[+] Credits: Ilia Shnaidman
[+] @0x496c on Twitter
iSmartAlarm cube - All versions
iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems.
It provides a fully integrated alarm system with siren, smart cameras and locks.
It functions like any alarm system, but with the benefits of a connected device: alerts pop up on your phone,
offering you full remote control via mobile app wherever you are.
Missing SSL Certificate Validation
iSmartAlarm’s cube communicates with iSmartAlarm’s backend using SSL encryption on port tcp/8443.
But the cube does not validate server certificate.
An attacker can get any password/personal data by setting man
in the middle sniffer attack with a fake certificate on port 8443.
Jan 30, 2017: Initial contact to vendor
Feb 1, 2017: Vendor replied, requesting details
Feb 2, 2017: Disclosure to vendor
Apr 12, 2017: After vendor didn't replied, I've approached CERT
Apr 13, 2017: Confirmed receipt by CERT and assigning CVEs
July 05, 2017: Public disclosure