Unconventional Attack Vectors On IoT Devices

So, hello everyone. I am going to start off with one slight warning. There was supposed to be physical props and things if I was going to actually break stuff in front of you. I bought a house which is really exciting news and got my gaze on Thursday and I don't know where about 90% of my stuff is. So, I don't have the physical props. I have photos I've managed to grab of very similar products online that just inserted into anyway. Um, so who am I and why am I not really qualified to speak about this? Uh, but so I'm an engineer at Quorum. Um, I was a graduate of Emer University graduated about 2 years ago now. Um, I'm former

committee. Um, if you they didn't ask me to do this, but I'm going to do it anyway. If you guys work for companies that would like to work with student societies, go bug them. Um, the uh, and I like photography sailing. Those are totally unrelated, but um, if you see me in the pub, you can come and talk to me about these topics and I will love talking about them. Um, Colin over there is an amazing photographer. Just giving him a shout out. He's better than I am. Oh my god. And I like breaking things, which is kind of where this talk comes from, is that I am quite a destructive person. I quite like getting my hands on

physical products and trying to do things to them. Um, I'm fairly good at that. I like fixing things. I'm not quite as good at that. And and have a real interest in finding weird ways messing with P. So, I don't really like doing the normal hacking it stuff. I like trying to find odd ways of interacting with it and trying to get it to do things it shouldn't be doing. So, um squirrels and hams this is because so the call for papers had a load of suggested tags at the bottom and squirrels and hammock written there as suggested tags and I'm like okay. Now adittedly I did call for papers after I'd had a couple drinks.

Um, and I saw that and I was like, I have to quit that. So, I was going to get a hammock and string across here and deliver my talk from hammock. And then I realized, wait, I'm not outside. There's no like pres and things to tie hammock to, and I'm not trusting any like office furniture with my weight. So, uh, you're getting a you're getting a picture of a squirrel in a hammock instead. But yeah, so um why are we talking about this? Why did you come? Actually, a lot more people came than I was expecting. But why why are we talking about this? So, who in this room have a smart home device? Put your hands up.

That's about fairly that's fairly about what I'd expect. Um there's there's excess it's about 10.8 billion IoT devices in the world right now. was a report from this year that I was looking at. And uh how many of them have how many of you guys have smart speakers of some kind? Um and keep up if they're Google Homes or some Google based ones and Amazon Alexa ones. Most people have been Amazon. I'm going to terrify you in a minute. But um uh and what other stuff do we have? Um cameras. Probably a lot of people have some cameras. Um the smart bulbs, smart sockets, smart switches, all sorts of things. Anyone have smart white goods like fridges,

um washing machines, that sort of stuff? >> TV. >> Yeah, TV. Yeah. Um but um yeah, I I don't get the point of the smart bridges, but you know. So now let's move on to actual stuff. So fun thing. This is obviously this research found this one. This is a really cool thing and is the reason why I'm doing this talk cuz I read this and I was like this is really cool. Bot injection calendar invite. So this is some research man to find. So you could send calendar invites which obviously you send a email with a calendar invite it automatically goes into the person's calendar as a type of event. So that send that via in this case we're

using Gmail. Interestingly, Microsoft has done some work to prevent this happening, which means basically they looked at this and went, "Oh, hell." And then quickly did some work on it. So, basically the way this tag worked is they would threat actor send an email inside the uh calendar invite is whatever they're trying to prompt inject. They were a series of small ones multi-stage and then when the user asks Gemini to summarize what's in their calendar or to summarize their emails that they received if it was just an email or summarize if it's in documents summarize something documents Gemini takes that in and executes whatever is in the prompt and that allowed these security researchers to control smart heating

smart blades, smart lights, uh managed to get um Xill some information. They managed to get zoom marking to see to see video feed. They managed to get information about locations out of Google Maps and they managed to get some information from smart meters connected to it. Basically, they pulled a whole load of information including manag xfill out of this really really cool really clever stuff. Slightly terrifying. Um so yeah that's why I that's this is what then made me want to do this talk. Um so if we continue strong let's look at cameras. So uh IP camera who is watching you. Um sorry I'm just going to it's not giving my notes. So let me just uh

