1 min read

Vulnerabilities identified in the Abode IOTA security system: Fake image injection into timeline

Bitdefender

December 20, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Vulnerabilities identified in the
Abode IOTA security system:
Fake image injection
into timeline

Connected security devices play an important role in the ecosystem of the modern home. They help residents keep an eye on who’s on or near the premises, track temperature and humidity and, in general, monitor what’s going on at home when they’re not around. As these devices are packed with digital “eyes” and other sensors, vulnerabilities and logic flaws can leave them under the control of cybercriminals and turn them into espionage tools.

Our research on the Abode iota All-In-One Security Kit revealed several vulnerabilities that allow an attacker to upload fake images into the timeline or to remotely execute malicious code on the device to hijack it.

Vulnerabilities at a glance

  • Hardcoded credentials for hidden management console
  • Local command injection in the management console, tracked as CVE-2020-8105
  • Arbitrary image/video upload to any device’s timeline
  • Geographical coordinates of the camera leaking out

Mitigation

Home users should keep a close eye on IoT devices and isolate them as much as possible from the local or guest network. This can be done by setting up a dedicated SSID exclusively for IoT devices.

Additionally, IoT users can use the free Bitdefender Smart Home Scanner app to scan for connected devices, identify and highlight vulnerable ones. IoT device owners should also make sure that they check for newer firmware and update devices as soon as the vendor releases new versions.

To minimize risks of compromise, smart home users should consider the adoption of a network cybersecurity solution integrated into the router, such as the NETGEAR Orbi or Nighthawk routers powered by Bitdefender Armor.

Download the whitepaper

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Vulnerabilities identified in the
Abode IOTA security system:
Fake image injection
into timeline Vulnerabilities identified in the Abode IOTA security system: Fake image injection into timeline
Bitdefender

December 20, 2021

1 min read
Cracking the Victure PC420 Camera and IPC360 Platform - RCE, Unauthorized Streaming and More Cracking the Victure PC420 Camera and IPC360 Platform - RCE, Unauthorized Streaming and More
Bitdefender

August 30, 2021

1 min read