-
-
Save tj-oconnor/dbfbef4d3b271d53fefbd24e1f0024f0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerability | |
| The Night Owl Doorbell mishandles encryption, which allows attacker to insert or spoof notifications into the device that do not correspond to any actual occurred behavior. | |
| Affected Items | |
| Night Owl Doorbell Series - WDB-20-V2 | |
| The a↵ected Night Owl doorbell communicate events (such as doorbell ring events) to a third party Push Notification Service located at host.nightowldvr04.com. This service accepts notification events directly from the doorbell’s firmware through the a plaintext HTTP GET request that includes the following parameters. | |
| • cmd - command being run | |
| • uid - unique identifier, based on serial number | |
| • event type - enumerable event type | |
| • event time - unix timestamp for when event occurred | |
| An attacker can use the command line tool, curl, to simply spoof a fake event as described below. | |
| $ curl "http://host.nightowldvr04.com/tpns?cmd=event&uid=BEG6ZXASXXXXXXXXXXXX&event_type =1&dev_type=0001" | |
| 200 Success. $ | |
| Impact of the vulnerability | |
| An attacker can abuse this unsecure API to insert of spoof events, including ghost doorbell notification events that do not correspond to any actual behavior. Repeated ghost notifications can lead to denial of service conditions where the user disables the application. | |
| Acknowledgements | |
| Florida Tech IoT Security and Privacy and ASSIST Research Labs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment