Author Topic: Black Hat Talks To Outline Attacks On Home Automation Systems  (Read 30652 times)

Offline Da_JoJo

  • Hero Member
  • *****
  • Posts: 1380
  • Karma: +16/-78
  • If something aint work, we can allways try n make
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #75 on: September 03, 2013, 11:54:37 pm »
seriously... this is like 2 people trying to convince they are right and it doesn't really adds to the point where it all comes down to.. how to more secure the vera in a way that novice users can understand also.. pointing to use ssl ? this has been compromised allready and only TLS1.2 is not yet. only internet explorer is supporting this so this is not a solution.. http password protection ? no go as it puts it encrypted or not over the network easy to man-in-the-middle attack and read by for example wireshark. using a website to make a user click on a link with http://vera-ip:3480 in it ? lol ok...
for the best interest of us , the users, it would be nice to have a php or C++ authentication or something , but this would be neccesary to implement in the various remote apps and thus the code is required to be in the open.
i think micasaverde does a very good job in making the vera stuff as easy and secure as it is. even willing to add additional features for us users to use to secure it more.. personally i think the direct acces to port 3480 should be passworded too but it on the other hand renders the upnp features less usable for other devices that cannot be changed to have this functionality.
no please stop biatch-slapping eachother with useless stuff for us common users of the system and get us some real security options which are userfriendly and usable. like aaron pointed out the only higher level security would be having a dongle which does not address the vulnerability in the z-wave protocol , so in my eyes its pointless to us users of the system. and like crowley pointed out demonstrating control over someones lan is illegal and would be prosecuted by law. so in short there is no solution to the problem. if anyone happens to have one please do share it so we can feel more secure. at least until someone comes by and throws a rock to the window and jumps in and steels ur flatscreen xD .
Vera lite (1.5.622), 2x an-158/2, dead usb pl2302 rs-232, 2x greenwave 6 port, 4x Fibaro FGD211 v1.6, FGBS001, few FGS - 221, etc. AuthomationHD 3 for android :-)
Dutch & German translator http://wiki.micasaverde.com/index.php/Special:AllPages http://support.micasaverde.com http://domotica-shop.nl

Offline Da_JoJo

  • Hero Member
  • *****
  • Posts: 1380
  • Karma: +16/-78
  • If something aint work, we can allways try n make
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #76 on: September 04, 2013, 12:11:47 am »
SSRF ... where would you do that ? on the ssh connection vera makes to their servers lol?
upnp request ? like aaron pointed out that is part of the vera and gives it its nice feature to be able to control it from a upnp device which indeed does not use a login.. its on purpose
if you can do that you might as well use the http command on port 3480 to open a port to the outside world and control it from there..
it needs local acces and if you have this , a bank account would be nicer to gain then turning on a light. its like saying your car should not have a lock coz any idiot can use a screwdriver and a wrench to open it.
Vera lite (1.5.622), 2x an-158/2, dead usb pl2302 rs-232, 2x greenwave 6 port, 4x Fibaro FGD211 v1.6, FGBS001, few FGS - 221, etc. AuthomationHD 3 for android :-)
Dutch & German translator http://wiki.micasaverde.com/index.php/Special:AllPages http://support.micasaverde.com http://domotica-shop.nl

Offline dcrowley

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-1
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #77 on: September 06, 2013, 12:48:31 pm »
SSRF ... where would you do that ? on the ssh connection vera makes to their servers lol?

The SSRF flaw can be used in conjunction with social engineering (sending a user a link via email, for instance) to trigger the RunLua UPnP action and execute code as root on the VeraLite from anywhere in the world. It can also be used to load Javascript content from any location and have it run within the domain context of the VeraLite. This violates cross domain policy and allows for control of a user's VeraLite remotely through a user's browser.

Quote
upnp request ? like aaron pointed out that is part of the vera and gives it its nice feature to be able to control it from a upnp device which indeed does not use a login.. its on purpose
if you can do that you might as well use the http command on port 3480 to open a port to the outside world and control it from there..

Whether I leave my door unlocked on purpose or by accident, someone can still enter.

Quote
it needs local acces and if you have this , a bank account would be nicer to gain then turning on a light. its like saying your car should not have a lock coz any idiot can use a screwdriver and a wrench to open it.

It does not need local access as I have already shown. Also, lights are not the only device the VeraLite can control. Door locks? Garage doors? Alarm systems?

The car analogy is flawed, firstly because I'm not suggesting we don't fix these things, and secondly because high security locks are designed to withstand enough torque that someone with a screwdriver and wrench would not be able to apply enough pressure to pry the lock open.

If you're interested in fixing these vulnerabilities and have something to contribute, I recommend posting in the thread I started for that.

Offline Da_JoJo

  • Hero Member
  • *****
  • Posts: 1380
  • Karma: +16/-78
  • If something aint work, we can allways try n make
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #78 on: September 07, 2013, 09:31:46 pm »
...
it still doesnt solve the problem
« Last Edit: September 07, 2013, 09:54:15 pm by Da_JoJo »
Vera lite (1.5.622), 2x an-158/2, dead usb pl2302 rs-232, 2x greenwave 6 port, 4x Fibaro FGD211 v1.6, FGBS001, few FGS - 221, etc. AuthomationHD 3 for android :-)
Dutch & German translator http://wiki.micasaverde.com/index.php/Special:AllPages http://support.micasaverde.com http://domotica-shop.nl

Offline tomhung

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
Re: Black Hat Talks To Outline Attacks On Home Automation Systems
« Reply #79 on: February 03, 2014, 01:16:15 pm »
Here is the DefCon 21 video about VeraLite.

https://www.youtube.com/watch?v=d0O-oq_4e0o#t=1793