ISC StormCast for Wednesday, July 3rd 2019
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 3 July 2019
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Wednesday, July 3rd, 2019 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Riyadh, Saudi Arabia. |
| 0:13.5 | Today we got three vulnerabilities to start out with in the Sepato Home Automation SmartUp. They were discovered by Charles Doddman and he just published a blog post with some details regarding |
| 0:27.0 | these vulnerabilities. |
| 0:29.2 | Three vulnerabilities in total and very typical IoT in and of things style vulnerabilities. |
| 0:35.7 | The first one that sort of really sets off a chain of vulnerabilities |
| 0:39.3 | here is a static S.H key. Once that SH key is extracted from one of these devices, it can be used |
| 0:47.5 | to authenticate to any device made by this manufacturer. Once an attacker has access to the device via SSH, they can also |
| 0:58.6 | extract hashed passwords. Now, at first it doesn't really sound that bad that you can extract |
| 1:04.5 | the hash password. Yes, you can brute force it, but this is not actually the real problem here. |
| 1:10.5 | The problem is that the hash itself can be used to |
| 1:14.5 | authenticate to the API and that's where the two other vulnerabilities come into play. First, |
| 1:22.2 | the hash can be used to authenticate to the local API, but it also works against the remote API. |
| 1:30.4 | Once the attacker has access to the API and is able to authenticate, they are able to take |
| 1:35.3 | full control of all devices connected to the smart hub, including locks. |
| 1:41.6 | Sipato released a patch for these issues back in March and Charles Stottoman waited |
| 1:48.1 | until now in order to give users a chance to patch before he did release the details about |
| 1:55.4 | these vulnerabilities. |
| 1:58.7 | And recently I have been looking into DNS over HDPS and we'll have mentioned this protocol a couple times here in the podcast. |
| 2:07.2 | Our fellow handler John Bambenek now set up a little GitHub repository with host names and IP addresses being used by DNS over HDPS services. |
| 2:20.9 | This can be used in order to either block or at least detect the use of these services. |
| 2:27.1 | The problem here is that these services can be used to bypass corporate security controls so you definitely do |
| 2:37.0 | want to keep an eye on it and make sure these services are not abused. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.