Passwords in the Air: Harvesting Wi-Fi Credentials from SmartCfg Provisioning

Presented at DEF CON China Beta (2018), May 13, 2018, noon (20 minutes)

Smart devices without an interactive UI (e.g., a smart bulb) typically rely on specific provisioning schemes to connect to wireless networks. Among all the provisioning schemes, SmartCfg is a popular technology to configure the connection between smart devices and wireless routers. Although the SmartCfg technology facilitates the Wi-Fi configuration, existing solutions seldom take into serious consideration the protection of credentials and therefore introduce security threats against Wi-Fi credentials. We conduct a security analysis against eight SmartCfg based Wi-Fi provisioning solutions designed by different wireless module manufacturers. Our analysis demonstrates that six manufacturers provide flawed SmartCfg implementations that directly lead to the exposure of Wi-Fi credentials: attackers could exploit these flaws to obtain important credentials without any substantial efforts on brute-force password cracking. Furthermore, we keep track of the smart devices that adopt such Wi-Fi provisioning solutions to investigate the influence of the security flaws on real world products. Through reversely analyzing the corresponding apps of those smart devices we conclude that the flawed SmartCfg implementations constitute a wide potential impact on the security of smart home ecosystems.

Presenters:

• Changyu Li
  Changyu Li graduated from Xidian University with the major of Information Security. After graduated, he continues studying at Shanghai Jiao Tong University, focusing on software security. He is now a member of Lab of Cryptology and Computer Security (LoCCS). He takes an interest in the security and privacy of Internet of Things; especially, smart home. Also, he is a big fan of CTF games.
• Quanpu Cai
  Quanpu Cai, a undergraduate student at Shanghai Jiao Tong University with the major of Cyber Security, now as a member of Lab of Cryptology and Computer Security (LoCCS). His interest covers a large span of security, including reversing and exploiting, mainly related to the area of Internet of Things.

Links:

• https://defcon.org/html/defcon-china/dc-cn-speakers.html#LiChangyu
• https://infocon.org/cons/DEF CON/DEF CON China beta/DEF CON China beta videos/DEF CON China beta - Changyu Li, Quanpu Cai - Passwords in the Air - Harvesting Wi-Fi Credentials from SmartCfg Provisioning (cn).mp4

Similar Presentations:

• Black Hat Asia 2020 Virtual / WIFI-Important Remote Attack Surface: Threat is Expanding
• HOPE 2020 Virtual Rescheduled / Advanced Wi-Fi Hacking With $5 Microcontrollers
• Black Hat Europe 2017 / Wi-Fi Direct to Hell: Attacking Wi-Fi Direct Protocol Implementations