sorry I just realized that I have notes for this one. And it's done the wrong way round. Um,

okay. So, IP cameras. So, obviously there's all the dodgy ones from China, uh, that you can get off AliExpress that cost peanuts that most people do do put into environments and use. A lot of them send a hell of a lot of information back. Amusingly, most of them the video feed is not encrypted. However, there's a lot of other encrypted traffic going out from point sort of pointed off towards China. And interestingly, if you uh block that all cuz um someone I used to work with uh they they a couple of them because they're like they're really cheap. I only need to be able to monitor them on the network. So they just put them on a

VLAN and said nothing from that VLAN can leave. Um it's an approach. It's not one I'm taking but it's an approach. Um but even from reputable brands there's so for example Yale cameras do not encrypt video by default. There is a setting where you can enable custom video encryption that they don't clarify what standard they use but they there is an option to turn on video encryption but it's disabled by default. um a whole load of them. Most of them are in that case. You've also got many have no or very weak encryption. Uh a lot of them have hardcoded credentials as well, especially the ones from China. You there will come with very weak

default passwords. But actually a lot of them there will be hardcoded credentials as well as the weak ones. So therefore doesn't matter what you set the credentials, they're still a hardcoded one. And then term fixing them. um just cuz this was an interesting one I spotted. So most of the fairly reputable security companies that sort of thing will push updates. They are actually finally fixing these issues. They are still relatively insecure regularly finding major vulnerabilities but at least trying now. Swan has no automatic firmware updates in any of the products including the newer products. So therefore, you're relying when they do push out security updates, which they do, they've not said anything about how widely dispersed they are. But my

assumption would be that most swan brothers are probably unpatched because if you need to manually go and patch them, who in this room would actually think to go and patch your your cameras? So there are a few people. This is much better than the normal there. So in this room, yeah, I'm glad there are people, but how many of you would expect your relatives who don't work in Hector? >> Yeah. >> Yeah. Um, and if we already mentioned passwords, but here's a here's just there are lists online where you can see different manufacturers and what their default passwords are. Um, so we've got things like admin 1 2 3 4 5 if we're being really secure. admin 1 2 3 4 5 6

administration no password. Um no username or password. Um so there's a whole load of these sorts of default ones. Um these lists are widely available and most of these products do not prompt users to update or change credentials which means these won't be changed or updated. Um, has anyone here gone on Showdown and looked up for IP cameras that are publicly available to the world? There's a there's far too many, aren't there? Cameras in people's houses that offer that has a physical security risk as well in that if you're trying to break into a house, if you can go and look at their own cameras inside the house, you can see whether there's someone there or not. So, you can go and

figure out when do I want to break into this house. Um, but yes, and now that leads now on to how do we these cameras? So, I'm looking at like how do we find weird ways to interfere with the cameras. Interestingly, some of the cheap ones from China that I tried out. I was going to have a selection in front of me, but they're in a box somewhere. Um, some of the ones I found from China are I'm not sure if anyone smart bulbs that you can factory reset by switching the power on and off several times. Yeah, quite there's a number of these smart home cameras that you can factory reset switching their power off and on several

times. Now, interestingly, uh, not in my flat I just moved into, but the flat I moved out on, like many flats, the meter's in a cupboard in the hallway, which is secured by one of those, well, secured by one of those we one of those we square keys that you is just basically it stops the door swinging open. um if you can get access to that. Now, tampering with an electric meter is illegal. So, I obviously have not done that and I genuinely haven't done that. It's stupid, risky. Don't do that. But if someone does have access to it and they can flick your power off on several times, they've just factory reset all smart home devices that uh

that that works for, including potentially your cameras. Um, and when the factory reset one, they're no longer recording. They're no longer uploading. They're no longer storing locally. And even if the person is to go and try and use them, it'll just shows them being offline cuz obviously if they even notice. Other ones are um a lot of these ones run on Wi-Fi. So, if you can do any of the sorted attacks that are designed to spoof Wi-Fi networks to try and get them to hop onto your access point instead or just to try and take out Wi-Fi networks if you want to transmit a signal in pure or block that will take them out. Um, some of the

higherend ones will have a buffer where they will store an amount of footage locally and before transmitting or uploading. Um, a lot of the cheaper ones don't. So, a lot of the cheaper ones live transmit with no buffer. So, therefore, if you can jam it or block it, then it can't it doesn't have anywhere to that footage. Um, so yeah, uh there's all those sorts of fun things. Um, and then sorry, this is a very random talk. I wrote this very last minute cuz it's been a very stressful time. The flow might be slightly odd, but this basically these are things I want to talk about. So, locks. Let's talk locks. Lots of people buy really cheaply locks off AliExpress.

It's really concerning. So, I went and bought a load of really cheap blocks off AliExpress. So, we've got fun ones like this is just for design. Like, I'll talk about security in a second, but I have a problem with design. This is a door knob with the fingerprint on the phone. Has anyone here used the doororknob? [Music] I got really annoyed trying to use it. I was like, I fitted it to a to a well, not really a door, block of wood that drilled the hole out like it was a door. Um, it was awkward to use. It was annoying me before I started trying to break it. Um, so there's that. Um, this one also

has is secured via Bluetooth. You can do Bluetooth down. A lot of the a lot of these security devices that are the cheap ones from China, most of them do operate on Bluetooth or there or some weird proprietary app which um I then managed to sniff the sniff uh packets it was sending cuz most of them it is over Wi-Fi. I just sat wire shark there. Most of them it's unencrypted traffic. Um, and yeah, and typically repeating the same, it's just sending an instruction to open, which is a replayable command. So, it's not like, so it's not like um, for example, not got my car keys in the pocket, but I was going to hold my car keys like if I

press it transmits a signal and then when I press it again, it transmits a different signal. And you've got to basically be your car is listening for one that's within a block of it moves to a parallel block and it's looking for a similar one. That makes sense. Nah, just play the same thing again. So if you are within range to intercept that signal either on the channeling via Bluetooth or if you can um or if you can get onto the network and intercept the signal coming over the network, you can just replay that and the door will unlock itself. Um, and also we're seeing here you can control it by some uh smart assist smart voice

assistance. We're going to come back to that in a little bit because that's a really fun one. That's really insecure. That's far too easy to break. And then we also have other ones like this. So, um, couple of issues with this one. Oh, yeah. That one also if the the battery runs out there's no backup. >> There's there's no keep way on it. So um yeah if the battery dies you're drilling or kicking in. Um on the other side you can turn thing on the back to unlock it or to um or to disable the the locking system to keep it permanently unlocked. But yeah from the front. Yeah. So, this one here comes with a range of different

um bolt and latch options, etc. Some of which uh you can just slide that card through and pull backwards and it'll unlock. But um we'll ignore that for a minute because obviously that it's got a keyway on the bottom there. Uh I rate that in about 5 seconds flat. Um I picking it took a whole 40 45 seconds. And I would like to say clarify, I'm bad at lockpicking. I'm not good at lock picking and I got it open pretty simply. Other fun one, this casing's plastic. I have two of these. One of which took a hit from hammer. So yeah, you can get into it. And then the the the PCB controlling it is just underneath

the plastic. So yeah, a we bit of destruction. You've got access. Um, metal also isn't that expensive, but come on guys. Little bit of metal. Um, but yes. So, but going back to this first one. So, this is the internal design of it. So, it's got the two ends. Great. Um, yeah, the front one's actually held on. Um, as in like the this bit is properly secured. The front bit is actually held on by a single screw that goes into a groove that goes into an indent in a groove and basically just largely friction held. I pulled it off. Um, I was like I was looking at it as I was fitting it going that doesn't look very strong. I reckon

