<--
א
Lev Aronsky
Twitter:
@levaronsky
Homepage:
https://www.linkedin.com/in/aronsky/
GitHub:
aronsky
Keybase:
qux
POSTS
Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2: discovered vulnerabilities)
07-Mar 2024
,
CVE-2023-7006
CVE-2023-7005
CVE-2023-7003
CVE-2023-6960
CVE-2023-7004
CVE-2023-7007
CVE-2023-7009
CVE-2023-7017
Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 1: functional analysis)
20-Feb 2024
,
CVE-2023-7006
CVE-2023-7005
CVE-2023-7003
CVE-2023-6960
CVE-2023-7004
CVE-2023-7007
CVE-2023-7009
CVE-2023-7017
Why is it so hot here? Hacking Electra Smart air conditioners for fun and profit
19-Jun 2023
,
CVE-2023-24500
CVE-2023-24501
CVE-2023-24502
CVE-2023-24503
CVE-2023-24504
CVE-2023-30160
Accelerating iOS on QEMU with hardware virtualization (KVM)
19-Jul 2020
,
Tunnelling TCP connections into iOS on QEMU
29-Mar 2020
,
Xiaomi Zigbee (3): Live Debugging
15-Jul 2019
,
Xiaomi Zigbee (2): Beyond Architecture
09-Jul 2019
,
Xiaomi Zigbee (1): Getting to know the hardware
01-Jul 2019
,
VULNS
12/21/23
CVE-2023-7017
The firmware of the Kontrol Lux lock can be updated w/o AuthZ/AuthC
12/21/23
CVE-2023-7009
The Kontrol Lux lock can be forced to process arbitrary unencrypted messages
12/21/23
CVE-2023-7007
A Gateway G2 can be impersonated using its MAC address
12/21/23
CVE-2023-7004
The TTLock app does not properly verify that it is connected to a real lock
12/21/23
CVE-2023-6960
TTLock virtual keys can be reused even after invalidation
12/21/23
CVE-2023-7003
Challenge response can be retried indefinitely upon failure
12/21/23
CVE-2023-7005
Protocol downgrade on the TTLock app can expose the unlock key
12/21/23
CVE-2023-7006
Challenge response can be retried indefinitely upon failure
03/12/23
CVE-2023-30160
Unauthorized attacker can connect to the MQTT server controlling all of Electra's Smart AC units and gain full control of them
03/12/23
CVE-2023-24504
Attacker within WiFi range can cause unconfigured units to connect to a malicious update server
03/12/23
CVE-2023-24503
Attacker within IR range can install arbitrary firmware over the air
03/12/23
CVE-2023-24502
A WiFi hotspot with a known password is always availiable on unconfigured units
03/12/23
CVE-2023-24501
Credentials for connecting to the MQTT server hardcoded inside the firmware
03/12/23
CVE-2023-24500
Attacker within WiFi range can install arbitrary firmware over the air on unconfigured units