Once a Haxer, Always a Haxor

Share and earn Cybytes
Facebook Twitter LinkedIn Email

As the story goes, you never learn to be a hacker—it’s just something you’re born as.

Just like most hackers, I couldn’t wait to take my Christmas toys apart to see how they worked when I was a child. And, of course, I was always able to put them back together in working order, so I was a natural-born hacker. My oldest brother took things apart, too, but once he did, he was rarely able to reassemble them, let alone make them work again. He, of course, went on to be a manager.

Jumping forward more than 40 years, and these skills have come into full play in my role as the Research Lead (IoT) here at Rapid7. One of the fun parts about my job is that I often get to take IoT technology apart. I use these opportunities to expand my knowledge on technology, electronics, and security for the purpose improving the knowledge of others, such as coworkers, customers, consumers, and manufacturers. So, I figured this year I would share my adventures on basic disassembly and examination on this year’s Christmas present.

Disassembling an Amazon microwave

Amazon recently released a basic, voice-controlled microwave oven. I couldn’t pass up looking at one of these devices, so I placed a pre-order and the device showed up at my house on Nov. 12 (Santa came a little early this year). My main goal was just to understand the construction of such devices. Since they all work around the frequency of 2.4 Mhz, how do you add WiFi and Bluetooth low-energy (BLE) communication to a microwave without having issues with interference from the microwave itself?

Amazon basic microwave

Once the microwave was unpacked, I powered it up and configured it to make sure it worked properly and I understood its general features. At first, the microwave starts up a BLE service. Using the correct mobile application, you attach to the BLE service and configure the WiFI access point (AP) connection settings. After that, the device reconnects via your WiFi AP and shuts down the BLE service.

At this point, it was time to tear down the device to identify and understand its components. First, always unplug a device for safety reasons—I learned that trick as a child, when I received a few serious electrical shocks poking around inside energized gear. But as they say, what doesn’t kill you makes you stronger.

When disassembling the device, the hardest part is often taking off the case, and that was no different here. All but one screw came out easily, but the last screw was torqued on so tight I had to use a Vise-Grip and a hammer to tap it loose. After a few minutes, I successfully removed the last screw and had the cover off.

Here, all caution should be taken to not move, change, or damage any of the oven shielding components. At that point, I was only interested in examining the electronics. In this case, there was only one circuit board, so I first documented all of the plugs and wiring connectors, then carefully removed the board from the chassis for examination.

Circuit board removal

After physically examining it, I quickly realized there was no WiFi or BLE circuitry on the main circuit board and no more circuit board inside the microwave. However, while examining the main board, I did find a connector marked “WiFi.”

WiFi connection

Tracing this connection back, I discovered that these four wires—which were also marked as universal asynchronous receiver transmitter (UART)—fed into the power cable. As I looked at the power cable, I saw the cable was marked as “WiFi Cable.” At first I was confused, but quickly realized that the best way to avoid issues with microwave communication interference was to move the WiFi and BLE further away from the oven and use a shielded cable to communicate to it. So, I assumed they placed the component in the head of the power plug. With a little work using a razor saw, I was able to confirm this.

Circuit in the power plug

So, my next step was to remove the board, clean it up, remove any covers to gain access to the chips, and configure the power cable and connection so further testing could be done later. I first cleaned up the circuit board and added 2.54mm headers to it. Next, I extracted the four color-coded wires further up the shielded cable so I could add plug connectors to them. This allowed me to safely test the communication board with the microwave powered up.

Setup for further testing

In conclusion, we successfully disassembled a device and learned its basic construction and how it was designed to protect the communication from the microwave energy. We then safely reassembled the device so it still worked—and staged it so we could conduct further testing and analysis of the electronics at a future date.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Rapid7
Rapid7 (NASDAQ:RPD) powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and DevOps teams. The Rapid7 Insight platform empowers these teams to jointly manage and reduce risk, detect and contain attackers, and analyze and optimize operations. Rapid7 technology, services, and research drive vulnerability management, application security, incident detection and response, and log management for more than 7,000 organizations across more than 120 countries, including 52% of the Fortune 100.
Promoted Content
30-Day Trial: UBA-Powered SIEM with Rapid7's InsightIDR
Rapid7 InsightIDR delivers trust and confidence: you can trust that any suspicious behavior is being detected, and have confidence that with the full context, you can quickly remediate. From working hand-in-hand with security teams, we understand how painful it is to triage, false-positive, vague alerts and jump between siloed tools, each monitoring a bit of the network. InsightIDR combines SIEM, UBA, and EDR capabilities to unify your existing network & security stack. By correlating the millions of events your organization generates daily to the exact users and assets behind them, you can reliably detect attacks and expose risky behavior - all in real-time.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?