I could pull that apart. So one foot base below it my body weight pulled off came off in my hand. reach him with your fires turn lock. So at least when the battery dies you can still get in. But yes uh that was I was feeling in a m mildly destruct mood that day as you can tell. Um but yeah so weak links. So we've been talking about we've got insecure standards going on. We talking about that a little bit. Part of that is the standards is a fairly being used is a fairly loose term given how fragmented the whole uh IoT ecosystem is currently. Um so you've got that and then you've also got all the other weak links. It's

a lot of these products are featuring problems that are not new. So, a lot of it is they've inherited other design problems like the we like the really easy pick keyway. This is not new. A lot of code lock doors that aren't the smart ones that are just the traditional code lock doors have a key back. Anytime they put a key back up on something, they make it weak anything. I don't know why. Have any of you ever tried to um deal with a safe? That's one of the ones with the code lock on it. For some reason, they instant they put a code or a fingerprint reader, you then put the worst key, the worst lock a lock

cylinder in possible to the point that half the time it's faster to rake the lock than it is to break the code in. Um, I've had to do that before cuz I've got something I had something stuck in a safe and I'm like, I can't remember the code and I might I'll just go get my lock picks. I'm like, I'll just I'll just open it. Um but yes, so now we're going to go back on something. So this is all kind of new stuff that's new to the talk. We're now going stuff that I've next from a previous talk that's next from my uh honors project which is audio playback attacks. I love talking about these. So

we're now talking about one of the really weak things is those smart assistants, those Google Homes, the Amazon Alexexas, that sort of thing. They are really insecure. So there's two attacks I'm going to talk about audio playback hacks which are where I record you talking. So I either get recording of you from online if you agree to having talks recorded which is really ironic given what I agreed to hear where I'm currently being recorded talking about risk of letting people record you. Uh so audio playback architects they use that or they might surreptitiously record you. They might do some sort of social engineering, specific phrases, that sort of thing. They might just try and manufacture bumping into you in the

street and try and get you to talk. That's how they source it. They then play that back to try and convince a system that you talking. Now, this could be done for a range of different reasons. It might be done just for traditional impersonation. Um, it's more challenging doing that, but you can do it for that or you can do it to target systems to on that. And the other one is deep fake attack. So you basically take all that, feed it into some sort of machine learning and out pops a model that will talk like it's you. And this is terrifyingly easy to do. So it used to be you needed a fair bit of data.

Don't anymore. You can get a fairly okayish one with like a couple of mis recordings. You can get a pretty good one of this. And I'm sure you might you've seen videos online of where of deep fakes of people of famous people talking. Well, it's actually very easy to do that to just about anyone. But yes, so now how do these devices verify you or not? Um, so Google Homes only only run what's they refer to as SV, automatic speaker verification. That's what they use to tell who's talking to them. That's what they use to determine what they should be doing. Is it some random person in which case yeah they can play music but should be

unlocking the door. Well, Google actually only runs the ASV on the trigger phrase. So they only run it on okay Google which I just said on a recording. Uh so if they've got a recording of that please no one watch this use on my devices. No I don't let them do anything. I don't let them do anything that actually matters. Um, but they if they can get that trigger phrase and play that back, it doesn't check for the rest of the phrase that it even is remotely similar. So, you can play that trigger phrase and then in your own voice sounding totally different, issue a command and it will, yeah, that's Faser. Um, which is a little problematic. So

that means yeah, you don't even need to capture audio of me saying what specific command you want via that. So going back for example to that smart lock that you can unlock via uh Google Home. They've got one in the hallway. Pop a pop the letter box open the okay Google and then just shout unlock the front door. Open the front door pops and in you are um or any other control of any other one of these devices. These things also hold an incredible amount of data about us. They hold information about where you work, where you live, where you go regularly. They have access to all that location data. They have access to mics.

