Yale is quite a trusted company over here in the UK however from the article "Other software in this same category includes (but is not limited to): Honeywell EvoHome, Heat Genius, Nest learning thermostat, Hive Active Heating from British Gas, Tado and Netatmo Thermostat for Smartphone."
Adrian BridgwaterNovember 30, 2015http://media.scmagazineuk.com/images/2015/11/30/yalehomesystem_875482.jpg?format.jpg&zoom=1&quality=70&anchor=middlecenter&width=320&mode=pad
Yale home automation app The development of smart home technologies has not come without its vulnerabilities, it appears.
Penetration testing and vulnerability assessment firm MWR InfoSecurity has issued an advisory detailing a vulnerability it has discovered in the Yale Home System (Europe) Android application. The app itself acts as remote smartphone-based software to control the Yale Easy Fit SmartPhone alarm system with arm and disarm tasks as well as a camera function.
A vulnerability was discovered that could allow an attacker to perform a man-in-the-middle attack, bypassing the software's protection layer and executing arbitrary commands on the Android device with the permissions of the home system app. The Yale Home System Android application is based upon a Webview – a feature of Android that allows applications to display HTML content within their apps.
Full Article
Internet of malicious things: Yale home automation vulnerable
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.