In August, I attended the IEEE iThings 2022 conference to present a paper titled “IoT Droplocks: Wireless Fingerprint Theft Using Hacked Smart Padlocks”. If you have access to the IEEE Xplore library you can view the published version. I’ve made an arXiv preprint available as well. If you want a shorter, simpler version, read on below.
[Read More]Meep Meep! A story of certificate (un)verification 🔏📜🔍❌
ACME clients seldom check the certificates they receive
This article discusses the lack of certificate checking done by ACMEv2 clients, as well as the lack of provision in the ACMEv2 protocol specification to encourage any checking. This article explores the implications of this, and demonstrate why we should probably being doing some additional checks in our ACMEv2 clients.
The project is called “Meep Meep”, because that’s the sound a roadrunner makes. The author couldn’t think of a cleverer name for something related to ACME.
[Read More]