Skip to main content

Ethical Hacking

In this project we do ethical hacking (penetration testing / white hat hacking) of various devices and systems.

Additional information

More information about the Ethical hacking lab can be found here .

Vulnerabilities published

CVE-2020-13119  - ismartgate PRO 1.5.9 is vulnerable to clickjacking. Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.
CVE-2020-12843  - ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used. Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.
CVE-2020-12842  - ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.
CVE-2020-12841  - ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.
CVE-2020-12840  - ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.
CVE-2020-12839  - ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.
CVE-2020-12838  - ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.
CVE-2020-12837  - ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used. Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.
CVE-2020-12282  - iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.) Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.
CVE-2020-12281 - iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php. Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.
CVE-2020-12280  - iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php. Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.

CVE-2020-15781  - XSS in Siemens SICAM A8000 RTUs. Student: Emma Good, Supervisor: Pontus Johnson, Examiner: Mathias Ekstedt

CVE-2019-12941  - AutoPi Wi-Fi/NB and 4G/LTE devices allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device. Students: Aldin Burdzovic and Jonathan Matsson, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.

CVE-2019-12944  - Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable. Student: Arvid Viderberg, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.

CVE-2019-12943  - Insecure permission, password reset function, in TTLock Open Platform. Student: Arvid Viderberg, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.

CVE-2019-12942  - Insecure permission, account revocation mechanism, in TTLock Open Platform. Student: Arvid Viderberg, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.

CVE-2019-12821  - Vulnerability in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. Students: Theodor Olsson and Albin Larsson Forsberg, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.

CVE-2019-12820  - Vulnerability in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, possible MiTM attack on http. Students: Theodor Olsson and Albin Larsson Forsberg, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.

CVE-2019-12797  - Vulnerability in a clone version of an ELM327 OBD2 Bluetooth device, hardcoded PIN leading to arbitrary commands to an OBD-II bus of a vehicle. Students: Ludvig Christensen and Daniel Dannberg, Supervisor: Pontus Johnson, Examiner: Robert Lagerström.

CVE-2018-3786  - A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument. Pontus Johnson

Media coverage

Swedish television SVT reports on how the police hacked phones used by criminals , 2020-09-16.

Swedish television SVT reports on vulnerabilities found in a smart garage application , 2020-07-12.

Swedish magazine Energi  reports about our work on cyber security in the power domain, 2019-12-20.

Expressen reports on cyber risks in modern cars  with comments from Robert Lagerström, 2019-11-21.

Dagens Industri (web-TV) with a panel on cyber security in cars  with Robert Lagerström in the panel (in Swedish), 2019-11-21.

Svenska forskare ska hacka europeiska elbolag , NyTeknik, 2019-09-09.

Swedish Radio reports on the importance of cyber security and ethical hacking (w. MSB & KTH), Ökat behov av etisk hackning , 2019-09-06.

Därför ska KTH hacka elbolag i Bulgarien , Forskning & Framsteg, 2019-09-06.

Nu ska elbolagen hackas – KTH får 1,5 miljoner till white hats , Computer Sweden, 2019-09-04.

Svenska forskare hackar elbolag i Europa , KTH News, 2019-08-30.

Dagens Nyheter write about vulnerabilities in car dongles  found by Aldin Burdzovic and Jonathan Matsson, 2019-06-01.

Louis Cameron Booth and Matay Mayrany interviewed in SVT about hacking electric scooters , 2019-05-11.

Robert Lagerström interviewed in Metro about hacking smart homes , 2019-04-28.

Robert Lagerström in KTH news about smart city security and ethical hacking , 2019-04-24.

Theodor Olsson and Albin Larsson Forsberg interviewed in TV4 about hacking a robot vacuum cleaner , 2019-04-24.

Swedish TV interview with Pontus Johnson doing a live hacking demonstration .

Swedish TV interview with Pontus Johnson on the vulnerabilities of smart consumer products .

Swedish TV interview with Pontus Johnson on the vulnerabilities of the 5G network .

Kurser i etisk hackning ska öka it-säkerhet  (interview with Pontus Johnson, Radio P1 Ekot)

Den goda hackern  (interview with Pontus Johnson, Radio P1 Uppkopplad)

KTH utbildar i etisk hackning  (interview with Pontus Johnson, Radio P3)

KTH utbildar försvarets cybersoldater , NyTeknik, 2019-06-13.

Uppkopplingen gör bilen smartare – men hackare kan ta kontroll över ratten , Dagens Nyheter, 2019-06-01.

KTH öppnar sin utbildning i etisk hackning – företagen också välkomna  (Computer Sweden)

Ny KTH-kurs ska lära företag att tänka som hackare  (Ny Teknik)

Han utbildar företagare till hackare  (DI)

Vithattar blir svarta på KTH  (Voister)

Nu kan du plugga till hackare på KTH  (Computer Sweden)

Swedish University Offers ‘Ethical Hacking' Courses for 'Greater IT Security'  (Sputnik news)

Шведский ВУЗ будет готовить хакеров  (Kompravda)

Reports

[1]
N. Kakouros, P. Johnson and R. Lagerström, "Detecting plagiarism in penetration testing education," in Nordsec 2020, The 25th Nordic Conference on Secure IT Systems, November 23-24, Online, 2020.
[2]
O. Andrén and A. Heurlin, "Snapchat Spectacles 2.0 : Shakey or Secure," , 2020.
[4]
C. Torgilsman and E. Bröndum, "Ethical Hacking of a Robot Vacuum Cleaner," , 2020.
[5]
[13]
T. Höglund Gran and E. Mickols, "Hacking a Commercial Drone," , 2020.
[15]
L. Cameron Booth and M. Mayrany, "IoT Penetration Testing: Hacking an Electric Scooter," , 2019.
[16]
L. Christensen and D. Dannberg, "Ethical hacking of IoT devices: OBD-II dongles," , 2019.
[18]

Viktor Edström and Eldar Zeynalli, Bachelor thesis, KTH Royal Institute of Technology, Sweden, 2020.
​​​​​​​Penetration testing a civilian drone: Reverse engineering software in search for security vulnerabilities

Gustav Marstorp and Hannes Lindström, Bachelor thesis, KTH Royal Institute of Technology, Sweden, 2018. Security Testing of an OBD-II Connected IoT Device (pdf 155 kB)

Simon Carlsson and Max Näf, Bachelor thesis, KTH Royal Institute of Technology, Sweden, 2018. Internet of Things Hacking  

Various

Arvid Viderberg

Vulnerability Report TTLock Password Reset (pdf 166 kB)

Vulnerability Report TTLock State Consistency (pdf 99 kB)

Vulnerability report Glue lock Account revocation (pdf 164 kB)

Page responsible:Web editors at EECS
Belongs to: Network and Systems Engineering
Last changed: Oct 05, 2020