Hacking IoT devices with Python (it's too easy to take control)

preview_player
Показать описание
Internet of Things (IoT) devices often have very poor security. It's important to be aware of their vulnerabilities - make sure you put those devices on a separate VLAN. Don't trust that your IOT devices have the necessary security to be trusted on networks that have confidential or important data.

// Lights used //

// GitHub //

// MY STUFF //

// David SOCIAL //

// Menu //
00:00 - Hacking IoT bulbs // The dangers of IoT devices
01:23 - Intro & disclaimer
01:55 - Bettercap device discovery
01:29 - Hacking IoT bulbs demo // Using Telnet
03:52 - Wireshark capture
04:34 - Hacking IoT bulbs demo // Using Python
08:35 - Conclusion

// Credits //

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only. Only attack devices that you own or have permission to attack. I own all the devices used in this video.

python
kali linux
yeelight
iot
iot security
wireshark

#python #hacking #iot
  1. David Bombal
  2. python
  3. kali linux
  4. linux
  5. yeelight
  6. yeelight python
Рекомендации по теме
Hacking IoT devices 0:09:23

Hacking IoT devices with Python (it's too easy to take control)

Hacking a Smart 0:00:55

Hacking a Smart Camera: IoT Hacking With Andrew Bellini (Part 1)

How To Hack 0:20:26

How To Hack IoT Cameras

Hacking a Smart 0:00:59

Hacking a Smart Camera: IoT Hacking With Andrew Bellini (Part 2)

Hacking a Smart 0:00:59

Hacking a Smart Camera: IoT Hacking With Andrew Bellini (Part 3)

Hacking IoT devices 0:55:02

Hacking IoT devices with OTW (Easy and Fast) RouterSploit

Hacking a Smart 0:01:00

Hacking a Smart Camera: IoT Hacking With Andrew Bellini (Part 4)

Android Bluetooth Hacking 0:00:51

Android Bluetooth Hacking with Python #shorts #android #bluetooth #raspberrypi #python

DIY Spy Covert 0:42:18

DIY Spy Covert Channels With Scapy And Python Jen Allen

Hacking Knowledge 0:00:27

Hacking Knowledge

hacking every device 0:07:06

hacking every device on local networks - bettercap tutorial (Linux)

ROUTERSPLOIT - HOW 0:19:37

ROUTERSPLOIT - HOW HACKERS HACK IOT DEVICES

3 HACKING gadgets 0:19:34

3 HACKING gadgets you have to TRY!!

Hacking into Android 0:00:34

Hacking into Android in 32 seconds | HID attack | Metasploit | PIN brute force PoC

Andrew Tierney – 0:27:03

Andrew Tierney – Intro to IoT hacking

Hacking Routers and 0:07:42

Hacking Routers and IoT Devices using RouterSploit

'Build and hack 0:29:59

'Build and hack your own IoT with MQTT' - Agnetha Korevaar (Kiwi Pycon X)

Hacking a Smart 0:00:58

Hacking a Smart Camera: IoT Hacking With Andrew Bellini (Part 5 - Conclusion)

Hack a Smart 0:00:49

Hack a Smart Safe at the DEF CON IoT Village!

🤷‍♂️How I Pranked 0:00:57

🤷‍♂️How I Pranked my Neighbour !!!😜

What are the 0:00:38

What are the most hacked IoT devices

Hacker's Guide to 0:17:40

Hacker's Guide to UART Root Shells

Can chatGPT Program 0:00:57

Can chatGPT Program an ESP32?

WiFi Hacking Watch 0:01:00

WiFi Hacking Watch #shorts

Комментарии
Автор

Internet of Things (IoT) devices often have very poor security. It's important to be aware of their vulnerabilities - make sure you put those devices on a separate VLAN. Don't trust that your IOT devices have the necessary security to be trusted on networks that have confidential or important data.

// Lights used //

// GitHub //

// MY STUFF //

// David SOCIAL //

// Menu //
00:00 - Hacking IoT bulbs // The dangers of IoT devices
01:23 - Intro & disclaimer
01:55 - Bettercap device discovery
01:29 - Hacking IoT bulbs demo // Using Telnet
03:52 - Wireshark capture
04:34 - Hacking IoT bulbs demo // Using Python
08:35 - Conclusion

// Credits //

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only. Only attack devices that you own or have permission to attack. I own all the devices used in this video.

