Profile picture
, 9 tweets, 5 min read
My Authors
Read all threads
As you might have noticed, I'm working on a low-cost single device Bluetooth Low Energy proxy based on @NordicTweets nRF52840.

I'll take my time for this, but wanna share some (meaningless) curiosities/spec violations I saw on some test devices (kept addresses visible) ...
@NordicTweets 1) The Logitech "R500" clicker rejects reading protected characteristic values with "Insufficient Authentication" Error (not "Insufficient Encryption")
@NordicTweets ... but reading the value after UNAUTHENTICATED pairing is fine (mode: 1, level: 2 == encryption, unauthenticated)

I assume this is true for most devices with IO capabilities "NoInputNoOutput", as it seems to be the only way to make iOS initiate pairing automatically.
@NordicTweets 2) AwoX smart bulb places a "User Description Descriptor" on a BT SIG defined Characteristic (ASCII string 'DevName' for a characteristic called 'Device Name' per spec)
@NordicTweets ... the same AwoX bulb declares a characteristic with 'Notify' property set, but doesn't provide a 'Client Characteristic Configuration Descriptor' to store the notify state (enabled / disabled).
@NordicTweets 3) The "Samsung Gear S3" advertises with all possible flags enabled, claiming not to support BR/EDR, while being a BR/EDR Host AND Controller at the same time
@NordicTweets So yes, all of this is meaningless ... so why do I care?

Because I have hard times cloning such weird devices, with a firmware backed by @NordicTweets softdevice, which enforces specs in many cases.
@NordicTweets Why I think you should care ?

I tested none of those devices for security issues, not even a tiny bit of fuzzing. But products not even able to follow specs, occur a bit fishy security wise.

Just thinking loud 😉

Stay safe
@AwoX @SamsungMobile @Logitech

Comments/clarification appreciated
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Marcus Mengs

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @mame82 see all

Profile picture
Marcus Mengs
@mame82
Personal challenge today:

1) Work on something I'm not good at
2) Do something calming

Solution: Do some soldering and reduce footprint of cheap USB-A plug inside by 50% to get some headroom for other things
No idea if this gets me somewhere. Maybe I should have tested the components upfront.

Doesn't matter ... it is somehow satisfying

P.S. seem I'm getting old, feel the need for a magnifying glass
Okay, I'm definitely not the right person to solder this up ... anyways, fits the housing basically.

@LucaBongiorni me pressing F1 !!
Read 15 tweets
Profile picture
Marcus Mengs
@mame82
Back to the roots:

LOGITacker v0.1.5-beta now supports USB keystroke injection (on 10$ hardware)
Quick how to (hopefully readable)
The update was quickly hacked together, because I need it for an engagement, myself.

Of course I share with you, but please hold back with feature requests. ToDo list is full ... triggering USB injection with Logitech devices (f.e. presentation clickers) is planned (low prio)
Read 7 tweets
Profile picture
Marcus Mengs
@mame82
Compromising hosts with with vulnerable presentation clickers needs network access for a back channel?

Wrong!

PoC: relaying a remote shell through the receiver of Logitech SPOTLIGHT presentation remote (host air gapped otherwise).
The receiver is unmodified. The client agent used to run the covert channel (data is hidden in RF protocol of presentation clicker) is deployed with copy&paste into powershell.

Of course this could be replaced with keystroke injection.
Those kind of attacks could be mitigated by using the Bluetooth mode of the clicker, instead of the receiver.
Read 6 tweets

Related threads

Profile picture
flyingless
@flyingless
I am working on a low-carbon university-based conference-hosting service, which a consortium of 3 or 4 universities would offer to professional associations that sponsor academic conferences. Let me know if your university might like to help me pilot something summer 2020. (1/4)
The conferences would be linked simultaneous in-person events in the 3 or 4 sites. Different from webinars, because they preserve the in-person character at each linked site. For background on the format: ). (2/4)
For a partner university, I seek expressions of interest with buy-in from a group including (a) a faculty member, (b) somebody from IT willing to support audio/visual links following our instructions or protocol, (c) perhaps somebody from office of sustainability. 3/4
Read 4 tweets
Profile picture
Jyotih
@RealMightyJoe
#share #thread #poem #qanon #QArmy #realmightyjoe #original
The following is one of my favorite poems I have ever written. On my phone so excuse any typos. I think it's the time to put this out there.
"As I Wept with the Devil"
The Fallen Angel would rather,
Crawl back to the pit of Hell.
Kill himself through his prechosen,
Ritual;
Then to ever have to see the Light,
The Truth.
The face of his Makers,
Mother and Father,
Ever again.
I do believe he truly hates God.
But Worships him still, to this Day.
Secretly,
His Mother he has attempted to erase from his-story.
Storytellers tell it differently.
We will politely dis-agree.
You Have No Power Over Me!
Read 17 tweets
Profile picture
Jenny Hill
@Jenny_C_Hill
📣📣 2 common misconceptions in (fairly decent) coverage of our #housing report.
1. We are only talking about NEW homes not connecting to gas grid. This is technology-neutral
2. Heat pumps do not cost 25k. That's a cost of retrofitting to EPC A / zero carbon homes spec... (1/5)
... which as we state, in practice you'd probably just not do. It's a thought experiment to show the benefit of designing more efficient ultra-low energy bill homes from the start for ~5k. A one time opportunity not to miss. (2/5)
For existing homes, we call for a heat strategy within 3 years which deploys low- and no-regret options and develops key options for remaining gas heated buildings (3/5)
Read 5 tweets
Profile picture
Darcey Dupuis
@1ProudCdn
Mega Thread of Opinion (1 of 52)

My take on #Election2019, is one that will surprise all #Canadians who will take the #time to read past this #headline. It will be a #long #series of #tweets that will be #purely #honest & straight to the #point.
This #series of tweets will contain #jabs at #voters, the #media & our #political #parties & they are #jabs, that in my own #opinion are #merited. Agree or don’t agree, I won’t care, but it needs to be said to ease my conscience in the lead up to our election!
In 2015, Canada’s #media, declared that #Trudeau & .@liberal_party outflanked the @NDP on leftist policies & for the 1st time in recent history the media supported large deficits & destruction of our country’s finances over a more balanced approach. Let’s stop here for a sec.
Read 52 tweets
Profile picture
Sibel Edmonds
@sibeledmonds
#Khashoggi Case Thread: I am going to ‘pin’ this post to use it as an ‘Info Thread’ on the #Khashoggi Case. I am in #Turkey. I’ve been following the case closely and with access to sources & experts here. This is a very ‘sensitive’ criminal case due to ‘Diplomatic Booby Traps’!!!
The Evidence Obtained Outside Cameras will not show any evidence of ‘tempering’ but other than license plates of dozens of diplomatic cars (Many with tinted windows-large trunks) with related time stamp, drivers Info, model/year: Nothing.
#Turkish Intel-Investigative Bodies also have the list of all Diplomatic & Private Saudi & “other significant’ Planes in #Turkey for the period of ‘interest.’ Many of the Target airports have their own security cameras & related evidence.
Read 335 tweets
Profile picture
Samuel Akinlotan
@SamAkinlotan
I have received a few messages enquiring about developing a career strategy.

I sincerely can't respond individually as it would take more time and I'd rather share about this at 1pm.

At 1pm, let's talk about developing a career strategy that aligns with your career vision.
What is a career strategy? #CareerTalkswithSam
Having a career strategy isn't a nice-to-do, it's a must do - if you expect to gain maximum success from hours you invest in work.

You are likely going to work for your entire adult life – which spans about 20-50years.

Why not make the best that you can create of these years?
Read 30 tweets

Trending hashtags

#Bezos #Prestitute #Assange #demands #childbirth #electricity #USARendition #NDP #Khadhoggi #long #Audio #Syria #GoldmanSachsGroup #terrorism #share #Rational #SuudiBaharı #Globalist #Erdogan #politics #Kaşıkçı #Arab #Merkel #MBS #social
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!