Skip to content
/ IoTConnectExploitApp Public

This is an Exploit App I made when solving the iOTConnect from MobileHackingLab. It will brute force the Master Switch PIN and send a broadcast with it to turn ON all IoT devices

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tinopreter/IoTConnectExploitApp

BranchesTags

Repository files navigation

IoTConnect Exploit App 📱

This is an Exploit App I made when solving the iOTConnect from MobileHackingLab.

About Vulnerable App 💣

This app behaves like a Central hub for all iOT devices connected to the same network, it allows the user to turn the devices ON/OFF remotely through the app. All new accounts created through the app are of the guest privilege. Guests can't control some devices like A/C, Speaker, etc.

image

There exists a Master Switch that can be used to switch ON all devices. You need to have the 3 digit PIN to flip the switch. Even if a guest account has this PIN, they still can't flip the switch. Your account needs to be privileged to use this Master Switch feature.

image image

This app exploits a vulnerability in the source code to successfully brute force the 3-digit PIN and flip the Master Switch at the same time.

image

Reach Out to me:

tinopreter tinopreter tinopreter

About

This is an Exploit App I made when solving the iOTConnect from MobileHackingLab. It will brute force the Master Switch PIN and send a broadcast with it to turn ON all IoT devices

Topics

android static-analysis cybersecurity android-studio sast mobilehacking

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

BadSploit-IoTConnectExploitApp Latest
Jun 11, 2025

Packages

No packages published

Languages