Hello, welcome to the Tuesday, August 23rd, 2016 edition of the Sansonet Storms and Stormcast.

My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

Let's focus today a little bit on the Inlet of Things again.

I haven't talked about this in a week or so, so got three different stories about the internet of things today, starting with

IOactive. IO. Active looked closer at a B.HU Wi-Fi router. This is a router that's usually

distributed in China. Of course, it may exist under other labels in the US as well, and it contains four critical vulnerabilities.

First of all, authentication isn't really verified.

All you need is the right cookie.

The actual value doesn't matter,

and you are logged in as administrator.

You can also, if you want to just access the router's system

logs which are not protected and find the right SID cookie value in that system log. And if all

fails, there is a third option. There is a magic SID value that always works.

Not that you really need it because, well, you can just use any SID value pretty much.

And once you're authenticated as an administrator, then you can access arbitrary system

commands as root just by exploiting a command injection vulnerability in this router.

The router also modifies all HD traffic passing through it and injects JavaScript into

it.

So probably shouldn't really use one of these devices.

Second one we got is a Wi-Fi control power socket.

Bit Defender took a closer look at it and found some very typical vulnerabilities.

First of all, weak default passwords and no obvious prompt to actually change it.

...