SnapShot

2 Articles

Smart Doorbell Focuses On Privacy

August 18, 2023 by 11 Comments

As handy as having a smart doorbell is, with its ability to remotely see who’s at the front door from anywhere with an Internet connection, the off-the-shelf units are not typically known for keeping user privacy as a top priority. Even if their cloud storage systems were perfectly secure (which is not a wise assumption to make) they have been known to give governmental agencies and police free reign to view the videos whenever they like. Unfortunately if you take privacy seriously, you might need to implement your own smart doorbell yourself.

The project uses an ESP32-CAM board as the doorbell’s core, paired with a momentary push button and all housed inside a 3D-printed enclosure. [Tristam] provides a step-by-step guide, including printing the enclosure, configuring the ESP32-CAM to work with the popular open-source home automation system ESPHome, handling doorbell notifications automatically, and wiring the components. There are plenty of other optional components that can be added to this system as well, including things like LED lighting for better nighttime imaging.

[Tristam] isn’t much of a fan of having his home automation connected to the Internet, so the device eschews wireless connections and batteries in favor of a ten-meter USB cable connected to it from a remote machine. As far as privacy goes, this is probably the best of all worlds as long as your home network isn’t doing anything crazy like exposing ports to the broader Internet. It also doesn’t need to be set up to continuously stream video either; this implementation only takes a snapshot when the doorbell button is actually pressed. Of course, with a few upgrades to the ESP circuitry it is certainly possible to use these chips to capture video if you prefer.

Thanks to [JohnU] for the tip!

Zubie

Remotely Controlling Automobiles Via Insecure Dongles

January 21, 2015 by 56 Comments

Automobiles are getting smarter and smarter. Nowadays many vehicles run on a mostly drive-by-wire system, meaning that a majority of the controls are electronically controlled. We’re not just talking about the window or seat adjustment controls, but also the instrument cluster, steering, brakes, and accelerator. These systems can make the driving experience better, but they also introduce an interesting avenue of attack. If the entire car is controlled by a computer, then what if an attacker were to gain control of that computer? You may think that’s nothing to worry about, because an attacker would have no way to remotely access your vehicle’s computer system. It turns out this isn’t so hard after all. Two recent research projects have shown that some ODBII dongles are very susceptible to attack.

The first was an attack on a device called Zubie. Zubie is a dongle that you can purchase to plug into your vehicle’s ODBII diagnostic port. The device can monitor sensor data from your vehicle and them perform logging and reporting back to your smart phone. It also includes a built-in GPRS modem to connect back to the Zubie cloud. One of the first things the Argus Security research team noticed when dissecting the Zubie was that it included what appeared to be a diagnostic port inside the ODBII connector.

Online documentation showed the researchers that this was a +2.8V UART serial port. They were able to communicate over this port with a computer with minimal effort. Once connected, they were presented with an AT command interface with no authentication. Next, the team decompiled all of the Python pyo files to get the original scripts. After reading through these, they were able to reverse engineer the communication protocols used for communication between the Zubie and the cloud. One particularly interesting finding was that the device was open for firmware updates every time it checked in with the cloud.

The team then setup a rogue cellular tower to perform a man in the middle attack against the Zubie. This allowed them to control the DNS address associated with the Zubie cloud. The Zubie then connected to the team’s own server and downloaded a fake update crafted by the research team. This acted as a trojan horse, which allowed the team to control various aspects of the vehicle remotely via the cellular connection. Functions included tracking the vehicle’s location, unlocking hte doors, and manipulating the instrument cluster. All of this can be done from anywhere in the world as long as the vehicle has a cellular signal.

A separate but similar project was also recently discussed by [Corey Thuen] at the S4x15 security conference. He didn’t attack the Zubie, but it was a similar device. If you are a Progressive insurance customer, you may know that the company offers a device that monitors your driving habits via the ODBII port called SnapShot. In exchange for you providing this data, the company may offer you lower rates. This device also has a cellular modem to upload data back to Progressive.

After some research, [Thuen] found that there were multiple security flaws in Progressive’s tracker. For one, the firmware is neither signed nor validated. On top of that, the system does not authenticate to the cellular network, or even encrypt its Internet traffic. This leaves the system wide open for a man in the middle attack. In fact, [Thuen] mentions that the system can be hacked by using a rogue cellular radio tower, just like the researchers did with the Zubie. [Thuen] didn’t take his research this far, but he likely doesn’t have too in order to prove his point.

The first research team provided their findings to Zubie who have supposedly fixed some of the issues. Progressive has made a statement that they hadn’t heard anything from [Thuen], but they would be happy to listen to his findings. There are far more devices on the market that perform these same functions. These are just two examples that have very similar security flaws. With that in mind, it’s very likely that others have similar issues as well. Hopefully with findings like this made public, these companies will start to take security more seriously before it turns into a big problem.

[Thanks Ellery]