was able to interrupt this smart home's system and gain control over home controllers? We decided to look at a hypothesis and as a result found logical vulnerabilities providing cybercriminals with various attack vectors opportunities.

First, we decided to check what could be available for Exploitation by an attacker being out of the network. We discovered that the hub's firmware is available publicly and can be downloaded without any subscription from the vendor's servers. Therefore, once downloading it, anyone can quickly revise the files inside it and examine them.

We found that the password in the root account in the shadow As practice shows, this cryptographic algorithm is not thought of as secure or highly resistant to hacking, and therefore it is possible for an attacker to successfully acquire the hash through brute-force and discover out the ‘root' password.

To access the hub with ‘origin' rights and therefore modify files or execute different commands, physical access is needed. However, we do not neglect the hardware hacking of apparatus and not all of them survive later.

We explored the device physically, but of course not everybody would be able to do this. However, our further investigation showed there are other choices to gain remote access over it.

For hub control, users can either use a special mobile Program or a web-portal through which they can set up a private configuration and check all the connected systems.

To execute it, the owner sends a command for synchronization at that moment, all preferences are packed in the config.jar file, which the heart then downloads and implements.

But as we can see the config.jar file so, hackers can send the same request with an arbitrary serial number, and download an archive.

Developers prove otherwise: consecutive numbers are not very well protected and can be brute-forced using a byte selection strategy. To check the serial number, remote attackers can send a specially crafted request, and depending on the server's reply, will get information if the device is already registered in the system.
Moreover, our first research has shown that users, without even realizing it, place themselves at risk by publishing their tech reviews online or posting pictures of a heart in social networks and openly presenting devices' serial numbers. And the security consequences won't be long in coming.

While assessing the confer document Archive, we found that it contains password and login details -- all of the necessary data to get a user's account via the web-interface.

As a result, we gained access to a user's smart home with all the sensor and settings information being available for any changes and manipulations.

It's also possible that there could be other personal sensitive Data in the archive file, given the fact that users often upload their phone numbers into the machine to receive alerts and notifications.

Along with clever “boxes", we had something smaller in our Pocket -- a smart light bulb, which doesn't have any critical use, neither for safety or security. However, in addition, it surprised us with some -- but still worrying -- security difficulties.

The smart bulb is connected to a Wi-Fi system and controlled over a mobile application. To set it up a user must download the mobile application (is or Android), switch on the bulb, connect to the Wi-Fi access point created by the bulb and provide the bulb with the SSID and password by a local Wi-Fi network.

From the application, users can switch it ON and OFF, set timers and change different feature of the light, including its density and color. Our aim was to find out if the device might assist an attacker in any way to gain access to a local community, where it would finally be possible to run an attack.

After several attempts, we had been lucky to discover a way to get to the device's firmware through the mobile application. An interesting fact is that the bulb does not interact with the mobile application right. Rather, both the bulb and the mobile application are attached to a cloud service and communication goes through it. This explains why while sniffing the local network traffic, almost no interaction between the two was discovered.

We discovered that the bulb asks a firmware update from the Server and downloads it through an HTTP protocol that does not secure the communication with servers. If an attacker is in the same network, a man-in-the-middle sort of attack will be an easy task.

The hardware Reconnaissance with flash linking directed us not only to the firmware, but to user data also. With a quick look at the information shared with the cloud, no sensitive information seems to have been uploaded from the device or the internal system. But we found all the credentials of their Wi-Fi networks to which the bulb had connected earlier, which are saved in the device's flash forever with no encryption -- even after a “hard" reset of the device this data was available. Thus, reselling it on online market places is surely not a fantastic idea.

It's quite scary how Venerable devices are, so we will need to protect ourselves, we can do this through Blockchain, decentralization of data allows it to be dispersed all over the Globe and not in one point, this is the dream of Dxchain.

Referral link : https://t.me/DxChainBot?start=dyv5gm-dyv5g
DxChain’s website : https://www.dxchain.com/