Vulnerabilities in Logitech Harmony Hub Giving Adversaries Root Access to the Device

Researchers at FireEye's Mandiant Red team recently detected four vulnerabilities in the Logitech Harmony Hub as improper certificate validation, an unreliable update process, leaving developer debugger symbols and images in the production firmware and having a blank root user password.
These vulnerabilities are found to give the oppugners root access to the device– enabling attackers to control other smart home devices connected to it, for instance, smart locks and connected surveillance cameras.

Joel Hopwood, in a report about the vulnerabilities posted on Friday said that the exploitation of these vulnerabilities from the local system could enable an aggressor to control the devices connected to the Hub and in addition utilize it as an execution space to attack various other devices on the local network.

Fire Eye analysts revealed the vulnerabilities to Logitech in January 2018. Logitech discharged a firmware update (4.15.96), April 10, to address the discoveries made and public disclosure was on May 4.

Researchers first found that the Harmony Hub disregards invalid SSL declarations and certifications by testing out using their own particular self-signed certificate to block the HTTPS traffic sent by the Harmony Hub.

 “The Harmony Hub sends its current firmware version to a Logitech server to determine if an update is available. If an update is available, the Logitech server sends a response containing a URL for the new firmware version. Despite using a self-signed certificate to intercept the HTTPS traffic sent by the Harmony Hub, we were able to observe this process – demonstrating that the Harmony Hub ignores invalid SSL certificates,” the researchers wrote.

They were additionally ready to confirm that the root password of the IoT device was blank which thusly assumed a major part in granting them complete control over the device after they additionally looked more about firmware of the Hub's SquashFS file system.

It was a direct result of these two vulnerabilities that Hopwood later said made it quite easy for him to hijack the Harmony Hub by means of its update procedure.

 “Since we were able to previously observe what a real update process looked like, we could just simulate a false update to tell the Hub it has an update and tell it where to download the update from,” Hopwood told Threatpost. “Then we would download that resource onto the Hub with our own controlled web server that had a malicious update posted on it.”

Logitech's Harmony Hub is one of numerous unreliable and insecure IoT devices – from smart thermostats to connected surveillance cameras. Smart hubs, specifically, extend the potential attack vector since they go about as a hub for different associated devices across the home.
What's more, because of the way that the Harmony Hub, in the same way as other IoT gadgets, utilizes a typical processor design, malevolent devices could without much of a stretch be added to a compromised Harmony Hub, expanding the general effect of a targeted attack, Hopwood later included in his post Fire Eye’s Official website.

Category: / /

Share this with Your friends: