Home security systems should do what they say on the box: make your home more secure. But with the rise of connected smart homes, security systems can be more exposed than ever.
A flaw in the iSmartAlarm could let hackers bypass authentication to disable alarm systems, letting them break into people’s homes without a trace.
The flaw was spotted by Ilia Shnaidman, Head of Security Research for BullGuard’s Dojo. Dojo secures home internet connections by monitoring all traffic. The company attempted to alert iSmartAlarm to the flaw earlier this year, but the vulnerabilities were never patched.
The company makes door sensors, motion sensors, cameras, locks and base units that can all access the internet to connect with the app, which controls the system. But since it is exposed to the internet at large, that means anyone with knowledge of the flaws can now break in.
The hack takes advantage of five different vulnerabilities including issues with SSL certificate validation, authentication and access control. All these issues could be solved with a firmware update, but iSmartAlarm has yet to issue one.
Even if it is patched, users still have to update their firmware to ensure that they stay secure. With people often putting off updates for weeks at a time, this may be a harder task for iSmartAlarm than updating their code. But it’s a reminder to readers to check for updates to vital home security systems frequently.