While most IoT accessory manufacturers have a narrow area of focus, Xiaomi, an Asian based vendor, controls a vast IoT ecosystem, including smart lightbulbs, sensors, cameras, vacuum cleaners, network speakers, electric scooters and even washing machines. Their products are sold not only in Asia, but also in Europe and North America. The company claims to have the biggest IoT platform worldwide.
Their devices may have a deep integration in the daily life and are able to collect a lot of personal data. However, not all devices in Xiaomi's ecosystem are created equal. Whereas some devices are designed by Xiaomi itself, many IoT devices were developed by other companies and then integrated into their ecosystem. This results in different quality levels for software and designs.
In this presentation, I will provide an overview over the most common Wi-Fi enabled IoT devices in Xiaomi's ecosystem. We will take a look at their platforms, designs, features and vulnerabilities. How can we modify the devices to disconnect them from the cloud or to do something useful? Which device protections are deployed by the developers? And more important: What are the most common mistakes?
After having reverse engineered over 40 different models of their ecosystem, I would like to share some interesting things I discovered while reverse engineering Xiaomi's devices and discuss what the developers may have done better.