Embedded Files
PoC exploit on Flaw 1: Device ID disclosure
PoC exploit on Flaw 1: Device ID disclosure
Due to Google’s lack of knowledge about the security implication of SmartThings’s device ID, Google Home cloud discloses such IDs to its delegatees, which enables a malicious delegatee to impersonate a SmartThings device to operate on other devices stealithily (e.g., open a smart lock) even after the delegatee's access right is revoked.
Source code of our SmartThings SmartApp sending fake device event
Source code of our SmartThings SmartApp sending fake device event
PoC exploit on Flaw 2: Leaking secret of downstream delegatee cloud
PoC exploit on Flaw 2: Leaking secret of downstream delegatee cloud
Because of the lack of coordination between IFTTT cloud and SmartThings cloud, IFTTT leaks the secret URL of its downstream cloud -- SmartThings cloud, which enables a malicious delegatee user to retain a direct channel to communicate with IFTTT device (e.g., open a smart lock behind IFTTT) even after SmartThings revokes his access rights.
PoC exploit on Flaw 3: Exposing hidden devices in the upstream cloud
PoC exploit on Flaw 3: Exposing hidden devices in the upstream cloud
The security policy violation between the up- and down- stream clouds enables a malicious delegatee user from SmartThings cloud to obtain unauthorized access to devices, which are hidden from him, in LIFX cloud.
PoC exploit on Flaw 5: Abusing cross-cloud delegation API
PoC exploit on Flaw 5: Abusing cross-cloud delegation API
Unreliable revocation enforcement of Philips Hue cloud enables a malicous delegatee user to abuse Philips Hue's cross-cloud delegation API to regain unauthorized access to Philips Hue devices after his access is revoked.
Page updated
Google Sites
Report abuse