home invasion v2 0 who are we the presenters
play

Home Invasion v2.0 WHO ARE WE? The Presenters Daniel - PowerPoint PPT Presentation

Sep 01, 2023 •104 likes •342 views

Home Invasion v2.0 WHO ARE WE? The Presenters Daniel unicornFurnace Crowley - Managing Consultant, Trustwave SpiderLabs Jennifer savagejen Savage - Software Engineer, Tabbedout David videoman Bryan - Security

  1. Home Invasion v2.0

  2. WHO ARE WE?

  3. The Presenters Daniel “ unicornFurnace ” Crowley - Managing Consultant, Trustwave SpiderLabs Jennifer “ savagejen ” Savage - Software Engineer, Tabbedout David “ videoman ” Bryan - Security Consultant, Trustwave SpiderLabs

  4. WHAT ARE WE DOING HERE?

  5. The “Smart” Home Science fiction becomes science fact Race to release novel products means poor security Attempt to hack a sampling of “smart” devices Many products we didn’t cover Android powered oven Smart TVs (another talk is covering one!) IP security cameras

  6. WHAT’S OUT THERE?

  7. Belkin WeMo Switch

  8. Belkin WeMo Switch 1. Vulnerable libupnp version 2. Unauthenticated UPnP actions 1. SetBinaryState 2. SetFriendlyName 3. UpdateFirmware

  9. MiCasaVerde VeraLite

  10. MiCasaVerde VeraLite 1. Lack of authentication on web console by default 2. Lack of authentication on UPnP daemon 3. Path Traversal 4. Insufficient Authorization Checks 1. Firmware Update 2. Settings backup 3. Test Lua code 5. Server Side Request Forgery 6. Cross-Site Request Forgery 7. Unconfirmed Authentication Bypass 8. Vulnerable libupnp Version

  11. INSTEON Hub

  12. INSTEON Hub 1. Lack of authentication on web console 1. Web console exposed to the Internet

  13. Karotz Smart Rabbit

  14. Karotz Smart Rabbit 1. Exposure of wifi network credentials unencrypted 2. Python module hijack in wifi setup 3. Unencrypted remote API calls 4. Unencrypted setup package download

  15. Linksys Media Adapter 1. Unauthenticated UPnP actions

  16. LIXIL Satis Smart Toilet

  17. LIXIL Satis Smart Toilet 1. Default Bluetooth PIN

  18. Radio Thermostat 1. Unauthenticated API 2. Disclosure of WiFi passphrase

  19. SONOS Bridge

  20. SONOS Bridge 1. Support console information disclosure

  21. DEMONSTRATION

  22. CONCLUSION

  23. Questions? Daniel “ unicornFurnace ” Crowley dcrowley@trustwave.com @dan_crowley Jennifer “ savagejen ” Savage savagejen@gmail.com (PGP key ID 6326A948) @savagejen David “ videoman ” Bryan dbryan@trustwave.com @_videoman_

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FFP Unlimited Invasion FFP Unlimited Invasion No Restrictions No Limits WE AR WE ARE E

FFP Unlimited Invasion FFP Unlimited Invasion No Restrictions No Limits WE AR WE ARE E

FFP Unlimited Invasion FFP Unlimited Invasion No Restrictions No Limits WE AR WE ARE E GRA RATE TEFUL FUL AB ABOU OUT T US US Life Insurance is a Financial Planning Tool It provides a source of financial relief for

617 views • 15 slides
1 2 3 4 5 6 7 In about 1312 A.D, during the Muslim invasion by Malik Kafur, the General of

1 2 3 4 5 6 7 In about 1312 A.D, during the Muslim invasion by Malik Kafur, the General of

1 2 3 4 5 6 7 In about 1312 A.D, during the Muslim invasion by Malik Kafur, the General of Allauddin, Sultan of Delhi and in 1323 A.D during the invasion of Ulugh Khan there was a great commotion. To inspire his fellows, Vedanta Desika

690 views • 15 slides
Norwegian King Crab Invasion Norwegian King Crab Invasion Giant Crab 'Red Army' Invades Norway

Norwegian King Crab Invasion Norwegian King Crab Invasion Giant Crab 'Red Army' Invades Norway

Norwegian King Crab Invasion Norwegian King Crab Invasion Giant Crab 'Red Army' Invades Norway James Owen for National Geographic News, March 9, 2004 The Cold War might be over, but a red army of monster crustaceansmarshalled by Soviet-era

398 views • 22 slides
A plan was set for Operation Overlord, the Allied invasion of Normandy It included Operation

A plan was set for Operation Overlord, the Allied invasion of Normandy It included Operation

A plan was set for Operation Overlord, the Allied invasion of Normandy It included Operation Neptune, the largest seaborne invasion in history 4,000 ships 11,000 airplanes 150,000 soldiers and all their supplies A date of 5 June 1944 was agreed

