Hacking Around with FiOS’ Motorola Set Top Boxes
I apologize for this extremely technical post. If you don’t understand technology, go read something else. Otherwise…
I am a very nosy person when it comes to my home network (must be the admin in me). I looked in the router and noticed an automatic port forwarding rule was added, forwarding any TCP traffic to 192.168.1.101:8082 (which is my set top box). When accessed from a browser, I get a Motorola login prompt, but have no idea what the password is. If anyone knows, throw it in the comments. So there is a web based interface to the STB which I can’t access. Interesting.
So Verizon has an Android App that controls my DVR from on the go. Apparently, it authorizes with the box using a pin and the cell phone number, and then is able to connect to the home network and schedule a recording. Which gave me an idea…
If I ARP poison my router and do a man in the middle attack, I could essentially packet sniff traffic coming to the router and passing to the box. So I set that up and then sent a command to DVR something from my phone. No dice – Verizon uses SSL certificates and it knew something was bonked, so I couldn’t even communicate with the DVR from my phone. Very cool, how they’re using SSL – it keeps people like me (or real hackers) from sniffing my own traffic.
There was a ton of UDP traffic and here are some interesting things I pulled out of the packet sniffer:
- User Agent of something (maybe the STB): Mozilla/4.0 (compatible; AP:Fios-Mercury/09.97; PL: Motorola-DCT/23.51; BX:### UA: ##### U; en-US)
- Yeah, most of the rest of it is useless…
I’m sure I can get some Defcon guys to break in, I’m just not that good. And now, back to doing nothing.
FiOS
2 Responses
Leave a Reply Cancel reply
You must be logged in to post a comment.
Tags
Android Annoyances Apple Apps Bad Engineering Baseball business Cablevision Chats common sense Crime darwin awards drugs Environment Facebook FiOS Firefox Google Google Chrome Government Grammar Hicks Holiday Internet Explorer Malware Metallica Money MTA net neutrality NYC Philosophy Phones Politics Pride Programs satire Science Song of the week Stupidity Torrents Verizon war Weather WordPress Yankees
Hodie says:
use sslstrip
trump6 says:
A page on the web interface for the verizon router says “password” for the set top box is 99999999988888888. Tried it, and with a few logical user names, but nothing.