

How I hacked my home - JoachimS
https://securelist.com/analysis/publications/66207/iot-how-i-hacked-my-home/

======
userbinator
Note that these seem to be all _local_ attacks - on a home network these
devices will almost certainly all be behind a NAT, so they would not be
remotely exploitable. A remote exploit i.e. over the Internet is far more
worrying; these are not quite as bad in comparison.

 _Both compromised devices where running a Linux 2.6.x kernel, and a lot of
interpreters such as perl and python. One of them also had the GNU C compiler
installed, which would make the attackers ' life much easier._

This is probably a side-effect of cheap Linux systems becoming available, and
the general attitude of laziness and waste here really annoys me - having to
download a firmware update that's tens or even hundreds of MB for a device
whose featureset doesn't need even one tenth that amount of code to accomplish
is absolutely insane. I miss the days when devices had just enough computing
resources to do what they needed to, didn't need any updates because the
firmware was pretty much perfect, and as a result were less likely to contain
exploits. Now it seems "take an ARM devboard, connect something to the GPIO
and ship the whole mess complete with the bloated Linux distro it came with"
is the norm. I certainly won't be replacing the devices in my home with
anything "smart" anytime soon.

~~~
Decade
They are not all local attacks. The TV MITM attack can be launched remotely.
If he can find a flaw in the content rendering code, then that's a remote
attack.

Also, his NAT router itself is a security time bomb, via its remote update
mechanism. I would never run an ISP router in router mode; that's such an
obviously bad idea from a security standpoint.

------
Russell91
"At this point I asked myself, 'is it really that easy?' I then thought about
the two newly discovered vulnerabilities and realized both were in the
administrative interface after authenticating as the administrative user. I
needed to have the same preconditions as the attacker. So I tried to find
vulnerabilities without using any of my access credentials."

