IoT Security Vulnerabilities: Smart Lighting System and Baby Monitor

Questions and Answers

What is the purpose of the SLS handshake step 3?

To find and associate the bridge with the user account

To prove that the user has physical access to the bridge (correct)

To create a user account

To establish a secure connection with the Philips Cloud

What does the 'Access-Control-Allow-Origin: *' in the server response header indicate?

It requires user authentication for access

It allows access from any origin, including local networks (correct)

It restricts access to a specific domain

It enforces strict same-origin policy

Which component of the Smart Lighting System (SLS) communicates with the Philips Cloud?

Wired Connection (Ethernet)

ZigBee

Wi-Fi

Philips Bridge (correct)

What is the main purpose of the SLS Handshake step 1?

To create a user account (D)

What is the potential risk associated with the 'Access-Control-Allow-Origin: *' setting in the server response header?

Unauthorized access from any origin, including local networks (B)

Which step of the SLS Handshake involves associating the bridge with the user account?

Step 2 (A)

What technology does the Philips Bridge use to communicate with the Home Network?

ZigBee (D)

What is the purpose of the Smart Lighting System (SLS) Vulnerabilities section?

To highlight potential security risks associated with SLS (D)

What happens when the user presses the button on the bridge during the SLS Handshake?

Proof of physical access to the device is provided (D)

What was the first baby monitoring system based on?

Radio waves (A)

What is the main concern for parents/guardians regarding baby monitor appliances?

Eavesdropping (C)

What vulnerability was reported for Foscam baby monitor at the 'Hack in the Box' conference?

Access to username and password (B)

What does the Shodan search engine help find over the internet?

Unprotected and vulnerable devices like Foscam baby monitor (A)

How do Foscam devices update their hostname mapping?

Sending a UDP packet to a server owned by Foscam (B)

How can an attacker exploit the knowledge of Foscam device hostname ranges?

Invoke phishing attacks (B)

What type of systems are later models of baby monitors like Foscam and WeMo based on?

IoT-based systems (A)

What is the security concern with modern baby monitoring systems using WiFi?

Increased risk of eavesdropping (B)

Which protocol is used by Foscam devices to update their hostname mapping?

User Datagram Protocol (UDP) (B)

What is the risk factor associated with knowing the IP address of a Foscam device according to the text?

Access to the kcore file containing username and password (B)

The SLS Handshake step 3 involves proving physical access to the bridge by pressing a button.

True (A)

The POST request sent by the bridge during the SLS Handshake is used to verify that the user has physical access to the device.

True (A)

The 'Access-Control-Allow-Origin: *' setting in the server response header poses a potential risk of capturing SLS information from the victim's local network.

True (A)

The Smart Lighting System (SLS) communicates with the Philips Cloud using a wired connection (Ethernet).

False (B)

The bridge sends a Setup Complete message to the backend after the user proves physical access during the SLS Handshake.

True (A)

The SLS Handshake step 2 involves associating the bridge with the user account.

True (A)

The SLS Handshake step 1 is to create a user account.

True (A)

The server response header includes an 'Authorization' field with details such as SSOToken and Authentication.

True (A)

The victim can visit a website from his local network to capture SLS information due to the 'Access-Control-Allow-Origin: *' setting in the server response header.

True (A)

The SLS Vulnerabilities section mainly discusses potential risks and weaknesses of the Smart Lighting System (SLS).

True (A)

Foscam and WeMo are examples of IoT-based baby monitoring systems.

True (A)

Eavesdropping is a significant concern for parents/guardians using baby monitor appliances.

True (A)

Modern baby monitoring systems using WiFi are less vulnerable to eavesdropping compared to radio wave monitoring systems.

False (B)

Foscam baby monitor was reported to be vulnerable to attacks once its IP address is known.

True (A)

Shodan search engine can help find unprotected and vulnerable devices like Foscam baby monitor over the internet.

True (A)

Foscam default password is enforced to be changed by the user upon setup.

False (B)

Foscam devices use User Datagram Protocol (UDP) to update their hostname mapping.

True (A)

The UDP packet sent by Foscam devices contains the username and password associated with the device.

True (A)

An attacker can exploit the knowledge of Foscam device hostname ranges to execute phishing attacks.

True (A)

Guardian Ear was the first baby monitoring system based on Radio Waves.

True (A)