Security News > 2020 > August > HDL Smart Devices in Homes and Buildings Exposed to Hacker Attacks
Vulnerabilities in HDL Automation smart products could be abused to take over user accounts and remotely control devices deployed in homes, commercial buildings or hotels, SentinelOne reports.
The issues, SentinelOne researcher Barak Sternberg explained at the DEF CON conference last week, were identified in an HDL automation system that allows users to control various smart devices within residential, commercial and hospitality environments.
In addition to relay modules, the HDL system includes an IP-Serial Adapter and a core-server, and is accompanied by HDL BusPro, a desktop application for configuration purposes, and HDL On, an Android app for controlling the smart devices and for additional options.
If the debug email address does not exist, the attacker can register it and then use the forgot password feature to receive the password reset URL. The attacker can abuse the technique to take over the debug account, which provides them with control of all smart devices and configurations inside the targeted home or building.
By hacking a remote server used for configuring office, home or airport smart devices, an attacker could cause serious harm by extracting internal secrets and network configuration, emails and company names, and by gaining control of the smart devices, such as cameras and sensors.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)