home invasion v2 0 who are we the presenters
play

Home Invasion v2.0 WHO ARE WE? The Presenters Daniel - PowerPoint PPT Presentation

Sep 01, 2023 •104 likes •342 views

Home Invasion v2.0 WHO ARE WE? The Presenters Daniel unicornFurnace Crowley - Managing Consultant, Trustwave SpiderLabs Jennifer savagejen Savage - Software Engineer, Tabbedout David videoman Bryan - Security

  1. Home Invasion v2.0

  2. WHO ARE WE?

  3. The Presenters Daniel “ unicornFurnace ” Crowley - Managing Consultant, Trustwave SpiderLabs Jennifer “ savagejen ” Savage - Software Engineer, Tabbedout David “ videoman ” Bryan - Security Consultant, Trustwave SpiderLabs

  4. WHAT ARE WE DOING HERE?

  5. The “Smart” Home Science fiction becomes science fact Race to release novel products means poor security Attempt to hack a sampling of “smart” devices Many products we didn’t cover Android powered oven Smart TVs (another talk is covering one!) IP security cameras

  6. WHAT’S OUT THERE?

  7. Belkin WeMo Switch

  8. Belkin WeMo Switch 1. Vulnerable libupnp version 2. Unauthenticated UPnP actions 1. SetBinaryState 2. SetFriendlyName 3. UpdateFirmware

  9. MiCasaVerde VeraLite

  10. MiCasaVerde VeraLite 1. Lack of authentication on web console by default 2. Lack of authentication on UPnP daemon 3. Path Traversal 4. Insufficient Authorization Checks 1. Firmware Update 2. Settings backup 3. Test Lua code 5. Server Side Request Forgery 6. Cross-Site Request Forgery 7. Unconfirmed Authentication Bypass 8. Vulnerable libupnp Version

  11. INSTEON Hub

  12. INSTEON Hub 1. Lack of authentication on web console 1. Web console exposed to the Internet

  13. Karotz Smart Rabbit

  14. Karotz Smart Rabbit 1. Exposure of wifi network credentials unencrypted 2. Python module hijack in wifi setup 3. Unencrypted remote API calls 4. Unencrypted setup package download

  15. Linksys Media Adapter 1. Unauthenticated UPnP actions

  16. LIXIL Satis Smart Toilet

  17. LIXIL Satis Smart Toilet 1. Default Bluetooth PIN

  18. Radio Thermostat 1. Unauthenticated API 2. Disclosure of WiFi passphrase

  19. SONOS Bridge

  20. SONOS Bridge 1. Support console information disclosure

  21. DEMONSTRATION

  22. CONCLUSION

  23. Questions? Daniel “ unicornFurnace ” Crowley dcrowley@trustwave.com @dan_crowley Jennifer “ savagejen ” Savage savagejen@gmail.com (PGP key ID 6326A948) @savagejen David “ videoman ” Bryan dbryan@trustwave.com @_videoman_

Recommend

FFP Unlimited Invasion FFP Unlimited Invasion No Restrictions No Limits WE AR WE ARE E

FFP Unlimited Invasion FFP Unlimited Invasion No Restrictions No Limits WE AR WE ARE E

FFP Unlimited Invasion FFP Unlimited Invasion No Restrictions No Limits WE AR WE ARE E GRA RATE TEFUL FUL AB ABOU OUT T US US Life Insurance is a Financial Planning Tool It provides a source of financial relief for

617 views • 15 slides
1 2 3 4 5 6 7 In about 1312 A.D, during the Muslim invasion by Malik Kafur, the General of

1 2 3 4 5 6 7 In about 1312 A.D, during the Muslim invasion by Malik Kafur, the General of

1 2 3 4 5 6 7 In about 1312 A.D, during the Muslim invasion by Malik Kafur, the General of Allauddin, Sultan of Delhi and in 1323 A.D during the invasion of Ulugh Khan there was a great commotion. To inspire his fellows, Vedanta Desika

690 views • 15 slides
Norwegian King Crab Invasion Norwegian King Crab Invasion Giant Crab 'Red Army' Invades Norway

Norwegian King Crab Invasion Norwegian King Crab Invasion Giant Crab 'Red Army' Invades Norway

Norwegian King Crab Invasion Norwegian King Crab Invasion Giant Crab 'Red Army' Invades Norway James Owen for National Geographic News, March 9, 2004 The Cold War might be over, but a red army of monster crustaceansmarshalled by Soviet-era

398 views • 22 slides
A plan was set for Operation Overlord, the Allied invasion of Normandy It included Operation

A plan was set for Operation Overlord, the Allied invasion of Normandy It included Operation

