Systematically Evaluating Threat Landscape of Smart Home Applications Update 1

One week has passed since I started my research on the security of iOS Smart Home applications. During the past week, I was mainly focused on reading and understanding previous research papers regarding similar topic. One paper included a systematic approach of reverse engineering iOS applications. Another paper looked at some design flaw of smart home applications in general. A third paper that looked at some common OAuth implementation flaw in general that are used by developers. I was able to get a good grasp of OAuth 1.0 and 2.0 and their uses-cases. In specifically, I was able to understand the common pitfall of re-purposing OAuth as an Authentication tool when it is only designed as an Authorization tool. Along the way of reading these paper, I also learned some networking terminology: Back Channel and Front Channel, which are very cool terms that define the process of OAuth.
Over next week, I will be looking at some more research paper on related research on Smart Home Applications and some possible vulnerable authentication method they are using.

Speak Your Mind