Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Have one private/public ssh keys per sensor #69

Open
DavidBruant opened this issue Nov 17, 2015 · 1 comment
Open

Have one private/public ssh keys per sensor #69

DavidBruant opened this issue Nov 17, 2015 · 1 comment
Labels
security

Comments

@DavidBruant
Copy link
Contributor

They currently all use the same. Sensors should generate their own and be able to share their public key to pheromon on demand.
@DavidBruant
Copy link
Contributor Author

https://vimeo.com/135347162

You can reverse engineer the lightbulb's firmware to find weaknesses in that lightbubl's mesh protocol.

(...) I want to be shot in the face right now, factoïd number 3, this is deeply problematic

Once you do that reverse engineering, you'll discover that each instance of this lightbulb had the same cryptographic key, the same AES key baked into the firmware.
That means that once you extract that key from the firmware once, from any lightbulb, you can use it to decrypt the wifi password then connect to the wifi using this stolen credentials (...)

The end times are here, ok ?
Jesus is about to come back, or maybe the Buddha, or maybe Godzilla
But somebody's going back and they're not gonna be happy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DavidBruant