PC & Tech Authority PC & Tech Authority Mobile
Friday July 28, 2017
Multiple vulnerabilities found in connected IoT home security device
by Rene Millman | Jul 17, 2017 | Comment Now
Popular IoT home security device could allow hackers to turn burglar alarms on and off and switch on siren, says researcher who dissected it.
Multiple vulnerabilities found in connected IoT home security device

Security researchers have discovered a number of vulnerabilities in an internet-enabled burglar alarm that could see the device being remotely switched off by an attacker.

According to a blog post, Ilia Shnaidman , head of security research at Bullguard, said that the discovery of multiple flaws in iSmartAlarm is another example of a poorly engineered device that offers attackers an easy target.

The device, said Shnaidman, has flaws that can lead to full device compromise. The cube-shaped iSmartAlarm provides a fully integrated alarm system with siren, smart cameras and locks. It functions like any alarm system but with the benefits of a connected device: alerts pop up on your phone, offering you full remote control via mobile app wherever you are

“An unauthenticated attacker can persistently compromise the iSmartAlarm by employing a number of different methods leading to full loss of functionality, integrity and reliability, depending on the actions taken by the attacker,” he said. “For example, an attacker can gain access to the entire iSmartAlarm customer base, its users' private data, its users' home address, alarm disarming and ‘welcome to my home sign'.”

He said that when switched on, the device communicates with its backend on tcp port 8443. However, the cube does not validate the authenticity of the SSL certificate presented by the server during the initial SSL handshake. “So after forging a self-signed certificate, I was able to see and control the traffic to and from the backend,” he said.

He said he wanted to see how the app and the cube communicate, and figure out if he could gain control over the alarm system remotely without the app. The iSmartAlarm app works in two modes. One option is when the cube and the app are on the same local network. The other mode is when they are on different networks. 

“While examining the first mode, I was able to sniff the encrypted traffic between the cube and the app on tcp port 12345,” he said. He added that because the cube and the app communicate directly over the LAN, he was able to stop the cube from running.

“While running a DoS attack on the cube, the legitimate user loses control over the alarm system, and he or she is not capable of operating it, neither remotely nor locally.”

He added that once an attacker infiltrates the home/business network and find such a device, they could fully compromise the device. “It is needless to list the potential damages of a compromised physical security system such as alarm system,” he added.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Please note that some HTML content may have been removed from this article to improve the viewing experience on mobile devices.


comments powered by Disqus
BIT | CRN | iTnews | IoT Hub | PC PowerPlay