iSmartAlarm, inc.
iSmartAlarm cube - All
iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems.
It provides a fully integrated alarm system with siren, smart cameras and locks.
It functions like any alarm system, but with the benefits of a connected device: alerts pop up on your phone,
offering you full remote control via mobile app wherever you are.
Denial of Service
CVE-2017-7730
iSmartAlarm cube is vulnereable to Denial of Service attack.
Sending a SYN flood on port tcp/12345 will freeze the iSmartAlarm’s cube and it will stop responding.
The cube will stop operating and be frozen until the flood will stop.
During the flood, the user won’t be able to turn on/off the cube, and all of the cube’s functionality will be
unresponsive.
Sending a Syn flood on port 12345 inside the LAN will disable cube functionality.
PoC:
hping --flood -S -p 12345 <iSmartAlarm's cube ip>