A preferred Bosch sensible thermostat has been discovered to have a vulnerability that might permit potential attackers to ship instructions to the gadget and exchange its firmware, as reported by Bitdefender.
The vulnerability impacts the Wi-Fi microcontroller that serves as a community gateway for the thermostat’s logic microcontroller.
The affected Bosch sensible thermostat merchandise BCC101, BCC102, and BCC50, are from model 4.13.20 to v4.13.33. This vulnerability (CVE-2023-49722) has been given a ‘High’ severity rating.
Thermostat house owners have been suggested to replace their thermostats to v4.13.33 to repair the flaw.
Bitdefender first knowledgeable Bosch of the vulnerability on August 29, 2023. After being confirmed, Bosch deployed a repair in v4.13.33 in October 2023. The vulnerability was publicly disclosed on January 9, 2024.
How the Vulnerability Works
Researchers found that the STM chip in one of many thermostat’s microcontrollers depends on the WiFi chip within the different microcontroller to speak with the web. The WiFi chip additionally listens on TCP port 8899 on the LAN and can mirror any message acquired on that port on to the primary microcontroller. This implies that malicious instructions might be despatched to the thermostat, making it tough to tell apart from real ones despatched by the cloud server.
To start a malicious replace process, the researchers ship the ‘gadget/replace’ command on port 8899, informing the gadget of a brand new replace. The gadget then asks the cloud server for replace particulars, which can comprise an internet-accessible URL. The cloud will then carry out the improve as soon as it has acquired the file, inflicting the gadget to be completely compromised. The patch replace revealed by Bosch works by closing the port 8899.
Advice for IoT Device Owners
Bitdefender advises shoppers to arrange a devoted community for IoT units to isolate them as a lot as attainable from the native community, use free instruments to scan for linked units on the community, establish and spotlight susceptible ones, and to verify for newer firmware and replace units as quickly as the seller releases new variations.