Skip to main content

Fail of the Week: How Not to do IoT Security

There are a lot of bad days at work. Often it’s the last day, especially when it’s unexpected. For the particularly unlucky, the first day on a new job could be a bad day. But the day you find an unknown wireless device attached to the underside of your desk has to rank up there as a bad day, or at least one that raises a lot of serious questions.

As alarming as finding such a device would be, and for as poor as the chain of decisions leading these devices being attached to the workstations of the employees at a mercifully unnamed company, that’s not the story that [Erich Styger] seeks to tell. Rather, this is a lesson in teardown skills – for few among us would not channel the anger of finding something like this is into a constructively destructive teardown – and an investigation into the complete lack of security consideration most IoT devices seem to be fielded with these days.

Most of us would recognize the device as some kind of connected occupancy sensor; the PIR lens being the dead giveaway there. Its location under a single person’s desk makes it pretty clear who’s being monitored.

The teardown revealed that the guts of the sensor included a LoRa module, microcontroller, a humidity/temperature sensor, and oddly for a device apparently designed to stick in one place with magnets, an accelerometer. Gaining access to the inner workings was easy through the UART on the microcontroller, and through the debug connectors and JTAG header on the PCB. Everything was laid out for all to see – no firmware protection, API keys in plain text, and trivially easy to reflash. The potential for low-effort malfeasance by a compromised device designed to live under a desk boggles the mind.

The whole article is worth a read, if only as a lesson in how not to do security on IoT devices. We know that IoT security is hard, but that doesn’t make it optional if you’re deploying out in the big wide world. And there’s probably a lot to learn about properly handling an enterprise rollout too. Spoiler alert: not like this.



from Hackaday http://bit.ly/2Mh9ZSV

Comments

Popular posts from this blog

How To Play Doom – And More – On An NES

Doom was a breakthrough game for its time, and became so popular that now it’s essentially the “Banana For Scale” of hardware hacking. Doom has been ported to countless devices, most of which have enough processing ability to run the game natively. Recently, this lineup of Doom-compatible devices expanded to include the NES even though the system definitely doesn’t have enough capability to run it without special help. And if you want your own Doom NES cartridge, this video will show you how to build it . We featured the original build from [TheRasteri] a while back which goes into details about how it’s possible to run such a resource-intensive game on a comparatively weak system. You just have to enter the cheat code “RASPI”. After all the heavy lifting is done, it’s time to put it into a realistic-looking cartridge. To get everything to fit in the donor cartridge, first the ICs in the cartridge were removed (except the lockout IC) and replaced with custom ROM chips. Some modifica...

The Flexible Permanence of Copper Tape Circuits

Somewhere between shoving components into a breadboard temporarily and committing them to a piece of protoboard or a PCB lies the copper tape method. This flexible Manhattan-style method of circuitry formed the basis for [Bunnie Huang]’s Chibitronics startup, and has since inspired many to stop etching boards and start fetching hoards of copper tape. [Hales] hit the ground running when he learned about this method , and has made many a copper tape circuit in the last year or so. He offers several nice tips on his site that speak from experience with this method, and he’ll even show you how to easily work an SMD breakout board into the mix. Generally speaking, [Hales] prefers plywood as the substrate to paper or cardboard for durability. He starts by drawing out the circuit and planning where all the tape traces will go and how wide they need to be. Then he lays out copper traces and pads, rubs the tape against the substrate to make it adhere strongly, and reinforces joints and laps w...

The Newbie’s Guide To JTAG

Do you even snarf? If not, it might be because you haven’t mastered the basics of JTAG and learned how to dump, or snarf, the firmware of an embedded device. This JTAG primer will get you up to snuff on snarfing, and help you build your reverse engineering skills. Whatever your motivation for diving into reverse engineering devices with microcontrollers, JTAG skills are a must, and [Sergio Prado]’s guide will get you going. He starts with a description and brief history of the Joint Test Action Group interface, from its humble beginnings as a PCB testing standard to the de facto standard for testing, debugging, and flashing firmware onto devices. He covers how to locate the JTAG pads – even when they’ve been purposely obfuscated – including the use of brute-force tools like the JTAGulator . Once you’ve got a connection, his tutorial helps you find the firmware in flash memory and snarf it up to a file for inspection, modification, or whatever else you have planned. We always apprec...