Breaking BHAD - Abusing Belkin Home Automation Devices

Explore a comprehensive analysis of vulnerabilities in Belkin's WeMo home automation devices in this Black Hat conference talk. Delve into multiple security flaws discovered in both the devices and the Android app, including methods to obtain root shell access, execute arbitrary code on paired phones, and launch denial-of-service attacks. Learn about the intricacies of WeMo's functionality, command injection vulnerabilities, and the rule updating algorithm. Examine attack scenarios, sequel injection techniques, and the process of exploiting OpenWRT for command execution. Gain insights into malicious database creation, NIT script execution, and the anatomy of various attacks. Investigate methods for modifying Linux file systems, changing device names, and exploiting Java classes in the Android app. Understand the potential second and third-order effects of these vulnerabilities and review the disclosure timeline. This talk provides valuable information for security professionals and IoT enthusiasts interested in the complexities of securing smart home devices.

Introduction
Agenda
What is Wemo
How Wemo works
Why Wemo
Headlines
Command Injection Vulnerability
Attack Scenario
How Rules Work
Rule Updating Algorithm
Rule ID
Sequel Injection
Attach Database Syntax
OpenWRT
Command Execution
Malicious Database
NIT Script
NIT Script Execution
NIT Script Demo
Anatomy of the Attack
Takeaways
Teardown
Logging In
You Boot Console
No Dev Console
Modifying Linux File System
Modifying Flash Password
Application Process
Conclusions
The Cloud
Cordova
Changing Device Name
Java Classes
Alert Box
Second and Third Order Effects
Disclosure Timeline