It is currently 23-10-2017 01:55

IOT-outlet merge credentials from Wi-Fi and email, as well as suitable for DDoS attacks

IOT-outlet merge credentials from Wi-Fi and email, as well as suitable for DDoS attacks

by seo_worker » 2016-08-22 14:02:56

Researchers at Bitdefender examined smart outlets an unnamed, but popular on the market of the manufacturer. It turned out that the security of the devices leaves much to be desired: they can easily steal the credentials of a foreign Wi-Fi network, you can find the username and password of the mailbox of the owner of the device, but in theory IoT outlet can even be used to carry out DDoS-attacks.

What is a smart outlet? This device, which plugs into any normal outlet and allows the user who installed Android or iOS app to monitor and calculate the power consumption of appliances connected to this outlet (for example, the outlet can only work for a couple of certain hours per day). Also socket can be used to control other gadgets such as cameras, TVs, coffee machines and so on.

Bitdefender analysts write that the study had identified a number of serious problems. So, during the installation and configuration of official apps (and the sockets), the user is prompted to connect to the built-in Wi-Fi hotspot device and configure it to use a local wireless network. The user simply selects a network from the available list, and the app connects to the hotspot outlets, prompts the user for network credentials, which are transmitted to the device without any protection, clear text. Subsequently, this connection will be used to connect to the vendor's servers, which, in the form of UDP messages transmitted configuration information about the device: model name, device name, firmware version, MAC address, port, IP address and so on. Experts have found that all this information is also not protected by encryption and is transmitted in plain text format. The attacker can easily intercept the data. In addition, the default username and password of the device is very easy to guess, and the device will not remind you about the need to change the default values.

We also found out that all messages that are exchanged with the server of the manufacturer of the official app, coded by themselves, but the data encryption is not used. Bitdefender experts write that to decode the message by using the reverse engineering is not difficult, as it applies the well-known encoding scheme.

The smart socket can also send the user email notification of scheduled tasks. For this function to work, you need to enter the mailbox data (including username and password) in control panel device. It turned out that the outlet stores even that is unsafe. So, knowing the MAC address of the device and the password from it's default, an attacker can take control of the socket, change its settings, reconfigure work schedules and to access credentials from the mailbox to its owner.

In addition, in the process of password authentication was discovered a bug that allows the injection of commands. As a result, the attacker could authenticate without knowing the real password, instead it can change the root password and get access to the embedded Telnet service.

Although all of the above already makes you terrified, analyst at Bitdefender Alexander Balan (Alexandru Balan) writes that smart sockets, in theory, can become part of a botnet and be used for DDoS or brute force attacks. To do this, attackers need to make changes in the device firmware.

Qoute:"Until now, IoT vulnerabilities basically could only be used in close proximity to the smart home, where there is [a vulnerable device], but this flaw allows hackers to control the device via the Internet and to overcome the limitations of network address translation. This is a serious problem, we can see botnets created on the basis of these outlets," says Balan.

Experts Bitdefender did not disclose the name of the manufacturer of the vulnerable devices, as patches to the identified problems yet, they have to go in the third quarter of 2016. However, the journalists Softpedia speculated that it could be a device Edimax SP-1101W, if you start from the illustrations by the researchers in the report.
Сообщений: 755
Депозит: 0.005 BTC

Rating: 2