A plan was set for Operation Overlord, the Allied invasion of Normandy It included Operation Neptune, the largest seaborne invasion in history 4,000 ships 11,000 airplanes 150,000 soldiers and all their supplies A date of 5 June 1944 was agreed

561 views • 10 slides
Pre- Versus Post-operative Perineural Invasion Cartilage invasion Radiotherapy

Pre- Versus Post-operative Perineural Invasion Cartilage invasion Radiotherapy

Dislosures Postoperative Radiation and Clinical trial support from Genentech Inc. Chemoradiation: Indications and Optimization of Practice Sue S. Yom, MD, PhD Associate Professor UCSF Radiation Oncology Clinical Indicators of Increased

447 views • 5 slides
The Bri(sh invasion in the United States had huge

The Bri(sh invasion in the United States had huge

The Bri(sh invasion in the United States had huge successes with the Beatles and The Rolling Stones. This signaled other Bri(sh blues-based

515 views • 36 slides
Work From Home Best Practices City of Chesapeake Your Presenters Cary Seager, MBA, RHU, CCWS

Work From Home Best Practices City of Chesapeake Your Presenters Cary Seager, MBA, RHU, CCWS

Work From Home Best Practices City of Chesapeake Your Presenters Cary Seager, MBA, RHU, CCWS Kayla Sikes Regional Director of Health & Productivity Wellness Coordinator AssuredPartners City of Chesapeake Providing clients with the best

354 views • 20 slides
Home Health Value-Based Purchasing Home Health Agency Registration December 1 7 , 2015

Home Health Value-Based Purchasing Home Health Agency Registration December 1 7 , 2015

Home Health Value-Based Purchasing Home Health Agency Registration December 1 7 , 2015 Presenters Marcie OReilly, CMS Innovation Center, Centers for Medicare & Medicaid Services Jennifer Wiens, The Lewin Group 2 Agenda TBP)

861 views • 30 slides
Caring for Older Adults in the Community and At Home (COACH) Presenters: Kirsten Mallard MN NP

Caring for Older Adults in the Community and At Home (COACH) Presenters: Kirsten Mallard MN NP

Caring for Older Adults in the Community and At Home (COACH) Presenters: Kirsten Mallard MN NP GNC(C) Dr Tim Stultz MD COE Caring for Older Adults in the Community and At Home (COACH) VIDEO COACHnew thinking and an innovative

507 views • 18 slides
U.S., the U.K. and France April 18, 2018 1 Presenters 2 Presenters 3 Presenters 4

U.S., the U.K. and France April 18, 2018 1 Presenters 2 Presenters 3 Presenters 4

Anti-Corruption Enforcement: Analyzing the Enforcement Approaches of the U.S., the U.K. and France April 18, 2018 1 Presenters 2 Presenters 3 Presenters 4 Presenters 5 Topics Statutes and Jurisdiction Specific Differences:

703 views • 52 slides
J_ J_sus W[ W[lks ks J_ J_rus us[l_m Before the Assyrian invasion of Judah, around 700

J_ J_sus W[ W[lks ks J_ J_rus us[l_m Before the Assyrian invasion of Judah, around 700

J_ J_sus W[ W[lks ks J_ J_rus us[l_m Before the Assyrian invasion of Judah, around 700 B.C, Hezekiah built a tunnel under the City of David. Before the Assyrian invasion of Judah, around 700 B.C, Hezekiah built a tunnel under

515 views • 50 slides
Informational Analysis of Invasion Percolation Model of Hydraulic Fracturing J. Quinn Norris May

Informational Analysis of Invasion Percolation Model of Hydraulic Fracturing J. Quinn Norris May

Hydraulic Fracturing Simple Model Invasion Percolation Bursts Information Theory Tokunaga Branching Informational Analysis of Invasion Percolation Model of Hydraulic Fracturing J. Quinn Norris May 31, 2013 Hydraulic Fracturing Simple

785 views • 50 slides
Video Broadband Voice In Home In Home In Home Out of Home Out of Home Out of Home Safe

Video Broadband Voice In Home In Home In Home Out of Home Out of Home Out of Home Safe

April 2013 Video Broadband Voice In Home In Home In Home Out of Home Out of Home Out of Home Safe Harbor Cautionary Statement Concerning Forward Looking Statements Certain statements contained herein may constitute forward - looking

567 views • 32 slides
HOME IDIS Webinar Receipt Fund Types in the HOME Investment Trust Fund Local Account: Program

HOME IDIS Webinar Receipt Fund Types in the HOME Investment Trust Fund Local Account: Program

HOME IDIS Webinar Receipt Fund Types in the HOME Investment Trust Fund Local Account: Program Income, Repayments, and Recaptured Funds March 9, 2016 1 Presenters Vashawn Banks, Acting Director, CPD, Office of Affordable Housing Programs

