├── LICENSE └── README.md /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Ben Zhang 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Awesome IoT Hacks 2 | 3 | A curated list of hacks in IoT space so that researchers and industrial products 4 | can address the security vulnerabilities (_hopefully_). 5 | 6 | The table of content is generated with 7 | [doctoc](https://github.com/thlorenz/doctoc). Make sure you run it and update 8 | the table of content before making pull requests. 9 | 10 | ## Contents 11 | 12 | 13 | 14 | 15 | - [Analysis, Reports and Slides](#analysis-reports-and-slides) 16 | - [Communities](#communities) 17 | - [IoT Hacks](#iot-hacks) 18 | - [Thingbots](#thingbots) 19 | - [RFID](#rfid) 20 | - [Home Automation](#home-automation) 21 | - [Connected Doorbell](#connected-doorbell) 22 | - [Hub](#hub) 23 | - [Smart Coffee](#smart-coffee) 24 | - [Wearable](#wearable) 25 | - [Smart Plug](#smart-plug) 26 | - [Cameras](#cameras) 27 | - [Traffic Lights](#traffic-lights) 28 | - [Automobiles](#automobiles) 29 | - [Airplanes](#airplanes) 30 | - [Light Bulbs](#light-bulbs) 31 | - [Locks](#locks) 32 | - [Smart Scale](#smart-scale) 33 | - [Smart Meters](#smart-meters) 34 | - [Pacemaker](#pacemaker) 35 | - [Thermostats](#thermostats) 36 | - [Fridge](#fridge) 37 | - [Media Player & TV](#media-player--tv) 38 | - [Firearms](#firearms) 39 | - [Toilet](#toilet) 40 | - [Toys](#toys) 41 | - [Drones](#drones) 42 | 43 | 44 | 45 | ## Analysis, Reports and Slides 46 | 47 | - [Internet of Things Research Study (HP 2014 Report)](http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pdf) 48 | - [The Internet of Fails](http://www.slideshare.net/markstanislav/the-internet-of-fails-where-iot-has-gone-wrong-and-how-were-making-it-right), 49 | ([video](www.youtube.com/watch?v=8hLeVSvoHqI)) 50 | - [Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices](https://www.iotvillage.org/slides_DC23/IoT11-slides.pdf) 51 | - [Hack All The Things: 20 Devices in 45 Minutes](https://www.defcon.org/images/defcon-22/dc-22-presentations/Heres-Etemadieh-Baker-Nielsen/DEFCON-22-Heres-Etemadieh-Baker-Nielsen-Hack-All-The-Things.pdf) - ([wiki](https://www.exploitee.rs/), [video](www.youtube.com/watch?v=h5PRvBpLuJs)) 52 | - [Careful Connections: Building Security in the Internet of Things (FTC)](https://www.ftc.gov/system/files/documents/plain-language/pdf0199-carefulconnections-buildingsecurityinternetofthings.pdf) 53 | - [Analysis of IoT honeypot data; How devices are hacked, type of infections and origin of attacks (Kaspersky lab, 2018)](https://securelist.com/new-trends-in-the-world-of-iot-threats/87991/) 54 | 55 | ## Communities 56 | 57 | - [IoT VillageTM](https://www.iotvillage.org/) 58 | - [BuildItSecure.ly](http://builditsecure.ly/) 59 | - [Secure Internet of Things Project (Stanford)](http://iot.stanford.edu/people.html) 60 | - [The Open Web Application Security Project (OWASP)](https://www.owasp.org/index.php/Main_Page) 61 | 62 | ## IoT Hacks 63 | 64 | ### Thingbots 65 | 66 | - [Proofpoint Uncovers Internet of Things (IoT) Cyberattack](http://investors.proofpoint.com/releasedetail.cfm?releaseid=819799) 67 | 68 | ### RFID 69 | 70 | - [Vulnerabilities in First-Generation RFID-enabled Credit Cards](http://www.arijuels.com/wp-content/uploads/2013/09/HBFJ+07.pdf) 71 | - [MIT Subway Hack Paper Published on the Web](http://www.pcmag.com/article2/0,2817,2327898,00.asp) 72 | - [Tampered Card Readers Steal Data via Bluetooth](http://www.americanbanker.com/security-watch/bluetooth-skimming-1042020-1.html) 73 | 74 | ### Home Automation 75 | 76 | - [IOActive identifies vulnerabilities in Belkin WeMo's Home Automation](http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf) 77 | - [Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices](https://www.iotvillage.org/slides_DC23/IoT11-slides.pdf) 78 | - [Popular Home Automation System Backdoored Via Unpatched Flaw](http://www.darkreading.com/vulnerabilities---threats/popular-home-automation-system-backdoored-via-unpatched-flaw/d/d-id/1320004?