{"id":7639,"date":"2017-05-14T14:19:51","date_gmt":"2017-05-14T22:19:51","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/14\/news-1424\/"},"modified":"2017-05-14T14:19:51","modified_gmt":"2017-05-14T22:19:51","slug":"news-1424","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/05\/14\/news-1424\/","title":{"rendered":"SSD Advisory \u2013 Xiaomi Air Purifier 2 Firmware Update Process Vulnerability"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Sun, 14 May 2017 13:06:52 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3205\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><\/p>\n<p><script>var obj = jQuery('#a-href-3205');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script>  \t\t<\/p>\n<p><strong>Vulnerability Summary<\/strong><br \/> The following advisory describes an Firmware Update Process Vulnerability found in Xiaomi Air Purifier 2.<\/p>\n<p><a href=\"http:\/\/www.mi.com\/en\/air\/\" target=\"_blank\">Mi Air Purifier<\/a> is a High performance smart air purifier (IoT) that can be controlled remotely. <\/p>\n<p>According to the manufacture (Xiaomi) &#8220;Monitor your home air quality in real time from absolutely anywhere when you sync with the Mi Home app on your phone. Control Mi Air Purifier remotely and watch how air is being purified. The app even displays outside air quality and tells you when it&#8217;s safe to switch Mi off and open your windows.&#8221;<\/p>\n<p>Xiaomi Air Purifier 2, version 1.2.4_59, does not use a secure connection for its firmware update process. The update process is in plain-text HTTP.<\/p>\n<p>A potential attacker can exploit the firmware update process to:<\/p>\n<ul>\n<li>Obtaining the firmware binary for analysis to conduct other attacks<\/li>\n<li>Enables inject modified firmware<\/li>\n<\/ul>\n<p><strong>Credit<\/strong><br \/> An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n<p><strong>Vendor response<\/strong><br \/> We reported the vulnerability to Xiaomi and they informed us that: &#8220;Because of Xiaomi Air Purifier initial design features,there is not enough storage is available to use HTTPS. So this will not be fixed for the time being but it will be fixed in the later versions.&#8221;<\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3205\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Sun, 14 May 2017 13:06:52 +0000<\/strong><\/p>\n<p>Vulnerability Summary The following advisory describes an Firmware Update Process Vulnerability found in Xiaomi Air Purifier 2. Mi Air Purifier is a High performance smart air purifier (IoT) that can be controlled remotely. According to the manufacture (Xiaomi) &#8220;Monitor your home air quality in real time from absolutely anywhere when you sync with the Mi &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3205\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 Xiaomi Air Purifier 2 Firmware Update Process Vulnerability<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[12270,10757],"class_list":["post-7639","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-man-in-the-middle","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7639","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7639"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7639\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7639"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7639"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7639"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}