- IoT Security Digest
- Posts
- 🛡 IoT Security Digest - #1
🛡 IoT Security Digest - #1
Hello newsletter, CISA IoT exploit announcements, bluetooth headphone vulns and more!
Welcome to the first post of the IoT Security Digest!
I have been overwhelmed with the number of signups I’ve received so far and am so grateful that you subscribed! I can’t wait to go on this journey with you of sharing my take on what’s going on in the world of IoT security.
The IoT security sector is filled with lots of news that can sometimes stoke fear that the world is falling. Sometimes it is… but as with so much in the media things can get overblown for clicks. I hope to use this newsletter to cut through the noise. That’s a great transition to the first news story…
In The News
Hot Take:
CISA has announced that they have added CVE-2023-33538 to their Known Exploited Vulnerabilities catalog. I decided it would be a cool vuln to do a video on! I purchased a TL-WR740N V1 which is stated to be vulnerable in the CVE database and the news article.
I could not reproduce this vuln for the life of me. CISA and CVE also fail to mention that this “vulnerability” is only exploitable remotely if remote management is enabled and the attacker knows the device password. These risk details are from my own manual analysis of the device’s web interface since no details are provided in the CVE. It’s possible that this CVE is completely invalid or that it doesn’t actually apply to the WR740N V1 device.
This is not the first time that CISA has over-hyped an announcement like this.
A vulnerability in bluetooth headphones that use the Airoha Systems on a Chip (SoC) was discovered by researchers Frieder Steinmetz and Dennis Heinze and presented at the Troopers 2025 conference. The vulnerabilities discovered allows an attacker within bluetooth range to eavesdrop on audio, extract the connected device’s phone number and contacts and completely control over the headphone’s memory.
Insights from Matt
The post states that the vulnerable devices used “reference implementations using Airoha’s Software Development Kit (SDK)”.
In plain English, this means that headphone developers from Bose, Sony, JBL, and others used example code provided by Airoha in their final product. The feature that they left in their production devices was meant for remote debugging. It’s a security flaw as old as they come where features that were meant for development and debugging are left in production code leaving a system vulnerable.
Tools of the Trade
Here are some cool tools and educational resources that are either new or new to me. I’ve been on an RF story arc lately 😉 Keep an eye out here in the future for some trainings that are in the works…
This is a tool recently introduced to me that I used to reverse engineer the CRC checksum in an RF protocol.
A great tool for performing demodulation, decoding and packet reverse engineering of data captured by a software defined radio (SDR).
Another RF tool! This is a simple to use SDR receiver program that lets search across a frequency range for various signals
Return Value
Given that I’m on an RF learning arc, I figured diving into custom radio transmissions using the Flipper Zero would be a good skill to work on. My end goal is to develop a custom app to interact with the dog shock collar I’ve been reverse engineering.
Thanks for reading! And remember…
You can just reverse things.