_mc=sm_dr_editor_kellyjacksonhiggins) 79 | 80 | ### Connected Doorbell 81 | - [CVE-2015-4400: Backdoorbot, Network Configuration Leak on a Connected Doorbell](https://blog.fortinet.com/2016/01/22/cve-2015-4400-backdoorbot-network-configuration-leak-on-a-connected-doorbell), ([video](https://www.youtube.com/watch?v=a05RciFhPrs)) 82 | 83 | ### Hub 84 | 85 | - [TWSL2013-023: Lack of Web and API AuthenticationVulnerability in INSTEON Hub](https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2013-023/?fid=3869) 86 | 87 | ### Smart Coffee 88 | 89 | - [Reversing the Smarter Coffee IoT Machine Protocol to Make Coffee Using the Terminal](https://www.evilsocket.net/2016/10/09/IoCOFFEE-Reversing-the-Smarter-Coffee-IoT-machine-protocol-to-make-coffee-using-terminal/) 90 | 91 | ### Wearable 92 | 93 | - [How I hacked my smart bracelet](https://securelist.com/blog/research/69369/how-i-hacked-my-smart-bracelet/) 94 | 95 | ### Smart Plug 96 | 97 | - [Hacking the D-Link DSP-W215 Smart Plug](http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug/) 98 | - [Reverse Engineering the TP-Link HS110](https://www.softscheck.com/en/reverse-engineering-tp-link-hs110/) 99 | - [Hacking Kankun Smart Wifi Plug](http://www.anites.com/2015/01/hacking-kankun-smart-wifi-plug.html) 100 | - [Smart Socket Hack Tutorial](http://souliss.net/media/smart-socket-hack/) 101 | 102 | ### Cameras 103 | 104 | - [Trendnet Cameras - I always feel like somebody's watching me](http://console-cowboys.blogspot.com/2012/01/trendnet-cameras-i-always-feel-like.html) 105 | - [Hacker Hotshots: Eyes on IZON Surveilling IP Camera Security](https://www.concise-courses.com/security/izon-hacking/) 106 | - [Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices](https://www.iotvillage.org/slides_DC23/IoT11-slides.pdf) 107 | - [Hacker 'shouts abuse' via Foscam baby monitoring camera](http://www.bbc.com/news/technology-23693460) 108 | - [Urban surveillance camera systems lacking security](https://blog.kaspersky.com/urban-surveillance-not-secure/8901/) 109 | - [TWSL2014-007: Multiple Vulnerabilities in Y-Cam IP Cameras](https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2014-007/?fid=3850) 110 | - [Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras](https://blog.cloudflare.com/say-cheese-a-snapshot-of-the-massive-ddos-attacks-coming-from-iot-cameras/) 111 | - [Samsung SmartCam install.php Remote Root Command Exec](https://www.exploitee.rs/index.php/Samsung_SmartCam%E2%80%8B) 112 | 113 | ### Traffic Lights 114 | 115 | - [Green Lights Forever: Analyzing The Security of Traffic Infrastructure](https://jhalderm.com/pub/papers/traffic-woot14.pdf) 116 | - [Hacking US (and UK, Australia, France, etc.) Traffic Control Systems](http://blog.ioactive.com/2014/04/hacking-us-and-uk-australia-france-etc.html) 117 | 118 | ### Automobiles 119 | 120 | - [Hackers Remotely Attack a Jeep on the Highway](http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/) 121 | - [Comprehensive Experimental Analyses of Automotive Attack Surfaces](http://static.usenix.org/events/sec11/tech/full_papers/Checkoway.pdf) 122 | 123 | ### Airplanes 124 | 125 | - [Hackers could take control of a plane using in-flight entertainment system](http://www.telegraph.co.uk/technology/2016/12/20/hackers-could-take-control-plane-using-in-flight-entertainment/) 126 | 127 | ### Light Bulbs 128 | 129 | - [Hacking into Internet Connected Light Bulbs](http://www.contextis.com/resources/blog/hacking-internet-connected-light-bulbs/) 130 | - [Hacking Lightbulbs: Security Evaluation Of The Philips Hue Personal Wireless Lighting System](http://www.dhanjani.com/docs/Hacking%20Lighbulbs%20Hue%20Dhanjani%202013.pdf) 131 | - [IoT Goes Nuclear: Creating a ZigBee Chain Reaction](http://www.wisdom.weizmann.ac.il/~eyalro/iotworm/iotworm.pdf) 132 | - [Extended Functionality Attacks on IoT Devices: The Case of Smart Lights](https://zh.scribd.com/doc/306620189/Eyal-Ronen-and-Adi-Shamir-Hack-Lightbulbs) 133 | 134 | ### Locks 135 | 136 | - [Lockpicking in the IoT](https://media.ccc.de/v/33c3-8019-lockpicking_in_the_iot) 137 | 138 | ### Smart Scale 139 | 140 | - [Fitbit Aria Wi-Fi Smart Scale](https://www.hackerspace-bamberg.de/Fitbit_Aria_Wi-Fi_Smart_Scale) 141 | 142 | ### Smart Meters 143 | 144 | - [Solar Power Firm Patches Meters Vulnerable to Command Injection Attacks](https://threatpost.com/solar-power-firm-patches-meters-vulnerable-to-command-injection-attacks/122324/) 145 | 146 | ### Pacemaker 147 | 148 | - [Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses](http://www.secure-medicine.org/public/publications/icd-study.pdf) 149 | 150 | ### Thermostats 151 | 152 | - [Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices](https://www.iotvillage.org/slides_DC23/IoT11-slides.pdf) 153 | - [Google Nest: Exploiting DFU For Root](https://blog.exploitee.rs/2014/google-nest-exploiting-dfu-for-root/) 154 | - [Smart Nest Thermostat, A Smart Spy in Your Home](https://www.blackhat.com/docs/us-14/materials/us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home.pdf) 155 | - [TWSL2013-022: No Authentication Vulnerability in Radio Thermostat](https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2013-022/?fid=3870) 156 | 157 | ### Fridge 158 | 159 | - [Proofpoint Uncovers Internet of Things (IoT) Cyberattack](http://investors.proofpoint.com/releasedetail.cfm?releaseid=819799) - Spam emails from fridges. 160 | - [Hacking Defcon 23'S IoT Village Samsung Fridge](https://www.pentestpartners.com/blog/hacking-defcon-23s-iot-village-samsung-fridge/) 161 | 162 | ### Media Player & TV 163 | 164 | - [Breaking Secure-Boot on the Roku](https://blog.exploitee.rs/2013/breaking-secure-boot-on-the-roku/) 165 | - [Google TV Or: How I Learned to Stop Worrying and Exploit Secure Boot](https://blog.exploitee.rs/2013/google-tv-or-how-i-learned-to-stop-worrying-and-exploit-secure-boot/) 166 | - [Chromecast: Exploiting the Newest Device By Google](https://blog.exploitee.rs/2013/chromecast-exploiting-the-newest-device-by-google/) 167 | - [Ransomware Ruins Holiday By Hijacking Family's LG Smart TV on Christmas Day](https://www.yahoo.com/tech/ransomware-ruins-holiday-hijacking-familys-201136667.html) 168 | 169 | ### Firearms 170 | 171 | - [DEF CON 25 - Plore - Popping a Smart Gun](https://www.youtube.com/watch?v=J3f0p3vTY-c) ([Slides](https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Plore-Popping-a-Smart-Gun.pdf)) 172 | - [Hacking a IoT Rifle - BlackHat 2015 - 36 slides](https://www.blackhat.com/docs/us-15/materials/us-15-Sandvik-When-IoT-Attacks-Hacking-A-Linux-Powered-Rifle.pdf) 173 | - [Hackers Can Disable a Sniper Rifle—Or Change Its Target - Wired 2015](https://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/) 174 | 175 | ### Toilet 176 | 177 | - [TWSL2013-020: Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet](https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2013-020/?fid=3872) 178 | 179 | ### Toys 180 | 181 | - [TWSL2013-021: Multiple Vulnerabilities in Karotz Smart Rabbit](https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2013-021/?fid=3871) 182 | - [Fisher-Price smart bear allowed hacking of children's biographical data (CVE-2015-8269)](https://www.theguardian.com/technology/2016/feb/02/fisher-price-mattel-smart-toy-bear-data-hack-technology) 183 | - [Hello Barbie Initial Security Analysis](https://static1.squarespace.com/static/543effd8e4b095fba39dfe59/t/56a66d424bf1187ad34383b2/1453747529070/HelloBarbieSecurityAnalysis.pdf) 184 | - [Security researcher Ken Munro discovers vulnerability in Vivid Toy's talking Doll 'Cayla'](http://www.techworm.net/2015/01/vivid-toys-cayla-talking-doll-vulnerable-hacking-says-security-researcher.html) 185 | - [Data from connected CloudPets teddy bears leaked and ransomed, exposing kids' voice messages](https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/) 186 | 187 | ### Drones 188 | 189 | - [Parrot Drones Hijacking - RSA2018 Video, Pedro Cabrera, March 2018](https://youtu.be/66z-aXy_1Yo) ([Slides](https://www.rsaconference.com/writable/presentations/file_upload/mbs-w14-parrot-drones-hijacking.pdf)) 190 | - [Hacking the DJI Phantom 3, Paolo Stagno, January 25, 2017](http://dronesec.xyz/2017/01/25/hacking-the-dji-phantom-3/) 191 | - [PHDays VI, hacking Syma X5C quadcopter, Pavel Novikov and Artur Garipov, June 9, 2016](http://blog.ptsecurity.com/2016/06/phd-vi-how-they-stole-our-drone.html) 192 | - [All your bebop drones still belong to us, drone hijacking, Pedro Cabrera, 2016](https://youtu.be/ra0nKHvaXnc) 193 | - [Shelling out on 3DR Solo, Kevin Finisterre,June 15, 2015](http://www.digitalmunition.com/ShellingOutOnSolo_nopass.pdf) 194 | 195 | --------------------------------------------------------------------------------