Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

IoT security is terrible some of the time... This is a really good example of that.

The WiFi network, being made by the camera, is unprotected with no way to set the password. This allows anyone who is close by to simply view the stream of the camera.

When decompiling the app they noticed that the cameras had no authentication and there was some hidden functionality! The author mentions that some of the hidden functionality was likely for a drone specific API that just was not taken out (interesting!).

Blind remote code execution! However, the trick is that only 19 characters, at the most are allowed. The author claims that this is essentially unexploitable but I feel that someone could come up with a solution :)