MWC2017: Day 1

Today was productive at Mobile World Congress 2017. Our booth assignment is in Hall 8 at Fira Montjuic, with a detailed map here. We met with a myriad of companies already including carriers, IoT developers, and several high-profile companies in the mobile industry. We demonstrated our offerings via demo and we conveyed the importance of…

Brute Force Vulnerability in Netgear ARLO

Netgear Arlo

Update: CVE-2016-10115 and CVE-2016-10116 have been enlisted by MITRE.  Refer to the following CVE entries: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10116 Base Station to Camera Communication Basics As we shared in a previous blog article, the Netgear ARLO security camera system consists of a base station and multiple camera units that operate on batteries. The ARLO base station and camera…

Factory Reset Vulnerability in Netgear ARLO

Netgear Arlo

Update: CVE-2016-10115 and CVE-2016-10116 have been enlisted by MITRE.  Refer to the following CVE entries: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10116 In our ongoing curiosity of IoT products, we took a look at ARLO, a home security camera system from Netgear. ARLO is Netgear’s competing product to the Google Nest Dropcam. When I first researched network security cameras last summer ahead…

Rediscovery of NetUSB Vulnerability in Broadband Routers

Figure 1 Connecting UART connections to the target device

Recently NewSky Security Labs performed white-box testing on a Netgear networking product, the R6050 model. During our investigation into the system, we found an exploitable vulnerability in the NetUSB module present in the system. NetUSB is a proprietary technology developed by the Taiwanese company KCodes, intended to provide “USB over IP” functionality. NetUSB is included in…

Case Study: Hacking Smart Lock Security

Kwikset Kevo Smart Lock

Update: This case study was presented at the CanSecWest 2016 conference held in Vancouver, British Columbia, Canada. The presentation is available as a PDF from this link.   Exponential growth of smart technology and Bluetooth Smart With the booming of Internet of Things (IoT), Bluetooth Smart, or Bluetooth v4.0 (aka Low Energy or BLE), has…