Cybersecurity
The goal of this research project was to see if we could find any vulnerabilities and obtain full persistence on an IoT device, while learning about embedded devices in general. This post will take you through our journey to find vulnerabilities in a common, reasonably priced IoT device. For our research, we chose a Night Owl ISP Smart Doorbell – WD2CLM.<\/p>\r\n\r\n
We felt the camera would be a good test subject as it is similar to Amazon Ring in size and features. We started the test by performing a complete hardware teardown of the device. This allowed us to identify pinouts for Universal Asynchronous Receiver\/Transmitter (UART). We also identified multiple Serial Peripheral Interface (SPI) flash chips, which store the filesystem and the bootloader.<\/p>\r\n \r\n\r\n
