Hacking Lab
Smart thermostat vulnerabilities
Evaluating the vulnerabilities of thermostat devices, Adam Lindberg recently completed his master's thesis at KTH while participating in the vulnerability research program at NSE Hacking Lab. Leading to the discovery of multiple security vulnerabilities. These include CVE-2023-42143, involving manipulated firmware updates via Man-in-the-Middle attacks; CVE-2023-46892, allowing unauthorized function execution through replaying radio signals; CVE-2023-46889, decrypting protected Wi-Fi router passwords; and CVE-2023-42144, sniffing Wi-Fi router credentials during device setup.
- CVE-2023-42143 - Updating the device with a manipulated firmware through MitM
- CVE-2023-46892 - Unauthorized function execution through replaying radio signals
- CVE-2023-46889 - Decrypting the protected Wi-Fi router password
- CVE-2023-42144 - Sniffing Wi-Fi router credentials during device setup
Reserach by Adam Lindberg , Emre Süren and Pontus Johnson