Skip to content
/ NetatmoExploit Public

Netatmo vulnerability to recover WiFi SSID and passwords in clear saved on the device

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jimmy-sonny/NetatmoExploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
slides
slides
 
 
README.md
README.md
 
 
exploit_usb.py
exploit_usb.py
 
 
exploit_usb_v3.py
exploit_usb_v3.py
 
 
netatmo exploit.png
netatmo exploit.png
 
 

Repository files navigation

Netatmo exploit

Working on firmware version <= v119

Description

Affected product: Netatmo Weather Station

By emulating the same usb commands of the Desktop or Mobile application used to setup the indoor sensor module, it is possible to retrieve the Wifi SSID and Password of the networks to which the station is configured in cleartext. No authentication is required. The vulnerability can be exploited both via USB or Bluetooth. The exploit requires a physical access to the device using USB cable or touching an upper button on the indoor module to activate the Bluetooth. The affected firmware versions of the indoor module are those previous v119.

Requirements

python3

pip install numpy
pip install hidapi

do not install hid

PoC Exploit

A proof of concept exploit for the USB port is available for:

exploit

Timeline

  • Discovered and reported 13/02/2016
  • Acknowledge from Netatmo 18/02/2016
  • Officially Fixed in release v120 on 08/03/2016

About

Netatmo vulnerability to recover WiFi SSID and passwords in clear saved on the device

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages