[gorgoiler]

I really enjoyed how the payloads are encrypted, but the implementation leaves time synchronization in plaintext. With the street lamps that work to a fixed schedule, all you have to do is reset the time between 12pm and 12am to turn them on and off (the “lamplighter” attack, in the talk.)

[happosai]

Listening to the talk, I don't think it was encrypted. They just said in early in the talk that it seemed encrypted due to high entropy. But later in the talk they decoded the payloads after they figured out the format.

But yeah, insecure time is a underrated attack vector.

[pantalaimon]

As I understood it, that's likely weather data from a 3rd party (Meteocast) that they encrypt to protect their IP/subscription.