Abusing the Internet of Things
urn:Belkin:service:timesync:1 urn:Belkin:serviceId:timesync1 /upnp/control/timesync1 /upnp/event/timesync1 /timesyncservice.xml ...
</device> </root> Notice the remoteaccess1 service. It is invoked similarly to the example listed for WeMo Baby. How ...
wrap this framework to perpetually turn the electronic device (plugged into the WeMo Switch) off: #!/usr/bin/python import time ...
like these, monitoring devices can be abused by malicious entities to surreptitiously monitor conversations between adults remot ...
Blurred Lines—When the Physical Space Meets the Virtual Space Android and iOS are the most popular smartphone operating systems ...
nies like SmartThings and analyze what good and bad design principles are at work in their product lines. People are installing ...
TIP FIGURE 4-1. The SmartSense Multi Sensor FIGURE 4-2. The SmartThings Hub The SmartThings Hub uses the ZigBee protocol to comm ...
FIGURE 4-3. The SmartThings iOS app Users must register for a SmartThings account and sign in at the screen shown in Figure 4-4. ...
FIGURE 4-4. SmartThings app login screen When the user types in his credentials and presses Log In, the app sends the following ...
Content-Length: 191 User-Agent: SmartThings/1006 (iPhone; iOS 8.0.2; Scale/2.00) X-ST-Client-OS: iOS 8.0.2 Connection: keep-aliv ...
FIGURE 4-5. SmartThings App interface for viewing and adding locations To get the list of locations associated with the user, th ...
Accept-Language: en;q=1 X-ST-Client-AppVersion: 1.6.5 X-ST-Api-Key: [DELETED] X-ST-Client-OS: iOS 8.0.2 User-Agent: SmartThings/ ...
Authorization: Bearer [DELETED] Proxy-Connection: keep-alive X-ST-Client-DeviceModel: iPhone X-ST-Api-Version: 2.1 Accept-Encodi ...
FIGURE 4-6. SmartThings App configuration for “Intruder alert” customization Now that the customization is set, the SmartThings ...
FIGURE 4-7. Text message alerting user when door is opened It isn’t hard to imagine the amount of trust a family would have to p ...
the user’s password. Malicious entities that successfully do this can switch on or off applian- ces connected to a SmartPower Ou ...
FIGURE 4-9. Password reset request using the SmartThings app As soon as the user presses the Send Recovery Email button, the app ...
FIGURE 4-10. Email from SmartThings allowing password reset The “click here to reset your password” link is in following form: h ...
Single-factor authentication Systems that protect against physical threats should not rely upon single-factor authentication. Sm ...
physical safety using traditional attack vectors such as phishing and infecting desktops with malware. Clear-text password reset ...
«
1
2
3
4
5
6
7
8
9
10
»
Free download pdf