- Jul 22, 2014
- 2,525
The maker of a smart home security system has failed to patch five security issues in the firmware of his product. These flaws allow an attacker to bypass authentication, take over devices, and disable alarm systems, leaving homes exposed to burglaries.
The researcher who discovered these issues is Ilia Shnaidman, Head of Security Research for BullGuard's Dojo, a home appliance for securing local IoT devices.
The researcher says he found these flaws in iSmartAlarm, a DIY home alarm system that users can assemble from different components such as security cameras, door sensors, motion sensors, smart locks, and a central unit called iSmartAlarm Cube.
Vendor has not issued patches
Shnaidman says he reached out to iSmart, the company behind the product, earlier in the year, in January. iSmart acknowledged his initial email, requested more details about the vulnerabilities but did not reply afterward.
Attempts to contact the vendor through US CERT were also unsuccessful, and the researcher eventually decided to go public with his findings so iSmartAlarm owners could replace their alarm systems in case they use them to protect valuable property.
At the time of writing, iSmart has not issued firmware updates to patch the five flaws discovered by Shnaidman.
Researcher found five vulnerabilities
....
The researcher who discovered these issues is Ilia Shnaidman, Head of Security Research for BullGuard's Dojo, a home appliance for securing local IoT devices.
The researcher says he found these flaws in iSmartAlarm, a DIY home alarm system that users can assemble from different components such as security cameras, door sensors, motion sensors, smart locks, and a central unit called iSmartAlarm Cube.
Vendor has not issued patches
Shnaidman says he reached out to iSmart, the company behind the product, earlier in the year, in January. iSmart acknowledged his initial email, requested more details about the vulnerabilities but did not reply afterward.
Attempts to contact the vendor through US CERT were also unsuccessful, and the researcher eventually decided to go public with his findings so iSmartAlarm owners could replace their alarm systems in case they use them to protect valuable property.
At the time of writing, iSmart has not issued firmware updates to patch the five flaws discovered by Shnaidman.
Researcher found five vulnerabilities
....