Brute Force Vulnerability in Netgear ARLO

Netgear Arlo

Update: CVE-2016-10115 and CVE-2016-10116 have been enlisted by MITRE.  Refer to the following CVE entries: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10116 Base Station to Camera Communication Basics As we shared in a previous blog article, the Netgear ARLO security camera system consists of a base station and multiple camera units that operate on batteries. The ARLO base station and camera…

Factory Reset Vulnerability in Netgear ARLO

Netgear Arlo

Update: CVE-2016-10115 and CVE-2016-10116 have been enlisted by MITRE.  Refer to the following CVE entries: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10116 In our ongoing curiosity of IoT products, we took a look at ARLO, a home security camera system from Netgear. ARLO is Netgear’s competing product to the Google Nest Dropcam. When I first researched network security cameras last summer ahead…

Rediscovery of NetUSB Vulnerability in Broadband Routers

Figure 1 Connecting UART connections to the target device

Recently NewSky Security Labs performed white-box testing on a Netgear networking product, the R6050 model. During our investigation into the system, we found an exploitable vulnerability in the NetUSB module present in the system. NetUSB is a proprietary technology developed by the Taiwanese company KCodes, intended to provide “USB over IP” functionality. NetUSB is included in…

Case Study: Hacking Smart Lock Security

Kwikset Kevo Smart Lock

Update: This case study was presented at the CanSecWest 2016 conference held in Vancouver, British Columbia, Canada. The presentation is available as a PDF from this link.   Exponential growth of smart technology and Bluetooth Smart With the booming of Internet of Things (IoT), Bluetooth Smart, or Bluetooth v4.0 (aka Low Energy or BLE), has…

Mobile devices bundled with malware?

When you purchase a mobile device, you expect the device to be free of digital threats, clear of viruses, and otherwise safe to use. According to a G Data Mobile Malware Report for Q2 of 2015, more than 20 smartphone models were identified to contain modified or manipulated versions of common apps such as Facebook:…

Stagefright scan and removal tool

0xID Labs has created a utility to scan for and remove malformed media files that match certain criteria that resemble a Stagefright exploit. Update August 6, 2015: In light of the recent disclosure by Zimperium at Black Hat 2015, we’ve updated coverage for additional threat vulnerabilities. This tool is for immediate release to use by…

Critical Stagefright flaw, millions affected

In late July, researchers with Zimperium announced the discovery of a critical flaw in the Android library libstagefright, potentially affecting 95% of all Android devices, from Android Froyo (2.2) to Lollipop (5.0). The flaw could result in the device getting owned if successfully exploited. Google illustrates Android media architecture and framework in the following diagram:…

IoT In The News: Uconnect Hack

In July, it was revealed that two researchers, Charlie Miller and Chris Valasek, were able to successfully connect to a vehicle’s computer remotely, over the Internet, and control the car’s mobility by disabling the brakes, or issuing a kill command to stop the engine. Scary. The vehicle was a Jeep Cherokee and it was outfitted…