Wireshark: Traffic analysis of a smart alarm system

From Embedded Lab Vienna for IoT & Security
Revision as of 11:08, 3 October 2019 by Jostrowski (talk | contribs)
Jump to navigation Jump to search

Summary

This is a traffic analysis of the Technaxx WiFi smart alarm system starter kit TX-84 using Wireshark.

Requirements

Analysis

This analysis looks at the network traffic of the smart alarm system and later in step "Smartphone communication" at the traffic between the Alarm system and Smartphone App.

With the help of the Princeton IoT Inspector we aere able to get a brief overview of the communications between the device and the outside world.

  • connections
  • traffic visualization

What is not covered by the Princeton IoT-Inspector is the internal traffic. We will later find out that is quite interesting.

Boot up

There are two main communications to the outside world: 1. Heartbeat and 2. HTTP Traffic

Heartbeat / "Hello" to Chinese server

While the device is turned on it will send a notification to a Chinese server that it is turned on and active.

Technaxx Alarm Heartbeat.png

The password looks like a base64 string -> decode it: hex representation: aeb20fe3ead5942602831840a5c7292f9d548c7e (=bit length: 140 ... probably sha-1 or sha-128)

HTTP Traffic

Technaxx Alarm HTTP.png

Used Hardware

References

I found a interesting presentation very similar to my findings
https://site.ieee.org/neworleans/files/2016/12/12052016-Presentation-IoT-security-website-copy.pdf
Retrieved from "https://wiki.elvis.science/index.php?title=Wireshark:_Traffic_analysis_of_a_smart_alarm_system&oldid=2123"