Now he can listen to any traffic and maybe can make changes on all of your IoT devices. your Samsung SmartTV is not as secure as it should be and an attacker gets access to your network. Such can be accomplished by downloading a configuration backup via the web UI of the device and decoding it using the decode-config.py script found in the Tasmota tools folder. Therefore it is now less simple, however still possible to obtain the MQTT or WLAN password from a device. Update: Beginning with version 6.0.0, passwords are not directly exposed through the serial connection or web interface in configuration mode. Then the attacker can control your home from any place. Maybe your MQTT Server is publicly accessible. With the information of the MQTT-Server user/password, it might be not required anymore to physically be in your WLAN. For example, the MQTT password allows you to read ALL of your devices and change any device at any time.
If you can hack an ESP82xx device, you might get access to the keys stored in the device. Also be part of your WLAN does mean, that the attacker can use your IP-Address and your traffic to do nasty things. Therefore be part of your WLAN gives the attacker a great opportunity to screw-up the rest of your infrastructure.
Many communication is not encrypted in your WLAN by default. If someone is able to get your WLAN key, he can login into your network, if he is nearby and scan for any traffic and for any devices. It is possible to set a password to the webadmin interface, however ESP8266 devices SHALL not be exposed to internet or accessible to other network clients. Someone hacks your device and use it for different things like mail bot or DOS (Denial of Service) device or WLAN jammer (why is this a problem? Scanario 5).Someone hacks your network and can interact with your devices (why is this a problem? Scanario 4).Someone hacks your device and is able to read and change any value on your MQTT server (why is this a problem? Scanario 3).Someone hacks your device and is able to log in into your WLAN.Someone is able to communicate with your device ( Scenario 1).There are following potential risks you have to mitigate: This is not only valid for your mobile phones and computers, but also for you Smart TV, you Alexa, or all of your SONOFF devices (ESP8266). Whenever you add devices to your network you generate additional points of potential intrusion. Securing your IoT from hacking General Weaknesses ~
0 kommentar(er)
