Garrett Miller

About

Security engineer with an interest in zero-trust security architecture, trusted device access, and Identity & Access Management (IAM). Background in digital forensics, incident response, and offensive security.

Interests

• Embedded/Single-Board Computing
• Wireless/Mobile Security
• Penetration Testing
• Digital Forensics
• Photography

Research & CVEs

Security Vulnerabilities in IoT Devices (2018-2020)

• Security Vulnerabilities in Meross MSS110
  • CVE-2018-6401: Details - Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password.
  • CVE-2018-6402: Details - Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an “Evil Twin” attack.
  • CVE-2018-10544: Details - Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface.

Deauth Star: Attacking Wireless Surveillance Devices (2015-2016)

• A pair of vulnerabilities, which, when exploited, can lead to full compromise of a WPA2-PSK WLAN.

  • CVE-2016-5081: Details - ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session.
  • CVE-2016-5650: Details - ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID value.

Future Implications of GPU Acceleration on Present Cryptographic Standards (2010-2011)

• Undergraduate Thesis
  • Explored how then-novel GPU acceleration of cryptographic algorithms could impact current security and cryptographic standards.

Contact

• Email: garrettmiller at gmail dot com
• GitHub: github.com/garrettmiller