About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Hacking the Meatmeet BBQ Probe — Part 3- 1808

Julian B - Software SecuredPosted 3 Months Ago
  • The post looks at a Meatmeet BBQ Probe device and how it works. The device had two modes: one that runs directly through a mobile application and another that uses a cloud connection via passed WiFi credentials.
  • From using a BLE-Connect script they wrote in Python, they are able to see the UUIDs for each of the GATT characteristics. They grepped through the APK to get a list of files and luckily for them, the symbols were there for each one of the characteristics. So, they created a simple Python script to interact with the device for each one of the characteristics. Neat!
  • The article effectively claims that anybody can connect to the BLE device. In the various modes of BLE, there is no required pairing process; it's just simple to connect. The GATT services were likely usable without authentication at all. With other devices, even without keyboards, you typically have to "opt-in" to the process via a special set of button presses. It's weird that this wasn't the case.
  • Once you can connect to the device, it's effectively game over. The command remove_config could be used against the device to drop the configuration and add your own. The device even has over-the-air updates accessible as well. Naturally, there was no verification on the firmware either. So, it was a complete compromise of the device. They created a Botnet using this for fun. Good read!

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed