So here we go again: i am watching no blink guy on Hak5. You can't fool me this time, i am starting to suspect that there is some sort of collab going on.
Damm RU-vid algorithm!!!! I was watching a video of Nullbyte and was thinking a collaboration with hack5 would be great... And what do you know... who need Neuralink when you have the power of RU-vid? Thanks for the share and bring back DK👍🏻✌🏻🇨🇦
The only problem with this hack is it requires the person to be physically there or somehow infect a attached device. For someone to do this when they aren't physically there there is virtually no gain into it and no way to really tell if whatever is wanting to be done is. I mean unless if you take over the cameras. Still, it 100% should be noted that you need a good firewall, you need to have your wifi alert you when a new user comes on your network, you need to know what risk level is, and you need to have something in the back of your mind for if your system gets hacked. And I think the first step is simply unplug the wifi
Securing your network is only fixing part of the problem. I hear this "if someone is inside my network, I have other issues" argument a lot especially when arguing that it is not important to secure devices in your network. Using only secured devices on top of a hardened network is what we all should aim for. That means no smart TVs, no use of unsecured protocol usage (all those esp32/8266 devices making non-encrypted connections and all those wifi light bulbs). Use TLS where possible and get rid of all those unauthenticated stuff that relies on your network being the only barrier.
Hey.. It's Michael # (X) and Kody K !💪 Stay strong Retia..Stay Strong!So that's why my (xxxx's) Bluetooth speaker keeps changing over to some random sounds of nature Ewetubes videos..( J/K) 🤣🤣🤣
IOT is just one big security nightmare and a dream for building products as you will have to replace them every three years as they will not have any firmware updates for security or the batteries will die.
So... basically you didn't "hack" anything - you just controlled devices without using their designated apps. This is pretty lackluster video for Hak5.
You were always in the network and you just used devices in the same way the user would. This is not hacking. This is annoying. Actually exploit the device get RCE on that speaker then open your mouth.
I would actually like to see a segment showing just how insecure these devices are from being hacked via the internet instead of just relying on getting connected to a person's local network.
You're right. This video is like: "Think what I could do if broke into your house!! To demonstrate that, let's assume I'm already in the house." The makers of this video should delete this video and educate folks on hardening and monitoring their network.
Through the magic of NAT it isn't as simple as one would think. Lan access is typically key for access to in-home devices. However, to get a similar effect from the internet, the web interface for the smart home devices would typically be the target such as weak passwords or a problem with the web application itself. Another way to do this would be exploit the person's devices via a phishing link or something similar. After initial access to their machine, an attacker would essentially have the same access as in the video via vpn or running code or commands on the device itself.
@@jasonvaf1 Oh I'm aware of that I was just curious how many of these devices are STILL so easily vulnerable to help show my grandmother why I can't stand them.
@TJ Lloyd Well the biggest issue I've heard is the fact that the security on these devices are often crap and can easily be accessed from the outside due to having common keys or what not and once a hacker gets in to one of them they can piggyback off of it to access the rest of your network and other devices at least that has been my understanding of all this which is one of the reasons I isolate my network with two routers keeping the IOT devices my grandmother insists on having on a separate network from the rest of my devices.
Best security practice is just to have a dumb house. I don’t need anything smart to control basic functions such as light switches and a thermostat for AC unit. With everything getting hacked more, I don’t trust the cloud services as much anymore. Back to the basics of having a server not on the internet and a private lan. Anything off the internet is safer than being on the internet for sensitive information.
this is why I have vlans. One for media devices. One for lights. One for google home and my smartphone. One for my computers. One for guests. Guest network can’t access anything. Friends and people I trust can access media but not lights. Etc.
I believe a true ethical hacker would notify the manufacturer developers so they can release a patch. Its best to give them a chance to protect the brand so customers keep buying their products. If not then release the video on how its done if the manufacturer's dont care about the potential issues or risk.
@@alexm8807 basically, if you get on the wifi network, by hacking in, you can easily control these devices as if you had the right to do so. The only other thing he had to do was research default password on the lights and find the control apps by brands. Wifi makes you much less secure. Implement white list by mac id, or use ethernet and can the wifi.
It's funny, I'm a PC technician...... yet my home isn't very "smart" at all. Manual lights, manual thermostats, no smart speakers.... Maybe that's what makes my home smarter.......
Mac filtering is hard to defeat in certain "hardened routers". Some routers have build in firewalls and IP tables and you can add every device there and tell the router no one else can get here. Another thing is to lower the power of the antenna and ethernet wiring.
I'd love to have the code used specifically to MITM the Wyze camera stream. Could be a great way to bring them into HomeAssistant without having to resort to the WyzeHacks Github repo along with another repo that has taken the video recorded via WyzeHacks from the NFS share on the network to encode it so that it can be received over BlueIris or other DVR solutions via RTSP.
If you are viewing it from his network no need to mitm. This is a totally unsophisticated hack, but a very sophisticated prank. He hacked the wifi. Think wifi pineapple....or just some other hacky thing to get on someone's network.
I like how, with the exception of the roku, every one of these smart devices are cheap Chinese IoT crap, those lights look to be tuya (which sells ready to brand IoT devices and associated server infrastructure), and that camera is the same, though Wyze has some affiliation with amazon
I am not sure what I gained watching this video. We know all of this is possible. But this doesn't tell us anything new, or any details on the actual exploit. And honestly the Chromecast is not really a hack.
If you want some real fun... go into a house with a Samsung wifi connected appliance and set up a tap for wireshark captures. Then consider that many of these appliances control explosive gas within your house, look at the packet captures again and ask yourself why would anyone purchase a Samsung connected anything... ever.
Wish this video was less trying to be script-kiddy cool, and more trying to be transparent and educational. Links in notes, mention of actual tool/projects in the video, and lists of specific products/version being targeted would have gone a long way.
My theory is that Smart Meters are part of the Internet of Things and will make total surveillance of everyone possible. I believe they send all your Internet data to data centers where it is kept.
Some people LOVE having their privacy invaded i'm convinced. They usually don't listen EVEN when you show them these sorts of things. Because they don't care.
hello @Hak5, introduce me to your big fan from Indonesia. keep up the spirit and never back down. oh yes, please please I am fluent in English. because of that, stick to the Indonesian version of the subtitles. thanks hack5