icy does git — site: e4acfc005341db57fae05c396a290a277b35bb9d

Add original post link

Signed-off-by: Anirudh <icyph0x@pm.me>

Anirudh icyph0x@pm.me

Tue, 06 Aug 2019 16:24:23 +0530

commit

e4acfc005341db57fae05c396a290a277b35bb9d

parent

91b442f90bd2c4b7f5672e41a8ec6f4123c0089e

2 files changed, 7 insertions(+), 3 deletions(-)

jump to

build/blog/fb50/index.html

pages/blog/fb50.md

M build/blog/fb50/index.html → build/blog/fb50/index.html

@@ -41,6 +41,8 @@ <h1 id="picking-the-fb50-smart-lock-cve-2019-13143">Picking the FB50 smart lock (CVE-2019-13143)</h1>
 
 <h2 id="and-lessons-learnt-in-iot-security">… and lessons learnt in IoT security</h2>
 
+<p>(<em>originally posted at <a href="http://blog.securelayer7.net/fb50-smart-lock-vulnerability-disclosure">SecureLayer7&#8217;s Blog</a>, with my edits</em>)</p>
+
 <h3 id="the-lock">The lock</h3>
 
 <p>The lock in question is the FB50 smart lock, manufactured by Shenzhen
@@ -69,7 +71,7 @@ 
 <p><img src="/static/img/bt_ws_value.png" alt="wireshark write req" /></p>
 
 <p>We attempted replaying these requests using <code>gattool</code> and <code>gattacker</code>,
-but that didn&#8217;t pan out, since the value being written was encrypted.<sup class="footnote-ref" id="fnref-1"><a href="#fn-1">1</a></sup></p>
+but that didn&#8217;t pan out, since the value being written was encrypted.<sup class="footnote-ref&#8221; id="fnref-1"><a href="#fn-1">1</a></sup></p>
 
 <h3 id="via-the-android-app">Via the Android app</h3>
 
@@ -181,7 +183,7 @@ (the attacker) needs to authorize that. </p>
 
 <p>To add to that, roughly 15,000 user accounts&#8217; info are exposed via IDOR.
 Ilja, a cool dude I met on Telegram, noticed locks named &#8220;carlock&#8221;, 
-&#8220;garage&#8221;, &#8220;MainDoor&#8221;, etc.<sup class="footnote-ref" id="fnref-2"><a href="#fn-2">2</a></sup> This is terrifying.</p>
+&#8220;garage&#8221;, &#8220;MainDoor&#8221;, etc.<sup class="footnote-ref&#8221; id="fnref-2"><a href="#fn-2">2</a></sup> This is terrifying.</p>
 
 <p><em>shudders</em></p>
 
@@ -208,7 +210,7 @@ with keys. With the IoT plague spreading, it brings in a large attack surface
 to things that were otherwise &#8220;unhackable&#8221; (try hacking a &#8220;dumb&#8221; toaster).</p>
 
 <p>The IoT security scene is rife with bugs from over 10 years ago, like
-executable stack segments<sup class="footnote-ref" id="fnref-3"><a href="#fn-3">3</a></sup>, hardcoded keys, and poor development 
+executable stack segments<sup class="footnote-ref&#8221; id="fnref-3"><a href="#fn-3">3</a></sup>, hardcoded keys, and poor development 
 practices in general.</p>
 
 <p>Our existing threat models and scenarios have to be updated to factor

M pages/blog/fb50.md → pages/blog/fb50.md

@@ -8,6 +8,8 @@ 
 # Picking the FB50 smart lock (CVE-2019-13143)
 ## … and lessons learnt in IoT security 
 
+(*originally posted at [SecureLayer7's Blog](http://blog.securelayer7.net/fb50-smart-lock-vulnerability-disclosure), with my edits*)
+
 ### The lock
 
 The lock in question is the FB50 smart lock, manufactured by Shenzhen

all repos — site @ e4acfc005341db57fae05c396a290a277b35bb9d

source for my site, found at icyphox.sh