Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Vulnerability
The Night Owl Doorbell mishandles encryption, which allows attacker to insert or spoof notifications into the device that do not correspond to any actual occurred behavior.
Affected Items
Night Owl Doorbell Series - WDB-20-V2
The a↵ected Night Owl doorbell communicate events (such as doorbell ring events) to a third party Push Notification Service located at host.nightowldvr04.com. This service accepts notification events directly from the doorbell’s firmware through the a plaintext HTTP GET request that includes the following parameters.
• cmd - command being run
• uid - unique identifier, based on serial number
• event type - enumerable event type
• event time - unix timestamp for when event occurred
An attacker can use the command line tool, curl, to simply spoof a fake event as described below.
$ curl "http://host.nightowldvr04.com/tpns?cmd=event&uid=BEG6ZXASXXXXXXXXXXXX&event_type =1&dev_type=0001"
200 Success. $
Impact of the vulnerability
An attacker can abuse this unsecure API to insert of spoof events, including ghost doorbell notification events that do not correspond to any actual behavior. Repeated ghost notifications can lead to denial of service conditions where the user disables the application.
Acknowledgements
Florida Tech IoT Security and Privacy and ASSIST Research Labs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment