The poetry of (in)security

$ hello

Exploiting the eques elf smart plug: Part four

In part three, we finally figured out how to remotely control the smart power plugs (turn them on or off). In this final part, we are going to see how inadequate security controls can be exploited for various purposes. We are also going to look at one more scenario where the smart power plugs have no internet access.

Read on →

Exploiting the eques elf smart plug: Part three

In part two, we figured out how to discover the smart plugs in a network and their details. We were also able to send remote commands to ikonkek2.com and query details about specific smart plugs. This was made possible by the discovery of a hardcoded aes key used to encrypt messages. We however still cannot turn a smart plug on or off remotely. So let’s concentrate on that in this post.

Read on →

Exploiting the eques elf smart plug: Part two

In part one, we concentrated on analysing the network communication when one turns the smart power plug on or off from the app. We had noticed some form of encrypted/encoded communication happening on udp port 27431 between the smart plug and the app installed on the phone. We also noticed some form of encrypted/encoded communication on tcp ports 9123 and 5222(xmpp) between the app, smart plug and ikonkek2.com.

Read on →

Exploiting the eques elf smart plug: Part one

I bought some smart power plugs and they were pretty awesome! These are the Eques Elf smart plugs. They can be controlled using an app through a connected Wi-Fi network, and remotely over the internet.

Everything was going on well till I noticed some strange urls on my home network monitoring system. It turns out it was the smart plug constantly communicating with some external hosts.

Read on →

Wireguard VPN: Portable Raspberry Pi Setup

We often use wireless networks to access the internet. This may be at home, work or even places like restaurants. When we connect to these networks, the security of our internet traffic is under the control of the owner of the wireless network. This is also the case when we connect to a wired connection on a network we don’t control.

Read on →

Wireguard VPN: Chained Setup

Moving on from my previous post about setting up a typical Wireguard VPN connection, let’s go through how to do a chained setup. I will show how to do both the typical chained Wireguard VPN connection and the one with selective routing as described in my earlier post here

Read on →

Wireguard VPN: Typical Setup

I recently discovered the awesome Wireguard VPN tunnel and I was sold. Wireguard is a simple, kernel-based, state-of-the-art VPN that also happens to be ridiculously fast and uses modern cryptographic principles that all other highspeed VPN solutions lack.

Read on →

VPNs! An OPSEC Primer

The internet is a glorious place. This gloriousness does often come with some pitfalls here and there. Being probably the greatest source of information ever, various actors are constantly devicing ways to acquire and make use of all this data.

Read on →

The 2017 AfricaHackon Conference Badge

Information security conference badges have rapidly evolved over time. They have become a favorite among conference organisers and attendees as fun accessories that tie in to the conference experience. Unique badges have become collectible items that attendees keep and identify with a particular conference.

Read on →

Receiving Outernet Satellite Broadcasts

Receiving satellite data is something I’ve been hoping to try out for a while. It’s an area that captures the magic of long range radio communication and has become easier to experiment in as time has gone by.

Read on →