Pwning Smart Weighing Machines wt API & Hardware Hacking - Eugene Lim
Nullcon Goa 2025 · Main Stage
In this compelling talk, Eugene Lim, known online as "space raccoon," delves into the fascinating world of hacking smart weighing machines. What began as a casual observation in a hotel gym—the surprising realization that a weighing machine could connect to the internet—spiraled into an in-depth investigation that uncovered critical vulnerabilities affecting millions of smart health devices globally. Lim's presentation serves as both a case study in cross-disciplinary security research and a guide for software and web hackers looking to venture into hardware hacking.
AI review
Competent cross-disciplinary IoT research with two real findings — an SQL injection enabling MAC-based auth bypass across 200K OEM devices and a business logic flaw enabling account takeover at million-device scale in Withings. Solid execution, clear methodology, good use of FCC OSINT, but none of the individual techniques are novel and the hardware angle is shallower than the framing suggests.