Bugs in Logitech Harmony Hub Put Connected IoT Devices at 'High Risk' | Threatpost | The first stop for security news - IoTOnliner.com

Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’ | Threatpost | The first stop for security news

details

Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’ | Threatpost | The first stop for security news

Vulnerabilities found in the Logitech Harmony Hub can give adversaries root access to the device – allowing attackers to control other smart home devices linked to it, such as smart locks and connected surveillance cameras.

Researchers at FireEye’s Mandiant Red team identified four vulnerabilities in the Logitech Harmony Hub as improper certificate validation, an insecure update process, leaving developer debugger symbols behind in the production firmware and having a blank root user password.

“Exploitation of these vulnerabilities from the local network could allow an attacker to control the devices linked to the Hub as well as use the Hub as an execution space to attack other devices on the local network,” said Joel Hopwood, in a report about the vulnerabilities posted on Friday.

Hopwood said the flaws in the IoT device “present a very high risk to the users”; particularly those who rely on the hub for security such as smart locks, alarm systems and surveillance cameras.