Abusing the Internet of Things

(Rick Simeone) #1

FIGURE 1-3. Associating the bridge with the website


The website knows that it has located the bridge because the bridge routinely connects to
the hue backend to broadcast its id (a unique id is assigned to every physical bridge manufac-
tured), internal IP address, and MAC address (identical to the id). The bridge does this by
making a POST request to dcs.cb.philips.com, like this:


POST /Dcs.ConnectionServiceHTTP/1.0
Host: dcs.cb.philips.com:8080
Authorization: CBAuth Type="SSO", Client="[DELETED]", RequestNr="16",
Nonce="[DELETED]", SSOToken="[DELETED]", Authentication="[DELETED]
Content-Type: application/CB-MessageStream; boundary=ICPMimeBoundary
Transfer-Encoding: Chunked
304
--ICPMimeBoundary
Content-Type: application/CB-Encrypted; cipher=AES
Content-Length:0000000672
[DELETED]

To which the server side responds:

CONTROLLING LIGHTS VIA THE WEBSITE INTERFACE 5
Free download pdf