Smart Vacuum Cleaners as Remote Wiretapping Devices - Easterhegg - 2019

Explore the security vulnerabilities of smart vacuum cleaners in this conference talk from Easterhegg 2019. Dive into the process of exploiting Neato Botvac Connected firmware to control high-end vacuum cleaners. Learn about firmware extraction techniques, including overcoming proprietary chip layouts and QNX systems. Discover how buffer overflow vulnerabilities can lead to remote command execution with root privileges. Understand the implications of these security flaws on user privacy and home security. Follow the speakers' journey through firmware analysis, vulnerability identification, and exploit development, including their methods for overcoming obstacles in proof-of-concept creation. Gain insights into the potential risks associated with cloud-connected smart home devices and the importance of robust security measures in IoT products.

Intro
Infrastructure
Firmware Updates
Firmware Update Process
Serial Debug Port
Breaking QNX SDP 6.5 License Management
Boot Me If You Can #2
Extracting the Neato IFS
QNX Boot Process
Secure Boot Bypass (CVE-2018-20785)
"BlackBox" Logs & Coredumps
RC4 For Beginners (CVE-2018-17177)
Generating and Interpreting Coredumps
Buffer Overflow Vulnerability
Controllable Registers
Vulnerable Function
Vulnerability Root Cause
Determining Factors for the Exploit
Our Exploit
Implications
Root Remote Code Execution via Cloud (CVE-2018-19442)