561 views • 10 slides
Pre- Versus Post-operative Perineural Invasion Cartilage invasion Radiotherapy

Pre- Versus Post-operative Perineural Invasion Cartilage invasion Radiotherapy

Dislosures Postoperative Radiation and Clinical trial support from Genentech Inc. Chemoradiation: Indications and Optimization of Practice Sue S. Yom, MD, PhD Associate Professor UCSF Radiation Oncology Clinical Indicators of Increased

447 views • 5 slides
The Bri(sh invasion in the United States had huge

The Bri(sh invasion in the United States had huge

The Bri(sh invasion in the United States had huge successes with the Beatles and The Rolling Stones. This signaled other Bri(sh blues-based

515 views • 36 slides
Work From Home Best Practices City of Chesapeake Your Presenters Cary Seager, MBA, RHU, CCWS

Work From Home Best Practices City of Chesapeake Your Presenters Cary Seager, MBA, RHU, CCWS

Work From Home Best Practices City of Chesapeake Your Presenters Cary Seager, MBA, RHU, CCWS Kayla Sikes Regional Director of Health & Productivity Wellness Coordinator AssuredPartners City of Chesapeake Providing clients with the best

354 views • 20 slides
Home Health Value-Based Purchasing Home Health Agency Registration December 1 7 , 2015

Home Health Value-Based Purchasing Home Health Agency Registration December 1 7 , 2015

Home Health Value-Based Purchasing Home Health Agency Registration December 1 7 , 2015 Presenters Marcie OReilly, CMS Innovation Center, Centers for Medicare & Medicaid Services Jennifer Wiens, The Lewin Group 2 Agenda TBP)

861 views • 30 slides
Caring for Older Adults in the Community and At Home (COACH) Presenters: Kirsten Mallard MN NP

Caring for Older Adults in the Community and At Home (COACH) Presenters: Kirsten Mallard MN NP

Caring for Older Adults in the Community and At Home (COACH) Presenters: Kirsten Mallard MN NP GNC(C) Dr Tim Stultz MD COE Caring for Older Adults in the Community and At Home (COACH) VIDEO COACHnew thinking and an innovative

507 views • 18 slides
U.S., the U.K. and France April 18, 2018 1 Presenters 2 Presenters 3 Presenters 4

U.S., the U.K. and France April 18, 2018 1 Presenters 2 Presenters 3 Presenters 4

Anti-Corruption Enforcement: Analyzing the Enforcement Approaches of the U.S., the U.K. and France April 18, 2018 1 Presenters 2 Presenters 3 Presenters 4 Presenters 5 Topics Statutes and Jurisdiction Specific Differences:

703 views • 52 slides
J_ J_sus W[ W[lks ks J_ J_rus us[l_m Before the Assyrian invasion of Judah, around 700

J_ J_sus W[ W[lks ks J_ J_rus us[l_m Before the Assyrian invasion of Judah, around 700

J_ J_sus W[ W[lks ks J_ J_rus us[l_m Before the Assyrian invasion of Judah, around 700 B.C, Hezekiah built a tunnel under the City of David. Before the Assyrian invasion of Judah, around 700 B.C, Hezekiah built a tunnel under

515 views • 50 slides
Informational Analysis of Invasion Percolation Model of Hydraulic Fracturing J. Quinn Norris May

Informational Analysis of Invasion Percolation Model of Hydraulic Fracturing J. Quinn Norris May

Hydraulic Fracturing Simple Model Invasion Percolation Bursts Information Theory Tokunaga Branching Informational Analysis of Invasion Percolation Model of Hydraulic Fracturing J. Quinn Norris May 31, 2013 Hydraulic Fracturing Simple

785 views • 50 slides
Video Broadband Voice In Home In Home In Home Out of Home Out of Home Out of Home Safe

Video Broadband Voice In Home In Home In Home Out of Home Out of Home Out of Home Safe

April 2013 Video Broadband Voice In Home In Home In Home Out of Home Out of Home Out of Home Safe Harbor Cautionary Statement Concerning Forward Looking Statements Certain statements contained herein may constitute forward - looking

567 views • 32 slides
HOME IDIS Webinar Receipt Fund Types in the HOME Investment Trust Fund Local Account: Program

HOME IDIS Webinar Receipt Fund Types in the HOME Investment Trust Fund Local Account: Program

HOME IDIS Webinar Receipt Fund Types in the HOME Investment Trust Fund Local Account: Program Income, Repayments, and Recaptured Funds March 9, 2016 1 Presenters Vashawn Banks, Acting Director, CPD, Office of Affordable Housing Programs

974 views • 60 slides
Can one invasion lead to another? Niche space and the future of Nature Precedings :

Can one invasion lead to another? Niche space and the future of Nature Precedings :

Can one invasion lead to another? Niche space and the future of Nature Precedings : doi:10.1038/npre.2009.3842.1 : Posted 8 Oct 2009 Southwestern U.S. riparian zones Lindsay Reynolds and David Cooper Colorado State University 3 August 2009

282 views • 17 slides
Carbon in ecosystems of Central Siberia: the effect of forest invasion to tundra Prokushkin A.S.,

Carbon in ecosystems of Central Siberia: the effect of forest invasion to tundra Prokushkin A.S.,

Carbon in ecosystems of Central Siberia: the effect of forest invasion to tundra Prokushkin A.S., Klimchenko A.V., Korets M.A., Rubtsov A.V., Kirdyanov A.V., Shashkin A.V., Prokushkina M.P., Zrazhevskaya G.K., Shibistova O.B., Guggenberger G.

