Responsible Disclosure: Firmware Vulnerabilities in iSmartAlarm CubeOne

As part of the final MSc project, one of our MSc students, Yee Ching Tok, supervised by Daniele Sangdurra, investigated the firmware of a popular smart home security device – the iSmartAlarm CubeOne. Two vulnerabilities (CVE-2017-13663 and CVE-2017-13664) were found and disclosed responsibly to the vendor. A detailed explanation of the vulnerabilities and of disclosure timeline is available here:

Leave a Reply

Your email address will not be published. Required fields are marked *