They in your house. They have cameras. They can control different devices. They might be able to switch your lights on and off. They can in the first in that initial one that I was talking about where they did the prompt injection, they were controlling electronic blinds. Um, but aside from that, there's a lot of very confidential data we might have about you in there, a lot of very personal data because they are connected to phones as well which carry around with us all the time. Um, but yeah, so I've given Google a bit of hassle there. Let's have a go at Amazon now. More people had Amazon devices. Yeah, they don't seem to actually do the

verification part of ASV. They seem to do ASR, which is automatic speed recognition instead of verification. Uh the experience of handle X devices is that if there's only one user registered on the device, you can play just about anyone talking and it will accept the command about 80 to 90% of the time. Um if there are multiple people register on the device, it just seems pick whoever sounds the most similar. So um it's like it doesn't it's clearly being trained because people get annoyed when it rejects mans because it doesn't recognize it. So they have decided they clearly at some level we decision well people really don't like that. So we're just going to make sure that doesn't

happen. I would like to point out test projects. I have actual stats that I can show people if they want to later. I'm not going to bore you with tables. They don't make pretty graphs cuz the numbers are too big. Um, but the they they basically seem just take anything. I'm running low on time, so I'm going to speedrun the next bit. Lasers. Um, okay. So, this is the last bit I'm going to cover. So, this is some researchers did some really cool things. So, this was issuing commands from outside a building. So, here we have a lovely Google Home in that room over there sitting there in an office building with the window. Here in this other building, we have a

very nice laser, very fancy laser that you can pulse and control. You can control really accurately. Up over there, this is from the window. You can't really see it, but I promise you that is there. And there's a telescope to help the main. This is using a visible laser. We didn't try it with a with a laser outside the visible spectrum, but should work. Basically, what this does is they've got three and a half minutes. I've got three and a half minutes. I can do this. Okay. So, they pulse the laser. So, um sound waves are mechanical waves moving through a medium. This is not a mechanic wave. This is an electromagnetic wave. But photons when they impact a surface

impart tiny amount of energy. Energy when when energy is impacted things like when I talk I'm making the eye break. When that's a microphone, that is this microphone here. What's happening is my voice my the sound waves I'm producing hit it and make make the microphone vibrate. You shoot a laser at it, it vibrates, too. The trick is all you need to do is have some fancy software controlling it to make it vibrate in the right way like someone talking to it. They managed to issue commands to this from over there by vibrating with a laser. The only security method to prevent against this is one use microphones that aren't susceptible to that. Not all

types of microphones are but primarily if you are worried about this and you have smart devices make sure you can't see the microphones from yeah close your curtains or just put it somewhere in the room that's not visible from outside. Um but yes so results from them. So, uh, Google Home maximum distance at 5, uh, matt is 110 plus m through a window. Uh, we've got 70 m over there. Lots of 50s at the 60 m. But yeah, so depending on what devices, whole section devices here, it's working. This is a fun one. Also working against here, we've got some iPhones, iPads, etc. Um these are all this is a fairly high skill attack. The audio playback and um

and deep fake those are fairly simple. Deep fake slightly more challenging. The audio playback one that's what I actually did my honors project in. And my higher project was as untechical as possible because I was trying to go with the lowest skill one. I was like and I kept having people oh but you could do this. I'm like nah normal people wouldn't be able to do that. I have a phone. I have a laptop. I can only play with the record or play on them or generate audio using Yeah, Alexa would accept um Google Translate readback as be me. I don't think I sound like that, but you know um but yes, I know we have like 1

minute left. Are there any is there a question? And if not, then speak to me afterwards. Yeah. Any questions? >> How much are those lenses? bloody expensive. I would love one but bloody expensive. That was I think that was that's really universities that are doing that. >> Use a laser distance version. >> Uh the problem would be just to pricey control it. And so it's potentially yes. You'd have to run a lot of control software for it and you'd have to jury again. You could probably manage it. You just need to rip out all the trolls and man and do that. Yeah. >> Could use a cat. The thing is just getting the thing. Yeah, they they've obviously used a very

fancy fairly powerful one at shorter distance. Yeah, you could use a low power lower power one jury rig something up. You just need to write a lot of fancy controls off where they just use a more expensive one attack by putting a sheet of paper over the wall. >> Yes. >> Yeah. >> You just you lit it's it's a line of sight hack. So yes, anything that disrupts line of sight will work. They always don't take your desk. >> That's my excuse. [Music] >> My desk is currently sideways against the wall. So, my desk is very tight. Uh, but yeah, uh, any other questions? We're over time, but yes. Thank you.