664 views • 40 slides
Work Zone and Incident Electronic Notification System: Connected Vehicle Work Zone (CVWZ) Faisal

Work Zone and Incident Electronic Notification System: Connected Vehicle Work Zone (CVWZ) Faisal

Work Zone and Incident Electronic Notification System: Connected Vehicle Work Zone (CVWZ) Faisal Saleem Maricopa County Department of Transportation Adam Carreon Arizona Department of Transportation Work Zone Technology Comparison In-Vehicle

491 views • 16 slides
Introduction to Hybrid Systems G ERARDO S CHNEIDER gerardo@irisa.fr IRISA/INRIA E QUIPE L

Introduction to Hybrid Systems G ERARDO S CHNEIDER gerardo@irisa.fr IRISA/INRIA E QUIPE L

Introduction to Hybrid Systems G ERARDO S CHNEIDER gerardo@irisa.fr IRISA/INRIA E QUIPE L ANDE R ENNES - F RANCE Introduction to Hybrid Systems p.1/21 Motivation Computers are

1.14k views • 52 slides
Climates of the Past Climates of the Past EES 3310/5310 EES 3310/5310 Global Climate Change

Climates of the Past Climates of the Past EES 3310/5310 EES 3310/5310 Global Climate Change

Climates of the Past Climates of the Past EES 3310/5310 EES 3310/5310 Global Climate Change Global Climate Change Jonathan Gilligan Jonathan Gilligan Class #13: Class #13: Wednesday, February 5 Wednesday, February 5 2020 2020

730 views • 39 slides
Introduction to Fuzzy Logic First Step: . . . Need for Interpolation Vladik Kreinovich Need to

Introduction to Fuzzy Logic First Step: . . . Need for Interpolation Vladik Kreinovich Need to

Need for Expert . . . Need to Describe . . . Rules: General Case Step-by-Step . . . Introduction to Fuzzy Logic First Step: . . . Need for Interpolation Vladik Kreinovich Need to Combine . . . Defuzzification Department of Computer Science

701 views • 31 slides
A Multiagent System Approach to Schedule Devices in Smart Homes William Yeoh Enrico Pontelli

A Multiagent System Approach to Schedule Devices in Smart Homes William Yeoh Enrico Pontelli

A Multiagent System Approach to Schedule Devices in Smart Homes William Yeoh Enrico Pontelli Ferdinando Fioretto New Mexico State University University of Michigan May, 2017 Home Automation 1 Network of smart homes 2 Smart Homes and SHDS

432 views • 27 slides
CIS 4930/6930: Principles of Cyber-Physical Systems Chapter 4: Hybrid Systems Hao Zheng

CIS 4930/6930: Principles of Cyber-Physical Systems Chapter 4: Hybrid Systems Hao Zheng

CIS 4930/6930: Principles of Cyber-Physical Systems Chapter 4: Hybrid Systems Hao Zheng Department of Computer Science and Engineering University of South Florida H. Zheng (CSE USF) CIS 4930/6930: Principles of CPS 1 / 19 Hybrid Automata

602 views • 22 slides
REFLECTIVE PRACTICE FOR 6.16.2020 TEAM LEARNING & LEADERSHIP DEVELOPMENT QUESTIONS TO

REFLECTIVE PRACTICE FOR 6.16.2020 TEAM LEARNING & LEADERSHIP DEVELOPMENT QUESTIONS TO

REFLECTIVE PRACTICE FOR 6.16.2020 TEAM LEARNING & LEADERSHIP DEVELOPMENT QUESTIONS TO CONSIDER 1. What is the purpose for using reflection as a core component in leadership and team learning? 2. Whats more important for reflection: the

486 views • 27 slides
Computing ergodic limits for SDEs M.V. Tretyakov School of Mathematical Sciences, University of

Computing ergodic limits for SDEs M.V. Tretyakov School of Mathematical Sciences, University of

Computing ergodic limits for SDEs M.V. Tretyakov School of Mathematical Sciences, University of Nottingham, UK Talk at the workshop Stochastic numerical algorithms, multiscale modelling and high-dimensional data analytics, ICERM, 21st July

740 views • 52 slides

More recommend