iSmartAlarm

Ilia Shnaidman, a researcher for Dojo by BullGuard, reported five vulnerabilities in the firmware of iSmartAlarm and iSmartAlarm cube products, a smart home security system. Successful exploitation of CVE-2017-7726CVE-2017-7727CVE-2017-7728,CVE-2017-7729, and CVE-2017-7730 could allow a threat actor to bypass authentication, take over devices, and disable alarm systems, leaving homes exposed to burglaries. The researcher reported the vulnerabilities to iSmartAlarm in February and disclosed them publicly on July 5, 2017. The NJCCIC recommends owners and operators of vulnerable iSmartAlarm devices review Ilia Shnaidman’s report, consider discontinuing the use of any affected devices, andapply iSmartAlarm firmware updates as soon as they are released.