CVE-2017-7726 - Missing SSL Certificate Validation in iSmartAlarm

- 1 min
[+] Credits: Ilia Shnaidman
[+] @0x496c on Twitter
[+] Source:
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
 
Vendor:
=============
iSmartAlarm, inc.
 
 
Product:
===========================
iSmartAlarm cube - All versions
 
iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems.
It provides a fully integrated alarm system with siren, smart cameras and locks.
It functions like any alarm system, but with the benefits of a connected device: alerts pop up on your phone,
offering you full remote control via mobile app wherever you are.
 
 
Vulnerability Type:
======================
Missing SSL Certificate Validation
 
 
CVE Reference:
==============
CVE-2017-7726
 
 
Security Issue:
================
iSmartAlarm’s cube communicates with iSmartAlarm’s backend using SSL encryption on port tcp/8443.
But the cube does not validate server certificate.
 
 
Attack Vectors:
================
An attacker can get any password/personal data by setting man
in the middle sniffer attack with a fake certificate on port 8443.
 
 
Network Access:
===============
Remote
 
 
Severity:
=========
High
 
 
Disclosure Timeline:
=====================================
Jan  30, 2017: Initial contact to vendor
Feb  1,  2017: Vendor replied, requesting details
Feb  2,  2017: Disclosure to vendor
Apr  12, 2017: After vendor didn't replied, I've approached CERT
Apr  13, 2017: Confirmed receipt by CERT and assigning CVEs
July 05, 2017: Public disclosure
Ilia Shnaidman

Ilia Shnaidman

rss facebook twitter github youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora