Responsible Disclosure: Firmware Vulnerabilities in iSmartAlarm CubeOne

As part of the final MSc project, one of our MSc students, Yee Ching Tok, supervised by Daniele Sangdurra, investigated the firmware of a popular smart home security device – the iSmartAlarm CubeOne. Two vulnerabilities (CVE-2017-13663 and CVE-2017-13664) were found and disclosed responsibly to the vendor. A detailed explanation of the vulnerabilities and of disclosure timeline is available here: https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/