In part three, we finally figured out how to remotely control the smart power plugs (turn them on or off). In this final part, we are going to see how inadequate security controls can be exploited for various purposes. We are also going to look at one more scenario where the smart power plugs have no internet access.Read on →
In part two, we figured out how to discover the smart plugs in a network and their details. We were also able to send remote commands to ikonkek2.com and query details about specific smart plugs. This was made possible by the discovery of a hardcoded aes key used to encrypt messages. We however still cannot turn a smart plug on or off remotely. So let’s concentrate on that in this post.Read on →
In part one, we concentrated on analysing the network communication when one turns the smart power plug on or off from the app. We had noticed some form of encrypted/encoded communication happening on udp port 27431 between the smart plug and the app installed on the phone. We also noticed some form of encrypted/encoded communication on tcp ports 9123 and 5222(xmpp) between the app, smart plug and ikonkek2.com.Read on →
I bought some smart power plugs and they were pretty awesome! These are the Eques Elf smart plugs. They can be controlled using an app through a connected Wi-Fi network, and remotely over the internet.
Everything was going on well till I noticed some strange urls on my home network monitoring system. It turns out it was the smart plug constantly communicating with some external hosts.Read on →
We often use wireless networks to access the internet. This may be at home, work or even places like restaurants. When we connect to these networks, the security of our internet traffic is under the control of the owner of the wireless network. This is also the case when we connect to a wired connection on a network we don’t control.Read on →
Moving on from my previous post about setting up a typical Wireguard VPN connection, let’s go through how to do a chained setup. I will show how to do both the typical chained Wireguard VPN connection and the one with selective routing as described in my earlier post hereRead on →
Information security conference badges have rapidly evolved over time. They have become a favorite among conference organisers and attendees as fun accessories that tie in to the conference experience. Unique badges have become collectible items that attendees keep and identify with a particular conference.Read on →