A team of researchers at security specialist Bullguard has identified a range of serious flaws in a connected burglar alarm.
Security researchers at the company found vulnerabilities that could allow hackers to access and penetrate iSmartAlarm devices and control a number of functions, including turning the alarms on and off and activating their sirens.
These vulnerabilities mean that tech-savvy burglars could hack into alarms and turn them off before targeting those homes. Worse still, they’d likely get away with the crime.
Basic security lacking
Ilia Shnaidman, Bullguard’s head of security research, led the study of iSmartAlarm’s vulnerabilities and details his findings in a blog post on the company’s website.
He said that the flaws found in the iSmartAlarm device further prove that many connected devices are poorly engineered and easy targets for cyber criminals.
A hacker, according to Schnaidman, would be able to have full control of the device and all its features thanks to these flaws. Functions include a siren, smart cameras and locks.
It’s one of the new breed of alarm devices coming onto the market, giving users the ability to check on their homes and assets via a mobile app.
“Once an attacker infiltrates the home/business network and finds such a device, they could fully compromise the device. It is needless to list the potential damages of a compromised physical security system such as alarm system,” he writes.
Read more: Bullguard CEO: “A safer smart home shouldn’t be complicated.”
Compromised customer data
More worrying still, the researchers found that hackers could get access to iSmartAlarm customer data, including users’ names and addresses, “creating a perfect scenario for cyber-assisted crime,” writes Shnaidman.
Demonstrating the seriousness of the security flaws here, Schnaidman explains how the device communicates with its back-end on tcp port 8443.
While that’s pretty technical, this basically means the iSmartAlarm Cube doesn’t check if the SSL certificate from the server is authentic. “The Cube does not validate the authenticity of the SSL certificate presented by the server during the initial SSL handshake. So after forging a self-signed certificate, I was able to see and control the traffic to and from the backend,” Shnaidman writes.
During his research project, he aimed to find out how the mobile app and Cube communicate with each other, in a bid to find ways to control the alarm remotely without using the app. There are two modes: the first option is when the Cube and app are functioning on the same network, while the other is when they operate on separate ones.
“While examining the first mode, I was able to sniff the encrypted traffic between the cube and the app on tcp port 12345,” he wrote in the blog post.
When the Cube and app communicate directly over a LAN, Shnaidman found he could cause even more damage to the cube and stop it running completely.
“While running a DoS attack on the cube, the legitimate user loses control over the alarm system, and he or she is not capable of operating it, neither remotely nor locally,” he added.
Read more: BullGuard Dojo: Bow to your IoT sensei
Keeping users safe?
Like any responsible ‘white hat’ hacker, Shnaidman contacted iSmartAlarm about the vulnerabilities back in January, and the company responded, requesting details. However, once these had been provided, Shnaidman received no further response from iSmartAlarm and thus made his findings known to CERT, the US Computer Emergency Readiness Team in the Department of Homeland Security. This is the body that issues disclosed flaws with a CVE [common vulnerabilities and exposures] identification code. In this case, five separate CVEs were issued.
Liviu Arsene, a senior e-threat analyst from Bitdefender, told Internet of Business that many connected devices lack the basic security functionalities needed to keep users safe.
“Security researchers have often found IoT devices lacking even basic security features making them not just vulnerable, but sometimes even impossible to patch,” he said.
“Considering that all these devices are usually connected to the same primary home network Wi-Fi, an attacker could use these vulnerable IoTs as a gateway to breach other home network devices, such as laptops, computers and even your router.”