Hacking Lab

Smart thermostat vulnerabilities

Evaluating the vulnerabilities of thermostat devices, Adam Lindberg recently completed his master's thesis at KTH while participating in the vulnerability research program at NSE Hacking Lab. Leading to the discovery of multiple security vulnerabilities. These include CVE-2023-42143, involving manipulated firmware updates via Man-in-the-Middle attacks; CVE-2023-46892, allowing unauthorized function execution through replaying radio signals; CVE-2023-46889, decrypting protected Wi-Fi router passwords; and CVE-2023-42144, sniffing Wi-Fi router credentials during device setup.

CVE-2023-42143 - Updating the device with a manipulated firmware through MitM
CVE-2023-46892 - Unauthorized function execution through replaying radio signals
CVE-2023-46889 - Decrypting the protected Wi-Fi router password
CVE-2023-42144 - Sniffing Wi-Fi router credentials during device setup

Reserach by Adam Lindberg , Emre Süren and Pontus Johnson

Hacking Lab

Smart thermostat vulnerabilities

Cybercampus Sverige

Contact

Social media

Cyber Defence and Security