1 min read

When the Lights Go Out: Cracking the Sonoff / eWeLink Platforms

Bogdan BOTEZATU

December 14, 2020

When the Lights Go Out: Cracking the Sonoff / eWeLink Platforms

Smart lighting and automation have opened up tremendous opportunities in residential architecture and design. Whether in plain sight or hidden under drywall, these convenient and relatively inexpensive intelligent outlets and switches can act as a entry points for bad actors or can be hijacked for fun and profit.

This is the case with a vulnerability discovered in the ITEAD Sonoff / eWeLink platform-as-a-service that manages remote control and connectivity between smart switches, relays, or outlets and the software applications controlling them.

Using this vulnerability, a potential attacker can gain control of random devices and remotely access any functionality they offer.

If you want to learn more, please download the full whitepaper below:

Download the whitepaper

Our researchers are regularly inspecting IoT devices and platforms to identify vulnerabilities and develop new mitigations in the Bitdefender IoT Security Platform. This vulnerability was responsibly disclosed by Bitdefender to the affected vendor and the issue has already been fixed.

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
Bogdan BOTEZATUVictor VRABIE
9 min read
Debugging MosaicLoader, One Step at a Time Debugging MosaicLoader, One Step at a Time
Janos Gergo SZELESBogdan BOTEZATU
1 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign How We Tracked a Threat Group Running an Active Cryptojacking Campaign
Bitdefender

July 14, 2021

10 min read