Explore the process of reverse engineering Logitech's Harmony smart home hub in this 18-minute conference talk from BSidesSF 2019. Dive into vulnerability hunting techniques from a blackbox perspective, learn about the discovered vulnerabilities, and understand their post-exploitation implications. Follow along as the speaker outlines the smart home ecosystem, Python usage, network services analysis, firmware examination, and file system exploration. Gain insights into vulnerability overview, device interaction methods, command injection risks, and origin validation issues. Discover the potential commands an attacker could execute and witness a proof of concept demonstration. Whether you're a security professional or a smart home enthusiast, this talk offers valuable knowledge on the security landscape of popular smart home devices.
Overview
Syllabus
Introduction
Who am I
Logitech Harmony Hub
The Smart Home
Python
Network Services
Firmware
Vulnerability
File System
Vulnerability Overview
Device Interaction
Command Injection
Origin Validation
Commands
What can you do
Proof of concept
Taught by
Security BSides San Francisco
