Abusing the Internet of Things

NSA (National Security Agency), 217

O
Onity HT door lock, 38-38, 41-43, 57
OnStar system (see telematics vulnerabilities)
Open VPN protocol, 183
OpenSSL library, 240
organized crime, 218

P
packet-capture tools, 47-50
password security
baby monitors, 75-76
clear-text password reset link, 100
connected cars, 174-177
hue lighting system, 14-16
single-factor versus two-factor authentication,
99
Philips hue lighting system (see hue lighting sys-
tem)
phishing attacks, 52, 99, 175
predators, 227
Price, Micah, 154
programming port, 41
Project Chanology, 221
prototyping security, 189-230
checking for risks, 204-216
access tokens, 210-213
hardware debug interfaces, 213-216
side channel attacks, 216
WiFi, 205-210
cloudBit, 190-202
(see also cloudBit)
overview, 189
SMS doorbell design, 199-202
push notifications, 104

R
remote lighting control (see hue lighting system)
Ryan, Mike, 48, 57

S
Samsung (see Smart TVs)
scan response, 47
security tools
sslstrip, 150-152
tcpdump infusion, 154
WiFi Pineapple Mark V, 146-154

SeungJin Lee, 145

Seungjoo Kim, 145

Shodan search engine, 67

short-term key (STK), 50

side channel attacks, 216

Sidiropoulos, Nikos, 154

Sigma Designs, 43, 45

Simple Service Directory Protocol (SSDP), 70

sitecode value, 40

Skype app, 143-145

smart cities, 218, 245-246, 249

Smart TVs, 121-155

apps and risk, 136-146

firmware decryption, 136-138

operating system exploration, 138-141

remote exploitation, 142-146

encryption and vulnerabilities, 129-136

firmware decryption, 132-138

inspecting, 146-154

Samsung LExxB650 series, 124-126

Samsung software development kit, 142

SamyGO firmware patcher, 134-136

TOCTTOU (Time-of-Check-to-Time-of-Use)

attack, 123-129

voice recognition feature, 154

SmartThings, 85-120

integrated development environment (IDE),

101, 119

man-in-the-middle attacks, 105-106, 119

physical graph, 100-104

SmartPower Outlet, 87

SmartSense Multisensor, 86

SmartThings app, 87-95

custom triggers, 116

hijacking of credentials, 95-100

intruder alert customization, 93-95

push notifications, 104

Text Me When It Opens program, 101-103

user authorization, 88-92

SmartThings Hub, 87, 105-106

SmartThings SSL Certificate Validation Vul-

nerability, 105-106

third-party interoperability, 106-118

hue lighting, 107-111

WeMo Switch, 113-118

Snoopy, 232

Snowden, Edward, 217

social engineering threats, 178-179, 220, 222-226

software-defined radios, 160

Sony Pictures, 219

SpaceX, 170, 247

268 INDEX