As part of the final MSc project, one of our MSc students, Yee Ching Tok, supervised by Daniele Sangdurra, investigated the firmware of a popular smart home security device – the iSmartAlarm CubeOne. Two vulnerabilities (CVE-2017-13663 and CVE-2017-13664) were found and disclosed responsibly to the vendor. A detailed explanation of the vulnerabilities and of disclosure timeline is available here: https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/
Prof Konstantinos Markantonakis, Dr Raja Naeem Akram and Mr James Tapsell, worked successfully into the creation of a patent as a “Technique to record an event and its impact on the data during the lifetime of a data – specific to individual entities represented in the data.” The implementation helps in serving General Data Protection Regulation (GDPR) rights: Right to Access, Right to Forget, and Right to Rectification (with evidence).
RHUL has invested in further business analysis around the commercialisation opportunities of the technique developed at SCC. Furthermore, it has invested in building a commercial grade implementation of an MVP, in order to provide the stepping stone for commercialising the aforementioned patent.