Loading the firmware image into IDA Pro, we could then identify the encryption code by looking for common cryptographic constants: S-Boxes, Forward and Reverse Tables and Initialization Constants. This analysis identified that an AES implementation was being used.Those of you who deal with Tech are already in full Face Palm mode.
AES, being a symmetric encryption cipher, requires both the encrypting party and the decrypting party to have access to the same pre-shared key. In a design such as the one employed by LIFX, this immediately raises alarm bells, implying that each device is issued with a constant global key. If the pre-shared key can be obtained from one device, it can be used to decrypt messages sent from all other devices using the same key. In this case, the key could be used to decrypt encrypted messages sent from any LIFX bulb.
References to the cryptographic constants can also be used to identify the assembly code responsible for implementing the encryption and decryption routines. With the assistance of a free software AES implementation [7], reversing the identified encryption functions to extract the encryption key, initialization vector and block mode was relatively simple. [My emphasis - Borepatch]Shared secret is bad, mkay?
Le sigh.
[Uses the patient voice reserved for talking to beloved but slow children]
You see, Punkin, this is why we can't have nice things on the Internet.
One of the presenters at a security conference a couple of years ago talked about the lack of security in the "Internet of Things". He was more outraged that lightbulbs would be using IPV4, but he did discuss how little to no, or worse, bad, encryption on light bulbs and thermostats could cause big issues.
ReplyDeleteAs for me, I'm happy to have my 1950's technology in my 1940's house.
I really don't like Internet enabled car-type vehicles festooned with gadgets and run by RFID chips. Stay off my motorcycle.
ReplyDelete