šŸ›” IoT Security Digest - #2

Defcon approaches, BitChat release, Nation-states love weak passwords and more!

Hacker summer camp is almost here! This is the time in August where security professionals and those meddlesome hackers descend on Las Vegas for a week of learning, fun and competition. Black Hat USA will be August 2-7 and Def Con 33 is August 7-10.

I personally will be hanging out in the Embedded Systems Village at Def Con featuring:

  • a CTF with real IoT devices

  • Self-guided labs

  • Glitching workshop with HexTree

  • Embedded programming with RPi

  • Matter workshop with Cujo

Come by, say ā€œHiā€ and pick up some stickers 😁 

In The News

What made this attack noteworthy wasn't its scale, but how easily the hackers gained access — by simply using the manufacturer's default password "1111."

IoT and critical Operational Technology (OT) continue to be plagued by devices with insecure default passwords. It’s 2025 and we haven’t solved this problem yet. What makes these matters worse is that in some legacy technology default credentials are not able to be changed, even if system operators desire to do so.

Researcher Adam Gowdiak was able to ā€œextract [the] private ECC keyā€ contained within a Kigen eSIM chip. By performing this exploit an attacker could use the underlying keys to ā€œreceive text and calls meant for the victimā€.

Reseachers from Synacktiv reverse engineered a Thermomix TM5 kitchen appliance resulting in the discovery that the secure boot process failed to properly verify the root filesystem.

Matt’s Take

This is an error I’ve seen on several devices out in the real world. If your secure boot process checks the bootloader and kernel being loaded and executed, but it fails to verify the root filesystem, what is it really protecting you against? Most attackers will be more than happy to have root access to a device without executing from kernel-space.

Tools of the Trade

BitChat

The release of BitChat, a BLE-based decentralized messaging app, developed by Twitter founder Jack Dorsey has been of interest to the security community in the past week.

BitChat is currently available to an limited-availability TestFlight group or via the Android app.

Talking Sasquach

If you are interested in hacking gadgets (like the Flipper Zero), 3D printing, etc. you should check out the Talking Sasquach YouTube channel. I’ve been down the Flipper Zero rabbit-hole lately so I’ve found that part of his content to be most helpful!

Return Value

As you may have noticed, I’ve been getting into writing modifications to my Flipper Zero. I’m currently am working on implementing BitChat as a flipper application and using that as an opportunities to research the security of the BitChat protocol.

Thanks for reading! And remember…

You can just Reverse things.

Matt Brown