BalCCon2k24

It’s Only Light, Right? Hacking the Shadows of Govee
2024-09-20, 18:10–18:40 (Europe/Belgrade), Tesla

With the growing popularity of gaming and home cinema, fueled by platforms like Twitch and Netflix, private gaming and cinema room setups have become increasingly common among enthusiasts. Govee, with its over 50 products and a distribution network across over 60 countries, has made significant strides in the RGBIC market. In 2020, it reported annual sales of 200 million dollars, highlighting its status as a global player in smart home devices and innovative LED lighting solutions. The focus of this research is one of Govee's flagship products, the H6054, which utilizes an LED setup behind the display and a camera to capture screen colors, creating an immersive experience, similar to Philips' Ambilight feature. The H6054 offers multiple attack surfaces including HTTPS and MQTTS APIs, two circuit boards, Android/iOS applications, firmware/update susceptibilities, and Bluetooth. This research was initially aimed at understanding Internet of Things (IoT) vulnerabilities through the lens of attacking a single device. However, due to the centralization of all owned devices in one account, unauthorized access was gained to all Govee devices. In total eight distinct vulnerabilities were discovered, ultimately granting access to over 12 million living and gaming rooms. This presentation will detail the journey of this research, highlighting the identified vulnerabilities and their broader implications for IoT security in smart home environments.

Lennert Preuth is a self-employed penetration tester with focus on source code reviews. Besides taking care of complex customer engagements, he does research and responsible disclosure. Additionally, he holds a IT-Security master from FH Technikum Vienna and has interest in bug bounty and live hacking events. He is a holder of several IT security certificates and has already published multiple security advisories and blog posts.