Department of Information Security Systems hunting for vulnerabilities
NASK SCIENCE researchers are getting into your home!? Not really, of course, but they’re also concerned about your safety, examining smart home solutions hitting the market. One vulnerability of such a device was recently discovered by us and fixed by the producer.
Concerned for the security of users of Smart Home solutions, the Department of Information Security Systems is constantly monitoring and detecting threats emerging on the market.
The first vulnerability reported by Jan Adamski at the LaVA project, with ID CVE-2023-3612 (for more information on the vulnerability, click here: https://www.cve.org/cverecord?id=CVE-2023-3612), has been officially patched by the producer, resulting in security improvements.
The vulnerability was detected in the Govee Home application, dedicated to the brand’s devices. The vulnerability posed a significant threat to users, enabling potential attackers to launch credible phishing attacks. Not only were users’ data at risk, but also access to their devices. The criticality of the vulnerability was classified as high with a CVSS score of 8.2 on a 10-point scale, indicating the seriousness of the threat, which could affect the privacy and security of many users.
Detecting and quickly fixing this vulnerability is a key step in maintaining user confidence in IoT ecosystems.
Department of Information Security Systems remains active in monitoring security and taking preventive measures to protect users of IoT solutions. It has also published a database where you can find information about vulnerabilities in Internet of Things devices: https://www.variotdbs.pl/.
If you are interested in working on similar projects, take part in the recruitment.