Multiple vulnerabilities discovered in smart home devices

2020-04-22 09:30

With the current heightened requirement for IoT security, we are releasing this compilation of older findings to further advise all owners of the affected devices to apply the latest updates to their devices to increase their security and reduce exposure to outside attacks.

"We found that security vulnerabilities in IoT devices are a prevalent issue. Our research also proves that flaws in settings, missing encryption or authentication are not exclusive to low-end cheap devices but are often present in high-end hardware too," says ESET Security and Awareness specialist Ondrej Kubovič.

One of the vulnerable devices was Fibaro Home Center Lite: a home automation controller, designed to control a wide variety of peripheral devices in a smart home.

The flaw had serious security implications, allowing attackers to gain full access to Homematic CCU2 devices and potentially also to connected peripheral devices via numerous shell commands misusing the RCE vulnerability.

The third vulnerable device was smart RF box eLAN-RF-003 designed as a central unit in a smart home, allowing the user to control a variety of home systems via an application installed on the customer's devices such as a smartphone, smartwatch, tablet or smart TV. Researchers tested the device together with two peripheral devices from the same manufacturer - wireless dimmable LED bulb and dimmable socket.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/9hEZbi60sN0/

#smart #vulnerabilities