Showing Posts About

• Alex Pettifer Miłosz Gaczkowski
• 6 Feb 2024

Multiple vulnerabilities in eLinkSmart padlocks

Multiple vulnerabilities were found in the eLinkSmart smart lock range. Flaws in the implementation of the locks' Bluetooth Low Energy (BLE) communication and the back-end API enable an attacker to unlock any lock within Bluetooth range, identify the location of any lock in the world, and compromise user credentials. This blog post describes the vulnerabilities, as well as the process followed to identify them, and demonstrates the issues in action.

• Abdullah Ansari
• 2 Mar 2023

Megafeis-palm: Exploiting Vulnerabilities to Open Bluetooth SmartLocks

A security analysis of Megafeis smart padlocks revealed critical vulnerabilities in their mobile application and API. By exploiting authorization flaws, an attacker within Bluetooth range can enumerate account information and transfer lock ownership to their own account. The research demonstrates significant security weaknesses in the smart lock's backend infrastructure and mobile application.

• 24 Dec 2019

Hackin' around the Christmas tree

A vulnerability was discovered in the Abis HD6000+ SMART Android projector that allows remote code execution on the local network. The vulnerability stems from an unauthenticated HTTP endpoint on port 9909 that enables command execution. An attacker can potentially escalate the attack to a wide-area network remote code execution scenario using WebRTC techniques.

• Krzysztof Marciniak
• 11 Dec 2019

Digital lockpicking - stealing keys to the kingdom

A security analysis of the KeyWe Smart Lock revealed critical vulnerabilities in its Bluetooth Low Energy communication protocol. The lock's in-house key exchange mechanism allows attackers to easily intercept and decrypt device communications by exploiting a predictable common key generation process. By analyzing the mobile application and BLE traffic, the vulnerability in the lock's cryptographic design was exposed.

• 21 Dec 2018

Twinkly Twinkly Little Star

Multiple security vulnerabilities were discovered in Twinkly IoT Christmas lights. The vulnerabilities include unencrypted local network communications, trivial authentication bypass, and potential remote control through MQTT and DNS rebinding attacks. These flaws could allow attackers to manipulate or control the lights remotely, potentially affecting thousands of connected devices.

• 1 Aug 2017

Alexa, are you listening?

A physical attack on early Amazon Echo models allows root access by exploiting exposed debug pads and an SD card boot configuration. By gaining root shell access, an attacker can install a malware implant that turns the device into a remote wiretap. The attack requires physical access to the device and can potentially stream live microphone audio to remote services without disrupting the Echo's normal functionality.

• 10 Jan 2017

Digital Lockpicking: Why Your Front Door Shouldn't Be On The Internet

A critical vulnerability was discovered in FingerTec/ZKTeco biometric access control devices. The unencrypted UDP protocol allows attackers to create unauthorized admin accounts, extract user data, and potentially unlock doors without authorization. Over 4000 such devices are exposed on the internet, posing significant security risks.