I recently had a really cool opportunity to work with my boss and the local NBC news station to put together a story about the (in)security of wireless and ioT.
This was my first experience working directly with a news team and I learned a lot about:
How to hack on the fly :-)
How to help craft a really tech-heavy message into more digestible chunks for the average news-watcher (grandmas, grandpas, moms, dads, etc.)
We started exploring this story by finding a brave volunteer who gave us his public IP, and the idea was to basically just see what we could get into. Interestingly, he had TCP 3389 open to the public Internet. He also had a software package called NZBGet exposed with a default username and password, which we were able to use to glean additional information about the system. We even found cleartext credentials for an account used with the NZBGet system.
From there we changed angles a bit and looked at this story from a "What could an attacker get at on your home network and ioT devices if you had a weak wireless password?" I demonstrated how to use Kali tools such as Wifite and Aircrack-ng to capture a WPA handshake and then crack it, then hopped on the network and NMAP-scanned everything else.
There were some interesting findings, including an audio receiver with a Web/telnet interface that could be manipulated (wow, wouldn't it be fun to blare music in the middle of the night?), as well as a VNC connection to the home's main server - which had no password!
So we explored these vulnerabilities in several "what if" scenarios and demonstrated how this attack narrative could result in a takeover of ioT devices, including opening the front door locks and garage.
Overall a really, really fun experience and I hope to do it again soon. Here's the final segment if you wanna check it out: