Sena WiFi Adapter Security Assessment & Vulnerabilities

This post outlines a security assessment of the new Sena Wifi Adapter I performed last summer for fun. With the world on lock-down due to COVID-19, I spent a lot of time last summer escaping the city going on motorcycle rides through the mountains and forests surrounding the bay area. It’s the perfect social distance activity because if you get within 6ft of someone you are likely to crash. One of my favorite motorcycle accessories is my Sena headset....

March 9, 2021 · 18 min

Xiaomi M365 Scooter Authentication Bypass

Sometime in the first half of 2018 there was an explosion of “Dockless e-scooters” appearing all over the Bay Area. These devices are electric scooters that anyone can rent for a one-way trip and find/leave then (at the time) anywhere you want. As one could guess this lead to lots of issues but they where convenient and I wanted one of my own so I did a little research onto how to acquire one for private use....

May 15, 2019 · 8 min

Tethr: Android Tethering Provisioning Check Bypass (CVE-2017-0554)

On most unrooted, stock, Android phones, enabling tethering will run a “Provisioning Check” with your wireless provider to ensure that your data plan allows tethering. This post documents Tethr, a way to bypass the provisioning check on Android devices prior to version 7.1.2. After discovering this method I reported it to the Android bug bounty fixing the issue and receiving CVE-2017-0554. Background The ability to tether is controlled by your device’s build....

December 27, 2017 · 4 min

Ambergris

For those of you not in the know, ambergris is defined as: a wax-like substance that originates as a secretion in the intestines of the sperm whale, found floating in tropical seas and used in perfume manufacture. However, that will not be what this post is about (sorry to disappoint). Instead, I’ll present what happens when building an image on Docker that contains a reverse shell in the Dockerfile. Docker First, let me start with a very brief description of Docker....

January 19, 2017 · 7 min

Fast and Vulnerable: A Story of Telematic Failures

I gave a presentation at WOOT 2015 demonstrating how network enabled telematic control units (TCUs) can be used to remotely control automobiles from arbitrary distance over SMS or the internet. Abstract Modern automobiles are complex distributed systems in which virtually all functionality—from acceleration and braking to lighting and HVAC — is mediated by computerized controllers. The interconnected nature of these systems raises obvious security concerns and prior work has demonstrated that a vulnerability in any single component may provide the means to compromise the system as a whole....

August 11, 2015 · 2 min

TRIPLEX DVRLink DVR468RW Exploit

At an internship I had a while ago one project assigned to me was to regain access to a CCTV security system which we had been locked out of for some years. (The previous manager left without leaving the password.) The DVR system was a TRIPLEX DVRLink DVR468RW, whatever that is. It seemed cheap; a small embedded computer with video in/out, a hard-drive and CD-RW drive for recording storage. The administration interface was accessed either by a web server running on the device or a desktop client you installed on your computer....

June 20, 2013 · 3 min