Abusing the Internet of Things

(Rick Simeone) #1

Here we have a situation in which the WiFi password is stored in clear text. What’s more,
the pre-shared key (PSK) hash, calculated using the ssid and password, is also present. This
creates a situation in which anyone with access to the doorbell can easily access the filesystem
and gain access to the customer’s home WiFi network. Stronger controls that store the key in
a secure hardware processor (such as the Apple A7 processor) would be a better solution. Even
though the product at hand is a mere doorbell, the security of the user’s entire internal net-
work could be put at risk by storing credentials such as the WiFi password in the clear. Using
the littleBits platform for prototyping is a good way to uncover issues like this, so you can start
to figure out your security requirements early on.
The /srv/http directory contains files for the web server that is activated when the cloudBit
is in setup mode. We can put executable scripts in this directory to have commands run for us
on the live instance of the cloudBit. Let’s give it a shot:


[bash]$ cd /Volumes/littleRoot/srv/http/set-wifi

Now put the following file (ps_netstat.cgi) into this directory:

#!/bin/bash
echo "Content-type: text/html"
echo ""
echo ""
echo '<html>'
echo '<body>'
echo '<pre>'
ps -aux
echo "<br><br><br>"
netstat -na

echo '</pre>'
echo '</body>'
echo '</html>'

And set the right permissions:

[bash] chown 33:_appstore ps_netstat.cgi
[bash] chmod 755 ps_netstat.cgi

208 CHAPTER 7: SECURE PROTOTYPING—LITTLEBITS AND CLOUDBIT
Free download pdf