Security researchers have discovered a number of vulnerabilities in an internet-enabled burglar alarm that could see the device being remotely switched off by an attacker.
According to a blog post, Ilia Shnaidman , head of security research at Bullguard, said that the discovery of multiple flaws in iSmartAlarm is another example of a poorly engineered device that offers attackers an easy target.
The device, said Shnaidman, has flaws that can lead to full device compromise. The cube-shaped iSmartAlarm provides a fully integrated alarm system with siren, smart cameras and locks. It functions like any alarm system but with the benefits of a connected device: alerts pop up on your phone, offering you full remote control via mobile app wherever you are
“An unauthenticated attacker can persistently compromise the iSmartAlarm by employing a number of different methods leading to full loss of functionality, integrity and reliability, depending on the actions taken by the attacker,” he said. “For example, an attacker can gain access to the entire iSmartAlarm customer base, its users’ private data, its users’ home address, alarm disarming and ‘welcome to my home sign’.”
He said that when switched on, the device communicates with its backend on tcp port 8443. However, the cube does not validate the authenticity of the SSL certificate presented by the server during the initial SSL handshake. “So after forging a self-signed certificate, I was able to see and control the traffic to and from the backend,” he said.
He said he wanted to see how the app and the cube communicate, and figure out if he could gain control over the alarm system remotely without the app. The iSmartAlarm app works in two modes. One option is when the cube and the app are on the same local network. The other mode is when they are on different networks.
“While examining the first mode, I was able to sniff the encrypted traffic between the cube and the app on tcp port 12345,” he said. He added that because the cube and the app communicate directly over the LAN, he was able to stop the cube from running.
“While running a DoS attack on the cube, the legitimate user loses control over the alarm system, and he or she is not capable of operating it, neither remotely nor locally.”
He added that once an attacker infiltrates the home/business network and find such a device, they could fully compromise the device. “It is needless to list the potential damages of a compromised physical security system such as alarm system,” he added.
This article originally appeared at scmagazineuk.com