Abusing the internet of things : blackouts, freakouts, and stakeouts / Nitesh Dhanjani.

Includes index.

Machine generated contents note: Why hue? -- Controlling Lights via the Website Interface -- Information Leakage -- Drive-by Blackouts -- Weak Password Complexity and Password Leaks -- Controlling Lights Using the iOS App -- Stealing the Token from a Mobile Device -- Malware Can Cause Perpetual Blackouts -- Changing Lightbulb State -- If This Then That (IFTTT) -- Conclusion -- Hotel Door Locks and Magnetic Stripes -- The Onity Door Lock -- The Magnetic Stripe -- The Programming Port -- Security Issues -- Vendor Response -- The Case of Z-Wave-Enabled Door Locks -- Z-Wave Protocol and Implementation Analysis -- Exploiting Key-Exchange Vulnerability -- Bluetooth Low Energy and Unlocking via Mobile Apps -- Understanding Weaknesses in BLE and Using Packet-Capture Tools -- Kevo Mobile App Insecurities -- Conclusion -- The Foscam Incident -- Foscam Vulnerabilities Exposed by Researchers -- Using Shodan to Find Baby Monitors Exposed on the Internet -- Exploiting Default Credentials -- Exploiting Dynamic DNS -- The Foscam Saga Continues -- The Belkin WeMo Baby Monitor -- Bad Security by Design -- Malware Gone Wild -- Some Things Never Change: The WeMo Switch -- Conclusion -- SmartThings -- Hijacking Credentials -- Abusing the Physical Graph -- SmartThings SS L Certificate Validation Vulnerability -- Interoperability with Insecurity Leads to...Insecurity -- SmartThings and hue Lighting -- SmartThings and the WeMo Switch -- Conclusion -- The TOCTTOU Attack -- The Samsung LExxB65o Series -- The Exploit -- You Call That Encryption? -- Understanding XOR -- I call it Encraption -- Understanding and Exploiting the App World -- Decrypting Firmware -- Cursory Exploration of the Operating System -- Remotely Exploiting a Samsung Smart TV -- Inspecting Your Own Smart TV (and Other IoT Devices) -- Say Hello to the WiFi Pineapple Mark V -- Capturing credentials and stripping TLS -- Conclusion -- The Tire Pressure Monitoring System (TPMS) -- Reversing TPMS Communication -- Eavesdropping and Privacy Implications -- Spoofing Alerts -- Exploiting Wireless Connectivity -- Injecting CAN Data -- Bluetooth Vulnerabilities -- Vulnerabilities in Telematics -- Significant Attack Surface -- The Tesla Model S -- Locate and Steal a Tesla the Old-Fashioned Way -- Social Engineering Tesla Employees and the Quest for Location Privacy -- Handing Out Keys to Strangers -- Or Just Borrow Someone's Phone -- Additional Information and Potential Low-Hanging Fruit -- AutoPilot and the Autonomous Car -- Conclusion -- Introducing the cloudBit Starter Kit -- Setting Up the cloudBit -- Designing the SMS Doorbell -- Oops, We Forgot the Button! -- Security Evaluation -- WiFi Insecurity, Albeit Brief -- Sneaking in Command Execution -- One Token to Rule them All -- Beware of Hardware Debug Interfaces -- Abuse Cases in the Context of Threat Agents -- Nation-States, Including the NSA -- Terrorists -- Criminal Organizations -- Disgruntled or Nosy Employees -- Hacktivists -- Vandals -- Cyberbullies -- Predators -- Bug Bounty Programs -- Conclusion -- The Thingbots Have Arrived -- The Rise of the Drones -- Cross-Device Attacks -- Hearing Voices -- IoT Cloud Infrastructure Attacks -- Backdoors -- The Lurking Heartbleed -- Diluting the Medical Record -- The Data Tsunami -- Targeting Smart Cities -- Interspace Communication Will Be a Ripe Target -- The Dangers of Superintelligence -- Conclusion -- The Cost of a Free Beverage -- There's a Party at Ruby Skye -- Leveraging the BuzzWord -- The Board Meeting -- What Went Wrong? -- A Case of Anger, Denial, and Self-Destruction -- The Benefit of LifeThings -- Social Engineering Customer Support by Caller ID Spoofing -- The (In)Secure Token -- Total Ownership -- The Demise of LifeThings -- Conclusion.