974 views • 60 slides
Can one invasion lead to another? Niche space and the future of Nature Precedings :

Can one invasion lead to another? Niche space and the future of Nature Precedings :

Can one invasion lead to another? Niche space and the future of Nature Precedings : doi:10.1038/npre.2009.3842.1 : Posted 8 Oct 2009 Southwestern U.S. riparian zones Lindsay Reynolds and David Cooper Colorado State University 3 August 2009

282 views • 17 slides
Carbon in ecosystems of Central Siberia: the effect of forest invasion to tundra Prokushkin A.S.,

Carbon in ecosystems of Central Siberia: the effect of forest invasion to tundra Prokushkin A.S.,

Carbon in ecosystems of Central Siberia: the effect of forest invasion to tundra Prokushkin A.S., Klimchenko A.V., Korets M.A., Rubtsov A.V., Kirdyanov A.V., Shashkin A.V., Prokushkina M.P., Zrazhevskaya G.K., Shibistova O.B., Guggenberger G.

664 views • 40 slides
PRESENTATION FOUR Opening to the Invasion of the Spirit Slide 1 and 2 no notes Slide 3 The

PRESENTATION FOUR Opening to the Invasion of the Spirit Slide 1 and 2 no notes Slide 3 The

PRESENTATION FOUR Opening to the Invasion of the Spirit Slide 1 and 2 no notes Slide 3 The Experience of the Spirit in the Franciscan Tradition by Dominic Monti, 1998 When we think of Franciscan theology and spirituality, we normally think of

292 views • 7 slides
Designing Robots with Westside Boiler Invasion and AndyMark Nature and Robots Biomimicry

Designing Robots with Westside Boiler Invasion and AndyMark Nature and Robots Biomimicry

Designing Robots with Westside Boiler Invasion and AndyMark Nature and Robots Biomimicry Biomimicry Biomimicry is an approach to innovation that seeks sustainable solutions to human challenges by emulating natures time-tested patterns

122 views • 10 slides
Pacman Invasion Omar Punjabi, MD Andrew Antoszyk, MD Financial disclosures: None Patient

Pacman Invasion Omar Punjabi, MD Andrew Antoszyk, MD Financial disclosures: None Patient

Pacman Invasion Omar Punjabi, MD Andrew Antoszyk, MD Financial disclosures: None Patient History 55-year-old male physician New onset blurred vision and mild photosensitivity OD Seeing lines in his vision, growing like

442 views • 8 slides
Functional Trait Composition and Restoration Seed Mixes: Invasion Resistance in Prairie Plant

Functional Trait Composition and Restoration Seed Mixes: Invasion Resistance in Prairie Plant

Functional Trait Composition and Restoration Seed Mixes: Invasion Resistance in Prairie Plant Communities Jacob Zeldin and Andrea Kramer Plant Biology and Conservation Chicago Botanic Garden and Northwestern University Background Invasive

343 views • 19 slides
The Desirable Home The three factors in selling a home H Home buying is an emotional

The Desirable Home The three factors in selling a home H Home buying is an emotional

The Desirable Home The three factors in selling a home H Home buying is an emotional practical decision 1) Exposure to potential buyers 2) Presentation of home 3)PRICE How To Get Buyers To Hate Your Home House Odors Smoke

137 views • 13 slides
Welcome Presenters: Gayle Bickle, Research Specialist, Bureau of Research Ohio Department

Welcome Presenters: Gayle Bickle, Research Specialist, Bureau of Research Ohio Department

Returning Home Ohio The Source for Housing Solutions September 9, 2013 International Community Correction Association Annual Research Conference Terri Power, CSH Gayle Bickle, ODRC Welcome Presenters: Gayle Bickle, Research

981 views • 39 slides
$ Lesson Three Buying a Home 04/09 buying a home Buying a home is easier than you might think

$ Lesson Three Buying a Home 04/09 buying a home Buying a home is easier than you might think

Presentation Slides $ Lesson Three Buying a Home 04/09 buying a home Buying a home is easier than you might think we'll walk you through the five basic steps. phase 1: determine home-ownership needs What type of housing should I buy?

633 views • 6 slides
$ Lesson Five Buying a Home 04/09 buying a home Buying a home is easier than you might think

$ Lesson Five Buying a Home 04/09 buying a home Buying a home is easier than you might think

Presentation Slides $ Lesson Five Buying a Home 04/09 buying a home Buying a home is easier than you might think we'll walk you through the five basic steps. phase 1: determine home-ownership needs What type of housing should I buy?

412 views • 6 slides

More recommend