Temuri Takalandze on abgeo.dev looks at a smart doorbell bought on Temu.
Recently I bought a smart doorbell off Temu, the Chinese marketplace that has been gaining popularity worldwide over the past couple of years. I wanted to know how secure the cheap connected hardware sold on that platform actually is. The unit ships under the name “Smart Doorbell X3” and pairs through a mobile app called “X Smart Home”. Camera, microphone, two-way audio, sub-GHz indoor receiver. The kind of gear that has quietly shown up on a lot of front doors.
By the end of a few weekends with one I could:
- silently steal any of these doorbells off its owner’s account
- impersonate the device on a live call, with attacker-chosen video on the owner’s phone
- lift the home WiFi password through a debug port behind a screwdriver
$12 on the front. Whole-network compromise on the back. The first of those takes a free account on the platform, and redirects every real call from the door to my phone instead of the owner’s. The second takes nothing at all, and invents new calls into the owner’s phone with whatever video I want. The real doorbell stays online either way and never knows. You are basically paying $12 to let anyone on the internet ring your doorbell.
See all the details in the post here.
from Adafruit Industries – Makers, hackers, artists, designers and engineers! https://ift.tt/EV1mL4q
via IFTTT
Комментариев нет:
Отправить комментарий