A relatively common approach to designing cost effective, user-friendly, chip-to-cloud solutions is to leverage the communication capabilities of the user's mobile phone. As a result, instead of endowing the device with all the required electronics and software that would enable it to autonomously transmit and receive data from the internet, the product is developed to use a short-range communication stack such as Bluetooth/NFC (something any modern mobile phone supports by default) and then an App in the phone will create a communication channel with the backend, thus acting as a bridge for both worlds. For instance, we can find this architecture in solutions for handling rental cars (virtual keys), electronic identity, authentication, and all kind of of IoT devices such as Electronic BagTags . In this post I'm covering the analysis of an eID solution, let's call it ' Honest eID ', that implements this paradigm. I'm deliberately anonymizing/omitting certain te
A recent story has been making the rounds: " Hundreds of Nuclear Radiation Monitors Were Allegedly Hacked by Former Repairmen ". Basically, it seems that more than a year ago two disgruntled employees sabotaged +300 radiation monitoring devices, which were part of a nation-wide civil radiation monitoring network (RAR) in Spain. On top of that, they were apparently using the free WiFi of a Starbucks to carry out their activities. Obviously not being the sharpest tool in the box they were eventually caught. In this story there is a boring part, which is everything related to these guys and their motivations, and a slightly more interesting part which is the underlying technology behind Radiation Monitoring Networks (RMN). In 2017 I presented at BlackHat USA ' Go Nuclear: Breaking Radiation Monitoring Devices ", so I thought it could be interesting to write a brief post to provide some context. The NeverEnding story As in most 'disgruntled employee' attacks,