Less than 5min with bettercap and sslstrip to intercept XMPP+STARTTLS. Always check certs y’all. No exceptions.
@moparisthebest pretty much everything under the umbrella of IoT is non-compliant with the protocol standards they use for telemetry.
For example, XMPP core states one MUST validate certificates if they are used. Given that my successful attack was both fast and trivial, it’s clear that part of the spec was ignored on the client and that indeed the server did not require a client cert or a stronger xmpp-sasl authentication method than “PLAIN”.
A post is coming soon.