IoT – Page 2 – Insinuator.net

November 30, 2016 by Pascal Turbing

Research Diary: IP-Cameras Part 2

Hi everybody,
This is the second entry in our research diary on IP cameras. If you haven’t done so yet, you should read the first entry in advance. This time we focused more on analysis and exploitation.

Another entry vector

After running a vulnerability scan on both devices, it was revealed that the M1033 has multiple buffer overflow vulnerabilities (CVE-2012-5958 to CVE-2012-5965), which are readily exploitable via Metasploit. This gave us another shell (in addition to the root shell mentioned in the last post), though this time it was not a root shell. By using the find command, we searched for executables having the setuid or setgid bit set. We hoped to use one of those to escalate privileges. To do so yourself add the parameter -perm -4000 to find and it will search for files having the setuid bit set. If you try that on your own unix-like device, for example it should yield /bin/passwd which is perfectly reasonable as you’re able to change your password without being root.

Continue reading “Research Diary: IP-Cameras Part 2”

Breaking

November 22, 2016 by Benjamin Schwendemann

Research Diary: IP-Cameras

As you probably know we perform research on a regular basis at ERNW. This post is the first entry on our – Benjamin’s and Pascal’s – research diary. You might already have seen Oliver’s post on setting up an research environment or Brian’s posts on IoT botnets (here and here). With that in mind we want to take a look at one of the market leaders for network camera equipment: AXIS.

Continue reading “Research Diary: IP-Cameras”

Breaking

November 21, 2016 by Patrik Fehrenbach

IoT the S is for Secure – Unknown Administration Interface in Wireless Plug

Dear Readers,

just recently i bought a wireless plug on Amazon with the main use of controlling my coffee machine with an app. The installation of the wireless plug was quite easy and only requires me to set my Wifi SSID and my passphrase – that’s it. But what happened behind the scenes? I visited the control interface of my router and saw that along with the other devices there was a new one with the network name HF-LPB100 and a local IP address in my case 192.168.0.235. First of all i wondered about the name itself, but ignored that and kept on looking for open ports.

Continue reading “IoT the S is for Secure – Unknown Administration Interface in Wireless Plug”

Building

November 15, 2016 by Enno Rey

(Securely) Updating Smart Devices / Some Considerations

How to provide updates to IoT devices – yes, I’m aware this might be a overly broad generalization for many different devices – has been the topic of many discussions in the last years (for those interested the papers from the “Internet of Things Software Update Workshop (IoTSU)” might be a good starting point).
Given Matthias and I will moderate the respective session at tomorrow’s IoT Insight Summit I started writing down some points that we consider relevant in this context.

Continue reading “(Securely) Updating Smart Devices / Some Considerations”

Events

November 8, 2016 by Matthias Luft

15. Cyber-Sicherheits-Tag

Today Kevin and I had the pleasure to to present at the German 15. Cyber-Sicherheits-Tag in Berlin which is organized by the Alliance for Cyber Security. This iteration covered security aspects of the Internet of Things and we enjoyed some great conversations. The presentations were limited to ten slides and can be found here:

Continue reading “15. Cyber-Sicherheits-Tag”

Breaking

October 17, 2016 by Oliver Matula

Setting up a Research Environment for IP Cameras

Embedded devices often serve as an entry point for an attack on a private or corporate network. The infamous attack on HackingTeam, for example, followed exactly this path as was revealed here. Although the attack may have been for the greater good (refer also to this great keynote), such incidents demonstrate that it is important to properly secure your embedded devices. In a recent blog post, Niklaus presented how he analyzed the security posture of a MAX! Cube LAN Gateway. Moreover, Brian reported a few weeks ago on the security posture of IoT devices (and in particular on one of his cameras). With this post I would like to share my experiences with analyzing another embedded device: the IC-3116W IP camera by Edimax. Continue reading “Setting up a Research Environment for IP Cameras”

Breaking

October 1, 2016 by Brian Butterly

How to Become Part of an IoT Botnet

I suppose there are many people out there who want to achieve a greater good, fight evil corp and “show those guys”. So why not set a statement and become part of a botnet? #Irony!!! Of course I suppose (hope) that none of you actually want to be part of something like an IoT botnet, but joining could in theory be dead easy. So quite a while back I bought a dead cheap WiFi camera for use at home. It was kind of just as insecure as I had expected, so it got it’s own VLAN and stuff and here is why….

Continue reading “How to Become Part of an IoT Botnet”

Breaking

September 9, 2016 by Kevin Schaller

Hardware Hacking Week @ ERNW

Internal workshops are one of the reoccurring events at ERNW, that help us to gain knowledge in areas outside our usual expertise. One of the recent workshops which happened during the week from August 22nd-25th was Hardware Hacking. Held by Brian Butterly (@BadgeWizard) and Dominic Spill (@dominicgs), this workshop took place in two parts. Brian kickstarted the introductory session by guiding us through the fundamental steps of Hardware Hacking. Brian did an excellent job of making things simpler by giving a detailed explanation on the basic concepts. For a beginner in hardware hacking, the topic could be rather intimidating if not handled properly.

Continue reading “Hardware Hacking Week @ ERNW”

Breaking

September 5, 2016 by Niklaus Schiess

KNXmap: A KNXnet/IP Scanning and Auditing Tool

Users of the KNX, a standard for home automation bus systems, may already have come across KNXnet/IP (also known as EIBnet/IP): It is an extension for KNX that defines Ethernet as a communication medium for KNX which allows communication with KNX buses over IP driven networks. Additionally, it enables one to couple multiple bus installations over IP gateways, or so called KNXnet/IP gateways.

In the course of some KNX related research we’ve had access to various KNXnet/IP gateways from different vendors, most of them coupled in a lab setup for testing purposes. The typical tools used for such tasks are ETS, the professional software developed by the creators of KNX (proprietary, test licenses available) and eibd, an open source implementation of the KNX standard developed by the TU Vienna.

Continue reading “KNXmap: A KNXnet/IP Scanning and Auditing Tool”