#hack #hacking #iot

davidbombal
Автор

The bulb doesn't need security, if a bad actor is on your network your network security is the issue. This is like finding a stranger in your house drinking your beers and complaining your fridge has poor security.

shanehanna
Автор

Honestly its pretty much a feature. You need to manually enable "LAN control" in yeelight settings to be able to do that. And if someone is in your home network i guess he can do much worse things than controlling the lights.

gilshahar
Автор

Hi David, I'm an IOT developer, I worked in home automation and sensors. Nice video, very informative, however this happens when the smart devices connected to the home wifi network exchange unencrypted tcp data traffic with the application on the phone...
In my work experience when I programmed the smart bulbs I encrypted the json in AES-128 bit where the Mater key and the IV key had been exchanged during the "authentication" phase encrypted with a RSA-2048 bit. In this way it is really very difficult or almost impossible to activate a smart bulb having only sniffed the data traffic with wireshark.

giusepperomano
Автор

David sir is the second best teacher in my life.❤️

месть-ъй
Автор

do not forget, this only works if lan control is activated (default its not) you must enable it by hand and also yeelight removed the lan controll completly from some devices like bedsidelamp2 that is why i flashed esphome to them, they are also on a seperate network

fkhg
Автор

The efficiency of this *usespy online is next level.* To juggle walk throughs of various angles on devices delivered to-camera, differnet content per app from various folks underneath the umbrella of the track list of the larger big band concert itself is engaging and refined access. To make a dense non tracable like this so digestible is really something. Awesome work !!!

lilistra
Автор

after this demo, and seeing Linus' struggles with automating his home, I realized I am pretty happy with my dumb home with dumb switches.

theena
Автор

This is a good thing, otherwise HomeAssissant integrations would be difficult or impossible to implement. IoT devices should be controllable locally, I don’t want cloud control

repatch
Автор

Many newer wireless routers allow multiple wireless networks. Highly recommend you create one that has network isolation turned on...just for your IOT devices

JSRJS
Автор

A lot of people failed at what you accomplished, simply because they were busy finding problems while *usespy online* were busy providing solutions. Every time you do a good job, you polish yourself one more time. Shine on mate, well done. Team usespy

demoruzgar
Автор

Love the in detail description of Things!!! Thank you, David, great content!

vaniad
Автор

That's true, lot of IOT devices have no encryption at all, but the scary part is that a lot of the IOT devices that run some sort of remote communication don't actually develop their own circuits, most of them get pre-built multipurpose chips and rarely want to pay extra for the factory to disable the features that you don't need. So although you can just screw with them by turning them off and on, in certain cases if you can get remote shell (99% of the cases I've seen there is really weak password, or a single password across all devices for debugging) you can actually get full access to the device.

Lot of these devices have onboard microphones on the chip sets, because they are multipurpose, and essentially if you break into a given device, you basically have a microphone array across the whole house/apartment, to spy on people, even worse, usually how it goes with IOT stuff, they get recommended to friends and family, and if you break one you have a very high chance to have broken his entire close circle of friends along side with the person that you're attacking.

I've spent around 4 years in the IOT industry, many companies will cut corners int he early days of development and hire students to do most of the work, and as is with anything that is ran by inexperienced people, it's bound to be flawed with security issues.

justanaveragebalkan
Автор

Only a vulnerability if your network itself is vulnerable tbh, but nice video!

HisMajesty
Автор

I am now actually going to use this as a feature as I am in need of a way to control my lights using my computer without just using a VM

AdarshPrajeesh
Автор

I have all my IoT devices on a separate SSID -- however that's only part of the battle.

You can't block peer to peer as many devices need to discover devices to control them -- e.g. Alexa or Google Home

What we need is a f/w module to act as an intelligent proxy for a LAN/SSID segment to only let though the communications necessary for the device to work. That module would have a library of devices and commands to know what the accepted traffic should be and block everything else.

lohphat
Автор

Thank you sir! Can’t wait to have some fun on my home network later

shawnphi
Автор

0:44 - Corporate developers violate this far too often.
Frequently heard coworkers say, "No one is going to try to break into this" or "oh, we'll come back to that"

dsuess
Автор

Key phrase: local access.

Use a password generator on your wifi networks and ethernet connection where possible

schrodingersmechanic
Автор

The quality of your spy job is so incredibly high. If you don't have *team usespy online* behind you, then you are clearly a multi talented individual. The way the access is structured was perfect, the visuals are stunning, the narration is engaging, and of course, the project is itself intriguing. You are a professional !!

theminecraft