Showing Posts About

Product security

eLinkSmart - Unlocking Bluetooth LE padlocks with polite requests

A critical security analysis of eLinkSmart Bluetooth padlocks revealed multiple severe vulnerabilities. The locks have hardcoded encryption keys, an insecure web API with SQL injection flaws, and weak authentication controls. These vulnerabilities allow attackers to unlock any lock within Bluetooth range and access sensitive user information.

  • 13 Sep 2023

Guiding black-box CAN fuzzing with electromagnetic side-channel analysis

An electromagnetic side-channel analysis technique is introduced for guiding black-box CAN fuzzing in automotive Electronic Control Units (ECUs). The method helps identify valid CAN message IDs by analyzing electromagnetic emissions during message processing. This approach improves fuzzing effectiveness when detailed system documentation is unavailable.

Megafeis-palm: Exploiting Vulnerabilities to Open Bluetooth SmartLocks

A security analysis of Megafeis smart padlocks revealed critical vulnerabilities in their mobile application and API. By exploiting authorization flaws, an attacker within Bluetooth range can enumerate account information and transfer lock ownership to their own account. The research demonstrates significant security weaknesses in the smart lock's backend infrastructure and mobile application.

Faking A Positive COVID Test

A vulnerability was discovered in the Ellume COVID-19 Home Test that allows falsifying test results. By manipulating Bluetooth traffic, it was possible to change a negative test to a positive result. The attack involved modifying specific byte values in the device's communication protocol and recalculating checksums, ultimately obtaining a verified COVID test certificate from Azova.

Printing Shellz

Multiple zero-day vulnerabilities were discovered affecting over 150 HP multi-function printers. The vulnerabilities enable network infrastructure compromise through malicious printing and web-based exploits. New tooling was developed to demonstrate how printers can serve as entry points for network attacks.

  • 6 May 2020

U-Booting securely

This whitepaper analyzes security vulnerabilities and misconfigurations in U-Boot for embedded systems. It provides guidance to developers on securing hardware products against potential security compromises. The analysis is based on real-world research by hardware security experts investigating secure boot implementations.

  • 24 Dec 2019

Hackin' around the Christmas tree

A vulnerability was discovered in the Abis HD6000+ SMART Android projector that allows remote code execution on the local network. The vulnerability stems from an unauthenticated HTTP endpoint on port 9909 that enables command execution. An attacker can potentially escalate the attack to a wide-area network remote code execution scenario using WebRTC techniques.

  • 20 Dec 2019

Opening Up the Samsung Q60 series smart TV

A technical analysis was conducted on the Samsung Q60 series smart TV, exploring its hardware, firmware, and network services through detailed reverse engineering techniques. The investigation involved board-level analysis, extracting and examining the eMMC flash memory, and investigating the proprietary VDFS filesystem. Multiple approaches were used to understand the TV's internal architecture, including examining debug ports, firmware upgrade processes, and network services.

  • 21 Dec 2018

Twinkly Twinkly Little Star

Multiple security vulnerabilities were discovered in Twinkly IoT Christmas lights. The vulnerabilities include unencrypted local network communications, trivial authentication bypass, and potential remote control through MQTT and DNS rebinding attacks. These flaws could allow attackers to manipulate or control the lights remotely, potentially affecting thousands of connected devices.

Kernel Driver mmap Handler Exploitation

This whitepaper explores exploitation techniques for Linux kernel driver memory mapping vulnerabilities. The research addresses the lack of public documentation on identifying and exploiting security flaws in kernel driver development. The goal is to provide guidance for developers to understand and mitigate memory mapping issues in kernel drivers.

Land, Configure Microsoft Office, Persist

This presentation explores native Microsoft Office add-in mechanisms that can be exploited for persistence on compromised workstations. Various techniques for abusing Office add-ins are analyzed from a red teaming perspective. The talk examines deployment complexity, privilege requirements, and effectiveness in different computing environments.

Mission mPOSsible

A security presentation examined the vulnerabilities of mobile Point-of-Sale (mPOS) devices used with mobile platforms. The study investigated potential risks to sensitive customer payment data in emerging payment technologies. Findings were presented at Syscan 2014 and Blackhat USA 2014 by Nils and Jon.

  • 28 Nov 2014

My NFC Remains Enabled - Reflections on Mobile Pwn2Own 2014

Mobile Pwn2Own 2014 highlighted zero-day vulnerabilities in mobile devices, particularly those involving NFC technologies. The competition demonstrated the ongoing challenges in mobile device security, emphasizing the importance of careful app store selection for users and proactive security design for developers. Despite potential NFC-related risks, most users are more likely to encounter threats through phishing and malware.