Reverse Engineering 101 of the Xiaomi IoT ecosystem

Dennis Giese

Event: HITCON14 CMT

Date: 2018/07/28

Abstract:

Is your home "smart"? Do you sometimes feel it may not be a good idea and you should take a closer look into the devices? In this talk, I will give an introduction to reverse engineering of IoT devices. In particular we take a look at the Xiaomi ecosystem. Whereas most IoT accessory manufacturers have a narrow area of focus, Xiaomi, an Asian based vendor, controls a vast IoT ecosystem. This includes smart lightbulbs, sensors, cameras, vacuum cleaners, network speakers, electric scooters and even washing machines. Their products are sold not only in Asia, but also in Europe and North America. The company claims to have the biggest IoT platform worldwide. Many of the devices, which are either sold under the label Xiaomi or are connected to their ecosystem, are actually developed by different vendors. Let's take a look at the different Wi-Fi based IoT devices and their implementations. These devices may be deeply integrated into the daily life and have a direct internet connection. We will see what kind of features, sensors and security features they offer. Our goal is to acquire control over the devices (like root) and try to use the device for another purpose. I will also cover some interesting things I discovered while reverse engineering the devices and discuss which protections were deployed by the developers (and which were not).


Presentation slides(PDF) on hitcon.org
Locally hosted Slides (PDF)
Link to official event website