A security engineer with a background in software engineering, infrastructure and pentesting. As is standard fare for a large part of the community, I've picked up a passion for computing as a teenager and have yet to let it go. Naturally, that means that a decent portion of my free time is spent on programming, hacking or participating in capture the flag tournaments. The latter of which I usually do with the Spotless CTF team (https://spotless.tech).
Smart lights have become pervasive in many homes, but they are often designed in such a way that makes them completely reliant on the manufacturer's servers and connectivity to the Internet. However, we would much rather be fully in control of our own devices.
As a target, we took on the cheap and popular Tuya white-label smart lights, which can be commonly found under many different brand names.
In this talk, we'll take you on a trip through our 1-year journey of hacking these devices, including the details of finding and remotely exploiting a vulnerability in the firmware for devices based on the custom BK7231 SoC.