Security News > 2020 > August > HDL Smart Devices in Homes and Buildings Exposed to Hacker Attacks

Vulnerabilities in HDL Automation smart products could be abused to take over user accounts and remotely control devices deployed in homes, commercial buildings or hotels, SentinelOne reports.

The issues, SentinelOne researcher Barak Sternberg explained at the DEF CON conference last week, were identified in an HDL automation system that allows users to control various smart devices within residential, commercial and hospitality environments.

In addition to relay modules, the HDL system includes an IP-Serial Adapter and a core-server, and is accompanied by HDL BusPro, a desktop application for configuration purposes, and HDL On, an Android app for controlling the smart devices and for additional options.

If the debug email address does not exist, the attacker can register it and then use the forgot password feature to receive the password reset URL. The attacker can abuse the technique to take over the debug account, which provides them with control of all smart devices and configurations inside the targeted home or building.

By hacking a remote server used for configuring office, home or airport smart devices, an attacker could cause serious harm by extracting internal secrets and network configuration, emails and company names, and by gaining control of the smart devices, such as cameras and sensors.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/CCP0WWTLNmM/hdl-smart-devices-homes-and-buildings-exposed-hacker-attacks