Sharing guests: Liu Jianwei, a well-known hacker, 360 network security attack and defense laboratory senior researcher. I used to crack Tesla in 2014. In 2015, I helped to organize the HACKPWN hacking conference, which solved the mainstream intelligent hardware on the market, including cameras, washing machines, ovens, smart security and other equipment.
[刘å¥çš“]
As a hacker who cracked countless smart products, how do you see the "hacker show" of the 315 party?
The problems exposed at the 315 night are mainly divided into two aspects:
Part of it is the problem of the smart hardware itself.
A large part is the problem of the network environment and applications.
From a hacker's point of view, there are differences between these two aspects. I think the purpose of these vulnerabilities disclosed at this party is to make the smart hardware around us safer. The central government regards the improvement of the national security awareness. It is understandable to use this method to expose.
From my point of view, 315 reveals some secrets that are already known in the circle. (In fact, in my hands, there are still many secrets, I won’t tell you~ I won’t tell you~~)
[315 night, hackers show black out a drone]
What are the security issues with smart products around us?
Since I have studied a lot of intelligent hardware, I have summarized some rules. Generally, the intelligent hardware has the most problems in access control, authentication, and encrypted transmission. Others are problems at the hardware level and at the design level.
Most of the smart hardware we cracked was because there was no encrypted transmission directly on the mobile terminal and the cloud. Or the encryption strength is not enough, the key is encapsulated in the APK. In this way, we can restore the entire login, communication, control process, and then analyze, thus hijacking the control smart device. This is a vertical crack for smart hardware. (This kind of hijacking means: in the case of unauthorized control, the same control authority is obtained by controlling the hijacking as the authorized login user.)
After discovering that we can control the smart hardware itself, we will find a way to see if it can affect other devices horizontally. The horizontal control is to see how the device's identity identification is designed. Many intelligent hardware vendors use the MAC address as the unique identifier for identity authentication. However, the rule of the MAC address is routable, so all devices of this manufacturer can be controlled by traversing the MAC address. In addition, the intelligent hardware access control measures are not appropriate, it can also cause a large lateral control of a certain intelligent hardware.
Depending on the type of smart hardware, I can give examples:
Smart Camera: Camera Security In addition to the authentication, access control, and encrypted transmissions I mentioned, there are some features of my own. At present, many cameras use the RTSP protocol to establish a connection with the client, and the RTSP connection address is leaked during the network transmission process, so that the VLC player (Universal Player) can directly play the video content of the camera.
2V Lead Acid Battery,Rechargeable Lead Acid Battery,12V 60Ah Lead Acid Battery,Lead Acid Battery For Railway
Henan Xintaihang Power Source Co.,Ltd , https://www.taihangbattery.com