Update 4 on iOS smart home application analysis

During the past week, I focused mainly on the dynamic analysis of Wemo switch and Wemo app. It first got my interest because I heard that it was still communicating with the server with a Man in the Middle proxy, and essentially disregarding any SSL/TLS error handling. I spend some time getting familiar with the MITM tool, Bettercap, in order to perform the dynamic analysis.

[Read more…]

Update 3 on iOS smart home application analysis

During the past weeks, I have been focusing on exploring smart home apps in their assembly form. Specifically, I was trying to find out the exact implementation of SSL/TLS trust. However, I realized after two days that this is not going anywhere. This is due mostly because the assembly form of any of the smart home apps is packed with library functions and regular functions by the nature of smart home apps. As soon as I realize this, I tried to readjust myself, and approach this problem from another angle instead of trying to brute force my way through the assembly code. I first constructed a flow chart demonstrating how applications are connecting to the web in general. Then I listed out all the possible ways that could be potentially go wrong. This helped my narrow down the list of options and the areas I have to research in detail. I also realized that this could potentially be applied to every app, so that’s pretty cool.

[Read more…]

Update 2 on iOS smart home application analysis

During the past 2 weeks, I have been working on the iPhone 4S that we just purchased. In last week, I learned about different types of jailbreak, tethered, semi-tether, and untethered. And I did a semi-tether jailbreak, which means that I can still use the phone when I reboot. The reason for jailbreaking iPhone is to enable us to use a third party tool, Clutch, to decrypt Apple Store applications so that we can perform further static analysis.

[Read more…]

Systematically Evaluating Threat Landscape of Smart Home Applications Update 1

One week has passed since I started my research on the security of iOS Smart Home applications. During the past week, I was mainly focused on reading and understanding previous research papers regarding similar topic. One paper included a systematic approach of reverse engineering iOS applications. Another paper looked at some design flaw of smart home applications in general. A third paper that looked at some common OAuth implementation flaw in general that are used by developers. I was able to get a good grasp of OAuth 1.0 and 2.0 and their uses-cases. In specifically, I was able to understand the common pitfall of re-purposing OAuth as an Authentication tool when it is only designed as an Authorization tool. Along the way of reading these paper, I also learned some networking terminology: Back Channel and Front Channel, which are very cool terms that define the process of OAuth.
Over next week, I will be looking at some more research paper on related research on Smart Home Applications and some possible vulnerable authentication method they are using.

Systematically Evaluating the Threat Landscape of the Smart Home

Smart home technology is becoming more popular because it offers a great deal of convenience. The fundamental question I am looking to answer is: Is IoT (Internet of Things) / smart home software itself secure?

[Read more…]