* Posts by cybergibbons

22 posts • joined 24 Sep 2014

Unbreakable smart lock devastated to discover screwdrivers exist


The three we bought to find issues cannot be opened in this way. The one of those I opened has the pin in place.

Container ship loading plans are 'easily hackable'



SOLAS VGM pretty much says that you can't estimate weight anymore. It doesn't stipulate using load cells on cranes, and that hasn't been what is implemented in most ports.

Evil pixels: Researcher demos data-theft over screen-share protocols


Re: Bizarre security

Yes - you can type an executable base64 encoded onto the remote host and run it. Without admin privilege, you can then get data back with this method.

Half-baked security: Hackers can hijack your smart Aga oven 'with a text message'


Re: Nothing new here really..

I doubt your village hall has a website allowing it's number to be enumerated though?


Re: OK, daft question

Specifically, in this instance, the user interface of the Aga web application allows enumeration of registered numbers.

With most M2M products, the numbers are allocated from groups. I have often seem numbers sequentially allocated in similar products.


Re: Contact

An attempt? At least 10 attempts were made.

It's very much Aga's responsibility to deal with service providers and hardware vendors involved with their products.


That's actually a lot of money for most IoT devices, where the entire cost of the device will typcially be less than £5. It's got a lot more power than you would ever need, as well.

That said, there have been Pi-based commercial products, such as the early revisions of this:



Re: Security

This really isn't the case though.

The PIC18F - which currently only support SSLv3 and below with weak ciphers - is ~£1.75 in bulk. An ARM Cortex-M3 that costs the same, has more functonality and more flash can support TLSv1.2 with good ciphers.

Time and time again I see people saying "but the hardware can't do it". It's perfectly possible to design your hardware to the same cost and have the functionality required.


Re: Security

There was no reason, in 2012, to put a device in that was so limiting.

Hackers actively stealing Wi-Fi keys from vulnerable routers


Re: Simples, buy your own better router and secure it properly.

Using a directional antenna outside of someone's house falls firmly into the territory of "tough time" and covers the typical threat model of a home user.


If you are using the provided HomeHub or any of the common BT VDSL modems, we haven't seen any particular issues with TR-064 being exposed publically. I don't think anyone has got your key via the same route.

IoT worm can hack Philips Hue lightbulbs, spread across cities


Re: ANY i.o.t

This isn't enough to isolate you from risk though. If this device is on the same network as your PC or phone, they can attack the device, and the device attack them.

Boffin's anti-worm bot could silence epic Mirai DDoS attack army


Re: "prompt the user to reboot"

Why would the user be logging in via telnet? They don't even know the device is running telnet.


It's worth noting that the worm doesn't actually have the ability to change the passwords. It's not a trivial task on many of them - it needs a firmware update.

Comcast's Xfinity home alarms can be disabled by wireless jammers


Re: Wireless Alarms are toys

People really seem to be losing perspective of what an alarm is protecting you from...

You don't expect your front door to withstand a hydraulic breach tool, or your lock to withstand a drill for 30 minutes. That's because they have been designed to protect a normal domestic property, with a small value of goods inside. The attacker is a normal burglar.

The basic wireless alarms are designed to add a layer to that protection from those attackers. It isn't meant to protect you from advanced, knowledgeable criminals. If you want that protection, you buy a graded, wired, professionally installed alarm.

Researcher criticises 'weak' crypto in Internet of Things alarm system


Re: Optional

The device only has Ethernet - not sure where all the WiFi stuff has come from.


Re: Checklist


1. Find an unoccupied house

2. Break into it

3. Steal everything you can in under 5 minutes

4. Leave

Whilst the system isn't secure, the attacks being proposed are pure fantasy.


Re: Huh?

I can build a device that will disable a significant number of wireless alarms on the market in the UK. It costs about £12 to make. It took very little research (relatively) to work it out.

Never seen anyone else sell them - I've even tried asking on some of the forums that are used for trading ATM skimmers, fake chip&pin terminals etc. They just aren't made - criminals aren't currently interested in bypassing alarms on domestic properties.


Re: Huh?

Which would probably be why they said "it would be beyond the capability of most would-be burglars with access to no more than basic electronic tools like wire strippers, a multi-meter, and crocodile clips".

Are you arguing that most burglars would be capable of this? That would strongly go against the available evidence.

Burglary and car theft have very different risks and rewards, which you seem to have ignored in your analogy/comparison.

You can almost entirely work out the security system on a car just by the model and year. There is very little variation. Not possible with a home alarm. It's easy for criminals to identify and target cars like this.

Once you have bypassed the security system on most modern cars, that's it. You can open the door and start the engine. Not so with a house - bypass the alarm, and you still need to deal with physical security.

Most burglaries don't result in a good reward of a known value. You might get £500, you might get £5k. Lift a high-end car, and you will be looking at a lot more.


Re: Huh?

I don't think there are enough burglars with enough sense to carry out these attacks - certainly not against domestic properties with self-installed panels with no professional monitoring.

I've been asked to look into five cases now where a homeowner has suspected that the burglars had used advanced electronic bypass methods to get in. Whilst I could never say for sure, there was no evidence in any of these cases that anything untoward had happened.

There's a world of difference between casing high-end targets (which would have graded alarms) and most burglars working out how to bypass individual homes over the Internet.

Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI


Re: Disable port 80 forwarding...

The brute force is quite slow, and requires more than just use of a browser. I've not released the proof of concept yet for it either.


Re: None of this crap needs to go through the cloud in the first place

It doesn't go through the cloud on this device. It's port-forwarded, by manufacturer recommendations.

Biting the hand that feeds IT © 1998–2019