Welcome to IoTForums.com Community
Register now to participate in discussions, ask questions and share your knowledge on internet of things and automation! Feel free to sign up today.
Register Now

Serious flaws found in multiple smart home hubs


Staff member
Dec 12, 2019
In worst-case scenarios, some vulnerabilities could even allow attackers to take control over the central units and all peripheral devices connected to them

ESET IoT Research has found numerous serious security vulnerabilities in three different home hubs – Fibaro Home Center Lite, Homematic Central Control Unit (CCU2) and eLAN-RF-003. These devices are used to monitor and control smart homes and other environments in thousands of households and companies across Europe and beyond. Potential consequences of these weaknesses include full access to the central and peripheral devices in these monitored systems, and to the sensitive data they contain, unauthenticated remote code execution, and Man-in-the-Middle (MitM) attacks. While these hubs are predominantly used in home and small office environments, they also open a potential attack vector for enterprises. This trend is even more worrisome as more employees are working from home these days.

We have reported our findings described in this blogpost to the respective manufacturers. Fibaro has proven to be extraordinarily cooperative, fixing most of the reported issues within days. eQ‑3 followed the standard disclosure procedure and patched its devices within the standard 90-day period. Elko has patched some of the reported vulnerabilities of their device within the standard 90-day period. Other issues may have been fixed in newer generations of the devices but remain in the older ones, with the vendor claiming hardware and compatibility limitations.

The issues described in this article have been reported to the vendors – who have then released patches for most of them – in 2018. The publication has been delayed due to our focus on research into other vulnerabilities that were still active. Nonetheless, with the current heightened requirement for IoT security, we are releasing this compilation of older findings to further advise all owners of the affected devices to apply the latest updates to their devices to increase their security and reduce exposure to outside attacks.

full research
Please, Log in or Register to view URLs content!

Log in

or Log in using