Security Vulnerabilities Connected Objects
Bad management of usernames and passwords, unlimited access to Amazon S3 storage spaces, remote control… These connected objects, tested by Bitdefender, have an execrable level of security.
Finding vulnerabilities in connected objects has become a favorite pastime of Alex Balan, a security researcher at Bitdefender Labs.
Like last year, he used the RSA 2020 conference as an opportunity to showcase his best finds, starting with iBaby Monitor M6S, a device to monitor his baby.
Like many connected objects today, this device is permanently connected to an Amazon S3 cloud storage space, to save images and videos.
But a flaw in the management of identifiers allows, in the end, access to the contents of the entire storage space. It is, therefore, possible to access the images and videos of other users.
For similar reasons, it is also possible to access the MQTT server, a messaging protocol for connected objects.
A hacker simply has to wait for a new user to arrive on this server to obtain secret keys that will allow him to access the device remotely. He will then be able to capture video and audio streams, record them, capture images, or play music.
Another camera riddled with holes in the Guardzilla surveillance camera.
Here again, poor ID management allows access to the entire Amazon S3 storage space.
In addition, a bug in stream sharing allows real-time connection to a user’s video streams without their knowledge.
Finally, software flaws allow arbitrary code to be executed remotely on the device and thus take control of it.
The particularity with this kind of attack is that it passes through the cloud infrastructure used by the system. “This makes it completely undetectable to security software,” says Balan.
On the Wyze Cam Pan surveillance camera, it’s much the same story. A software flaw allows remote control of the device through its own cloud.
The researcher also looked into Sonoff’s gadgets. This provider offers connected sockets, connected buttons, Wi-Fi cameras, etc.
The control of the devices by a hacker is particularly simple here. All he has to do is know the identifier of a device and enroll it through his own Sonoff account. That’s all because there is no form of verification.
Since the procedure for updating these devices is not secure, the hacker can then install his own firmware.
The good news is that Sonoff has fixed these flaws. All the other vendors mentioned in this article have done nothing, even though they have been alerted for several months. It’s hopeless.