Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- I always enjoy when ridcioulous/ untrue security claims are made. This lock claims that "'AES 128-bit encryption' with an inference that their security is on a parallel with the military". LOL
- With lots of IoT products it is not just about the software itself... The software on the lock is useless if the hardware/physical aspect of the lock can easily be bypassed.
- This lock was vulnerable to a replay attack. Essentially, even though the data is encrypted, just resend the encrypted data.
- Additionally, the key is made from the MAC address (which is given off at pairing time). So, the replay attack (from above) is not even needed! The secret value can be derived by just using the MAC address.
