Skip to main content

Posts

Showing posts from November, 2022

Automating Unsolicited Richard Pics; Pwning 60,000 Digital Picture Frames

Summary  The research for this post was done sometime in January of 2022, I was diagnosed with Cancer in February of 2022, and have been struggling to find to the time to finally post it. Much of it was written in chunks, so hopefully it makes sense. In this post I will talk about what led me down the path of researching the security of IoT digital picture frames. My research on these picture frames and supporting mobile application led to the creation of four CVE’s. The vulnerabilities I discovered allowed me to access client information, clear-text credentials, bypass authentication and access controls of the frames. Merry Christmas Mimi! During our annual brainstorming of Christmas gift ideas for my wife’s elderly grandmother, we thought a digital picture frame would be perfect. Mimi is 94 years old, and lives in a local nursing home. Covid has made it difficult for family to visit her and for her to leave the home as much as she used to. We decided to look for a picture frame that