BloomTech’s Downfall: A Long Time Coming

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Smart Vacuum Cleaners as Remote Wiretapping Devices - Easterhegg - 2019

media.ccc.de via YouTube

Start learning Write review

Overview

Limited-Time Offer: Up to 75% Off Coursera Plus!
7000+ certificate courses from Google, Microsoft, IBM, and many more.
India: 75% Off World: 40% Off
This course teaches how to exploit the Neato Connected firmware to control high-end vacuum cleaners, focusing on privacy, security, and safety implications. Participants will learn about firmware extraction, analyzing weak encrypted coredumps, identifying vulnerabilities like buffer overflow, and achieving remote code execution with root privileges on the robot. The teaching method includes topics such as firmware updates, serial debugging, breaking QNX systems, and secure boot bypass. The course is designed for individuals interested in cybersecurity, firmware analysis, and IoT device security.

Syllabus

Intro
Infrastructure
Firmware Updates
Firmware Update Process
Serial Debug Port
Breaking QNX SDP 6.5 License Management
Boot Me If You Can #2
Extracting the Neato IFS
QNX Boot Process
Secure Boot Bypass (CVE-2018-20785)
"BlackBox" Logs & Coredumps
RC4 For Beginners (CVE-2018-17177)
Generating and Interpreting Coredumps
Buffer Overflow Vulnerability
Controllable Registers
Vulnerable Function
Vulnerability Root Cause
Determining Factors for the Exploit
Our Exploit
Implications
Root Remote Code Execution via Cloud (CVE-2018-19442)

Taught by

media.ccc.de

Reviews

Start your review of Smart Vacuum Cleaners as Remote Wiretapping Devices - Easterhegg - 2019

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.