Security News Logitech Patches Several Flaws in Harmony Hub

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
May 07, 2018
FireEye researchers have discovered several vulnerabilities in the Logitech Harmony Hub home control system. The vendor has released a firmware update that patches the flaws.

Logitech Harmony Hub allows users to control home entertainment and various other smart devices from an Android or iOS phone or tablet. Once initial pairing is done over Bluetooth, the Harmony app communicates with the Harmony hub using an HTTP-based API.
Researchers at FireEye have discovered several types of vulnerabilities that can be exploited by an attacker with access to the local network to take control of devices linked to the Hub and compromise other devices on the network.


The security firm believes the flaws could pose a serious risk considering that the Harmony Hub is used by some people to control smart locks and thermostats.

Experts discovered four types of vulnerabilities that can be combined to gain root access to a device via SSH.

One of the security holes is related to the presence of debugging details in the production firmware image. Another flaw is related to improper SSL certificate validation during firmware updates. The firmware update process itself has also been found to be insecure, allowing an attacker to deliver a malicious update to the device.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top