Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)

Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)

When poking around for vulnerabilities, researchers often look for some particular low-hanging fruit in order to see first whether the basics in secure design have been covered, then whether they can turn a low-severity vulnerability into something more useful for an attacker.


When assessing IoT in particular, we tend to spend quite a bit of time looking at the enabling technologies around the IoT gadget, rather than the gadget itself. We often can find issues in either the mobile application that's used to control the device or the cloud-based web application that's used to mediate communications between ..