Abusing the Internet of Things

(Rick Simeone) #1

FIGURE 4-14. Email from SmartThings advising users of maintenance schedule


SmartThings SSL Certificate Validation Vulnerability


In March 2015, a report titled “SmartThings SSL Certificate Validation Vulnerability” exposed
a critical issue relating to the SmartThings Hub:


The communications between the SmartThings Hub and the SmartThings backend servers is
encrypted with SSL. However, the SSL client implementation in use does not validate the authen-
ticity of the SSL certificate presented by the server during the initial handshake. An attacker with
the ability to monitor and intercept traffic can present a “forged” SSL certificate to the Hub claim-
ing to be a legitimate backend server, which the Hub will accept as genuine. This makes it possible
to perform a “man-in-the-middle” attack, whereby an attacker relays communications between cli-
ent and server without their knowledge. In this scenario, the communications are available to the
attacker in an unencrypted form and may be modified or disrupted, effectively defeating the protec-
tions offered by SSL encryption.
Secure and authenticated communications are vital to a platform such as SmartThings, which
may be used as part of a home security system. As an example, the Hub transmits a data packet
when a SmartSense Open/Closed Sensor opens. By simply not relaying this data packet, an
attacker can prevent notification of this event from ever reaching the SmartThings backend servers,
which in turn prevents notification being delivered to the end user.

SMARTTHINGS 105
Free download pdf