Pwn the LIFX Mini white light bulb by
Bought on Amazon (30 euros). The light bulb is plugged. LIFX app is installed on an Android smartphone. Wi-Fi connection is set. The light bulb works fine.
Wunderbar, easy setup.
The most difficult is to clean the board and remove this paste.
The major component of the module is identified as ESP32D0WDQ6, a SoC from ESPRESSIF.
Vulnerability n*1: Wi-Fi credentials stored in plaintext into the firmware
Vulnerability n*2: No security settings (at all)
Vulnerability n*3: Root certificate and RSA private key extracted
I decided to stop the investigation after that.
In a very
short limited amount of time, three vulnerabilities have been discovered:
- Wifi credentials of the user have been recovered (stored in plaintext into the flash memory).
- No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption).
- Root certificate and RSA private key have been extracted.