Skip to content

Latest commit

 

History

History
34 lines (22 loc) · 1.2 KB

README.md

File metadata and controls

34 lines (22 loc) · 1.2 KB

Netatmo exploit

Working on firmware version <= v119

Description

Affected product: Netatmo Weather Station

By emulating the same usb commands of the Desktop or Mobile application used to setup the indoor sensor module, it is possible to retrieve the Wifi SSID and Password of the networks to which the station is configured in cleartext. No authentication is required. The vulnerability can be exploited both via USB or Bluetooth. The exploit requires a physical access to the device using USB cable or touching an upper button on the indoor module to activate the Bluetooth. The affected firmware versions of the indoor module are those previous v119.

Requirements

python3

pip install numpy
pip install hidapi

do not install hid

PoC Exploit

A proof of concept exploit for the USB port is available for:

exploit

Timeline

  • Discovered and reported 13/02/2016
  • Acknowledge from Netatmo 18/02/2016
  • Officially Fixed in release v120 on 08/03/2016