In part 1 of this post, I wrote about analyzing the firmware of the OBi200 and getting a root shell leveraging an existing RCE vuln. In this post, I’ll cover the process of identifying the serial port pins and connecting them to get console access to the device. Protocol Recall the serial interface listening at …
The OBi200 by Obihai is a VoIP gateway for home/SOHO that integrates with Google Voice. It supports most standard VoIP features out of the box and can integrate with virtually any “bring your own device” SIP service. I purchased one earlier this year to act as a landline in my home (without monthly fees) and …
Earlier this year I received a Nextdoor message from my County Police Department announcing a “Property LockBox App” they’d released (purchased) for citizens. There was no previous communication regarding this app that I could find, so I was interested in learning more about it. As the app description states, Bright City is “[a] 2-way, dedicated mobile application for cities …
Verizon Messages (Message+) is a group of software clients available for mobile, desktop, and web aimed at enhancing/unifying the VZW text messaging experience across multiple devices. While it has a few additional features outside of SMS, I was most interested in activating it for its web app client when at a desktop/laptop. After I installed the Android app and …
A few months ago an article in the local news covering the launch of the Rave Panic Button caught my attention. I hadn’t heard of it before but the idea seemed interesting: efficiently coordinate emergency 9-1-1 notifications across multiple involved parties, i.e. emergency dispatch, on-site employees, and first responders. The system can also share important data about an affected location such as floor plans, emergency contacts, and even surveillance …
I’ve previously written about a server-side vulnerability in Verizon’s webmail client, but I thought it was also worth covering a couple of interesting client-side vulns I discovered that would’ve allowed an attacker to compromise a victim’s entire email account. I started by attempting to identify the allowed HTML elements/attributes in the webmail client. Although there’s probably a better way to …
The adoption of bug bounty programs, or vulnerability disclosure programs, has increased rapidly over the past few years, even extending to industries outside of the technology sector — United Airlines, GM, and the Pentagon are great examples. From enormous organizations like Google and Facebook, to small startups with a handful of employees, companies of all sizes seem to be …
I have worked with Verizon numerous times in the past while reporting serious security vulnerabilities, including a critical vulnerability in their MyFiOS app’s API that exposed the email accounts of all users. While I was recently researching the Verizon webmail portal, I discovered multiple vulnerabilities of varying severities — some of which I will likely write about in the …
Shortly after my recent blog post concerning widespread XSS in ad network code, I discovered similar vulnerabilities in Flash video ads (and other Flash products/components), resulting in a substantial industry-wide mitigation of XSS in Flash-to-JavaScript communication. Perhaps most interestingly, these vulnerabilities presented risks similar to my previous findings except that, in most cases, Ad-Block solutions employed by the …
I had almost forgotten about my experience with Worldpay’s Merchant Portal from just over a year ago, but my recent post regarding another payment processor helped to refresh my memory. I occasionally help one of my family members’ small business with almost anything technology-related, including their e-commerce solution. In this case, I was helping them switch their payment gateway …