IoT Security Vulnerabilities: Smart Lighting System and Baby Monitor
39 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the purpose of the SLS handshake step 3?

  • To find and associate the bridge with the user account
  • To prove that the user has physical access to the bridge (correct)
  • To create a user account
  • To establish a secure connection with the Philips Cloud

What does the 'Access-Control-Allow-Origin: *' in the server response header indicate?

  • It requires user authentication for access
  • It allows access from any origin, including local networks (correct)
  • It restricts access to a specific domain
  • It enforces strict same-origin policy

Which component of the Smart Lighting System (SLS) communicates with the Philips Cloud?

  • Wired Connection (Ethernet)
  • ZigBee
  • Wi-Fi
  • Philips Bridge (correct)

What is the main purpose of the SLS Handshake step 1?

<p>To create a user account (D)</p> Signup and view all the answers

What is the potential risk associated with the 'Access-Control-Allow-Origin: *' setting in the server response header?

<p>Unauthorized access from any origin, including local networks (B)</p> Signup and view all the answers

Which step of the SLS Handshake involves associating the bridge with the user account?

<p>Step 2 (A)</p> Signup and view all the answers

What technology does the Philips Bridge use to communicate with the Home Network?

<p>ZigBee (D)</p> Signup and view all the answers

What is the purpose of the Smart Lighting System (SLS) Vulnerabilities section?

<p>To highlight potential security risks associated with SLS (D)</p> Signup and view all the answers

What happens when the user presses the button on the bridge during the SLS Handshake?

<p>Proof of physical access to the device is provided (D)</p> Signup and view all the answers

What was the first baby monitoring system based on?

<p>Radio waves (A)</p> Signup and view all the answers

What is the main concern for parents/guardians regarding baby monitor appliances?

<p>Eavesdropping (C)</p> Signup and view all the answers

What vulnerability was reported for Foscam baby monitor at the 'Hack in the Box' conference?

<p>Access to username and password (B)</p> Signup and view all the answers

What does the Shodan search engine help find over the internet?

<p>Unprotected and vulnerable devices like Foscam baby monitor (A)</p> Signup and view all the answers

How do Foscam devices update their hostname mapping?

<p>Sending a UDP packet to a server owned by Foscam (B)</p> Signup and view all the answers

How can an attacker exploit the knowledge of Foscam device hostname ranges?

<p>Invoke phishing attacks (B)</p> Signup and view all the answers

What type of systems are later models of baby monitors like Foscam and WeMo based on?

<p>IoT-based systems (A)</p> Signup and view all the answers

What is the security concern with modern baby monitoring systems using WiFi?

<p>Increased risk of eavesdropping (B)</p> Signup and view all the answers

Which protocol is used by Foscam devices to update their hostname mapping?

<p>User Datagram Protocol (UDP) (B)</p> Signup and view all the answers

What is the risk factor associated with knowing the IP address of a Foscam device according to the text?

<p>Access to the kcore file containing username and password (B)</p> Signup and view all the answers

The SLS Handshake step 3 involves proving physical access to the bridge by pressing a button.

<p>True (A)</p> Signup and view all the answers

The POST request sent by the bridge during the SLS Handshake is used to verify that the user has physical access to the device.

<p>True (A)</p> Signup and view all the answers

The 'Access-Control-Allow-Origin: *' setting in the server response header poses a potential risk of capturing SLS information from the victim's local network.

<p>True (A)</p> Signup and view all the answers

The Smart Lighting System (SLS) communicates with the Philips Cloud using a wired connection (Ethernet).

<p>False (B)</p> Signup and view all the answers

The bridge sends a Setup Complete message to the backend after the user proves physical access during the SLS Handshake.

<p>True (A)</p> Signup and view all the answers

The SLS Handshake step 2 involves associating the bridge with the user account.

<p>True (A)</p> Signup and view all the answers

The SLS Handshake step 1 is to create a user account.

<p>True (A)</p> Signup and view all the answers

The server response header includes an 'Authorization' field with details such as SSOToken and Authentication.

<p>True (A)</p> Signup and view all the answers

The victim can visit a website from his local network to capture SLS information due to the 'Access-Control-Allow-Origin: *' setting in the server response header.

<p>True (A)</p> Signup and view all the answers

The SLS Vulnerabilities section mainly discusses potential risks and weaknesses of the Smart Lighting System (SLS).

<p>True (A)</p> Signup and view all the answers

Foscam and WeMo are examples of IoT-based baby monitoring systems.

<p>True (A)</p> Signup and view all the answers

Eavesdropping is a significant concern for parents/guardians using baby monitor appliances.

<p>True (A)</p> Signup and view all the answers

Modern baby monitoring systems using WiFi are less vulnerable to eavesdropping compared to radio wave monitoring systems.

<p>False (B)</p> Signup and view all the answers

Foscam baby monitor was reported to be vulnerable to attacks once its IP address is known.

<p>True (A)</p> Signup and view all the answers

Shodan search engine can help find unprotected and vulnerable devices like Foscam baby monitor over the internet.

<p>True (A)</p> Signup and view all the answers

Foscam default password is enforced to be changed by the user upon setup.

<p>False (B)</p> Signup and view all the answers

Foscam devices use User Datagram Protocol (UDP) to update their hostname mapping.

<p>True (A)</p> Signup and view all the answers

The UDP packet sent by Foscam devices contains the username and password associated with the device.

<p>True (A)</p> Signup and view all the answers

An attacker can exploit the knowledge of Foscam device hostname ranges to execute phishing attacks.

<p>True (A)</p> Signup and view all the answers

Guardian Ear was the first baby monitoring system based on Radio Waves.

<p>True (A)</p> Signup and view all the answers

More Like This

IoT Security: Abusing Smart Lighting Systems
15 questions
IoT Devices and Sensors Quiz
12 questions

IoT Devices and Sensors Quiz

StimulativeMahoganyObsidian avatar
StimulativeMahoganyObsidian
IoT Fundamentals: Layers and Verticals
40 questions
Use Quizgecko on...
Browser
Browser