Eléonore Carpentier & Corentin Thomasset
đ We did it! We won the European final of the Embedded security Challenge!! đ
Lean Enterprise Advanced Knowledge Solutions (LEAKS) is a private technology company that gets awarded most of the defense and military contracts of the country of IoTilandia. Given the sensitive nature of its contracts, LEAKS employs a complete air-gap separation for all its internal networks, ensuring no data is leaked through public connections.
A recent presidential order requires that all IoTilandia companies, including LEAKS, "IoTize" [sic] their infrastructure by making everything smarter; coffee makers, fridges, chairs, and light bulbs. To abide to this presidential order, LEAKS has installed sophisticated smart light bulbs in their offices and connected them to their internal network.
In the CSAW Embedded Systems Challenge 2018 (ESC18), you are tasked to exploit these newly installed smart light bulbs to exfiltrate IoTlandia secrets, bridging the air-gapped networks of LEAKS.
- Ingenious Lightbulb Hack Can Cause Seizures, Spy On 'Air-Gapped' Networks
- Ops, hackers can exfiltrate data from air-gapped networks through a malware controlled via a scanner
- Researchers Shine Light on Smart-Bulb Data Theft
- Reverse Engineering a Bluetooth Lightbulb
- Even More Bluetooh Smart Bulb Hacking: Dump du firmware
- Inside The Bulb: Adventures in Reverse Engineering Smart Bulb Firmware
- Web Bluetooth API (MDN)
- Interact with Bluetooth devices on the Web
- An introduction to the Web Bluetooth API
- Bluetooth internals chrome page: chrome://bluetooth-internals/