IoT Security: Abusing Smart Lighting Systems
15 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the main limitation of the Guardian Ear, the first baby monitoring system based on Radio Waves?

  • Limited by the range of radio waves at that time (correct)
  • Incompatible with modern IoT systems
  • Unable to connect to the internet for remote monitoring
  • Vulnerable to eavesdropping attacks

Why are modern baby monitoring systems using WiFi considered to be at risk of eavesdropping?

  • They are vulnerable to radio scanner attacks
  • They can be accessed remotely from anywhere in the world (correct)
  • They rely on outdated encryption methods
  • They do not have secure password protection

What was reported about the vulnerability of Foscam baby monitors at the "Hack in the Box" conference?

  • They have weak encryption for data transmission
  • They are susceptible to eavesdropping attacks
  • They are immune to Shodan search engine queries
  • Attackers can obtain username and password once the IP address is known (correct)

How can Shodan search engine help in finding vulnerable Foscam baby monitors over the internet?

<p>By querying Shodan with information from the HTTP response (A)</p> Signup and view all the answers

What protocol do Foscam devices use to update their hostname mapping?

<p>User Datagram Protocol (UDP) (D)</p> Signup and view all the answers

How do attackers abuse their knowledge of Foscam devices' hostname ranges?

<p>To conduct phishing attacks by querying ns1.myfoscam.org (B)</p> Signup and view all the answers

What is the purpose of the SLS hand-shake step 3?

<p>To prove that you have physical access to the bridge (D)</p> Signup and view all the answers

What does the Access-Control-Allow-Origin header in the server response indicate?

<p>The victim's ability to visit a website from their local network (A)</p> Signup and view all the answers

What is the purpose of the Smart Lighting System (SLS) hand-shake step 2?

<p>To find your bridge and associate it with your account (A)</p> Signup and view all the answers

What is the SLS hand-shake step 1 about?

<p>Creating a user account (A)</p> Signup and view all the answers

Which component sends a POST request during the SLS hand-shake process?

<p>Philips Bridge (C)</p> Signup and view all the answers

What is the vulnerability associated with the SLS server response header?

<p>Access-Control-Allow-Origin allowing local network website capture (C)</p> Signup and view all the answers

What is the purpose of the Philips Bridge in the Smart Lighting System (SLS) hand-shake?

<p>To prove physical access to the bridge (C)</p> Signup and view all the answers

What does Step 3 of the SLS hand-shake involve?

<p>Website sends Setup Complete message to backend (C)</p> Signup and view all the answers

What does Step 2 of SLS hand-shake involve?

<p>Finding your bridge and associating it with your account (D)</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser