Abusing the Internet of Things

When the user taps More on the dialog in Figure 1-11, the app then presents an option to “Setup away from home,” as shown in Fig ...

FIGURE 1-13. Portal login page to authorize iOS app Once the user has entered her credentials and logged in, she is asked to aut ...

FIGURE 1-14. User is asked to authorize iOS app Once the user selects Yes, the browser sends the following GET request to http:/ ...

TIP The server then responds with the following: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8; charset=utf-8 Cache-Con ...

clipmessage={ bridgeId: "[DELETED}", clipCommand: { url: "/api/0/groups/0/action", method: "PUT", body: {"on":false} } } In this ...

$ arp -a -n ? (172.20.0.1) at d4:ae:52:9d:1f:49 on en0 ifscope [ethernet] ? (172.20.0.23) at 7c:7a:91:33:be:a4 on en0 ifscope [e ...

The script browses to https://www.meethue.com/api/nupnp (see Figure 1-4) to obtain the IP address of the bridge. If no bridge is ...

Example 1-1 contains the complete source code for the script. Example 1-1. hue_blackout.bash !/bin/bash This script demonstrates ...

Pad it so 0:4:5a:fd:83:f9 becomes 00:04:5a:fd:83:f9 (thanks http://code.google.com/p/plazes/wiki/FindingMACAddress)) padded_m=ec ...

TIP done fi fi done unset mac_addresses; done One other issue with the design of the hue system is that there is no way to dereg ...

Next, we can begin sniffing using zbwireshark (on channel 11): # zbwireshark -f 11 -i '002:005' This starts up the Wireshark too ...

FIGURE 1-16. Wireshark capture of channel 20 traffic Once the bridge receives an authorized request to change the state of an as ...

actions based on conditions such as, “Every time I’m tagged in a photo on Facebook, also upload it to my Dropbox account.” IFTTT ...

FIGURE 1-18. IFTTT recipe to change bulb colors to match a tagged Facebook photo As shown in Figure 1-19, when an attacker uploa ...

FIGURE 1-19. Tagging a Facebook photo that is completely black Another issue to consider is authorized sessions stored in the IF ...

internetworking our online spaces (such as Facebook) with IoT devices using services such as IFTTT. While these services are use ...

Electronic Lock Picking— Abusing Door Locks to Compromise Physical Security One of the oldest known locks dates back to 4,000 ye ...

put us in a state of higher risk. This chapter takes a look at the security issues surrounding existing electronic door locks, t ...

FIGURE 2-1. The Onity door lock THE MAGNETIC STRIPE We’ve all come across cards with magnetic stripes multiple times in our live ...

cards, yet there are no restrictions on which particular track an entity can use. The Onity door lock happens to use track 3, wh ...