SilverCrest SWS-A1 IoT power outlet

SilverCrest SWS-A1 is an IoT controlled electrical outlet device sold by Lidl.  It connects to home Wifi network and that can be controlled with smartphone app anywhere where you have Internet connection. Silvercrest app allows to control the electrical outlet on and off (ON is meaning contact the power between electrical appliance and power supply. OFF is vice versa.).  The control way is, apps send the signal to cloud server, cloud server translate the directive and forward to wi-fi plugtop through wi-fi router.

Here is pictures of outside of SilverCrest SWS-A1

What is inside?
Let’s open the device (a special screw driver with triangle shaped head is needed to open the two scres).

On the top left in the circuit board is the relay (black box) that switches the output power on and off. It seems to be protected against overload with an overheating protective fuse (white square) mounted on top of it. Next to right there is the WiFi module that has the WiFi connectivity and control CPU in it.

Below then there are some discrete components and power supply (looks like switch mode power supply that supplied 5V 0.3A DC to electronics).

Now we can clearly see the wifi module type. It is HF-LPB100.

About HF-LPB100 Wi-Fi Module:

The HF-LPB100 is a fully self-contained small form-factor, single stream, 802.11b/g/n Wi-Fi module, which provides a wireless interface to any equipment with a Serial/SPI interface for data transfer. The HF-LPB100 integrates MAC, baseband processor, RF transceiver with power amplifier in hardware, all Wi-Fi protocol and configuration functionality and networking stack into embedded firmware.The HF-LPB100 is powered by a High-Flying MC101 MCU and supports UART, SPI, and PWM communication. The HF-LPB100 can operate in Infrastructure Station (STA) mode, Soft Access Point (AP) mode or AP+STA mode. The configuration of the device can be done with web page, via an AT+ instruction set or with the Smart Link Android/iOS app

So this is pretty typical Internet of Things (IoT) module that advertises small footprint, low cost, and rich feature set and also industrial temperature range. For more details on the module check the HF-LPB100 User Manual-V1.9, another user manual, evaluation kit and Quick Start Guide.

Looks good to this point. But how about security?

The security level is pretty low. Harry Sintonen from security company F-Secure announced at Disobey.fi hacker event the vulnerability of Uni-Elektra preparing remote-controlled socket: In Pwning the power sockets presentation it was shown that Silvercrest box to receive commands from the phone application, in addition to just as willingly also from any other device that sends the appropriate command. Pwning the Powersockets presentation I have seen live showed clearly that the security of SILVERCREST® Wi-Fi-Steckdose SWS A1 IoT power socket was pretty bad and it could be pretty easily hacked.

DSCF3703

DSCF3717

 

Security search engine Shodan has revealed a number of online outlets that would be likely to be obeyed any comands sent to them. If you use this kind of device, it should be only used on isolated WiFi network where you connect only the IoT outlets and device that controls them (you would need a sepearate WLAN base station for it). Or maybe

1 Comment

  1. Tomi Engdahl says:

    Disobey 2016 – Harry Sintonen – Pwning the Powersockets
    https://www.youtube.com/watch?v=6oh62GBkBuc

    Harry Sintonen presents results of his research into how (in)secure a certain IoT device is, and how it can be exploited.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*