Cybersecurity

High-Severity Vulnerability Unveiled in Bosch Smart Thermostats: A Deep Dive

By: Wojciech Zylm
Published: January 13, 2024 at 2:49 am EST
High-Severity Vulnerability Unveiled in Bosch Smart Thermostats: A Deep Dive

A high-severity vulnerability, recognized as CVE-2023-49722, has been identified in select models of Bosch smart thermostats — specifically the BCC101, BCC102, and BCC50 — within firmware versions 4.13.20 to 4.13.33. The vulnerability, nestled in the Wi-Fi microcontroller offering network connectivity for the thermostat’s logic microcontroller, creates a loophole for cybercriminals to send malicious commands or replace the device’s firmware, thereby compromising the thermostat.

The Vulnerability Unveiled

The flaw in question arises from the interaction between the two microcontrollers within the device. The Wi-Fi chip listens on TCP port 8899 and relays any received message directly to the main microcontroller without validation. This laxity allows attackers to send deceptive commands that mimic those from the cloud server, leading to potential compromise of the thermostat.

Exploitation and Mitigation

Researchers from Bitdefender demonstrated a method for initiating a malicious firmware update. They achieved this by sending a ‘device/update’ command and providing a spoofed response with update details that the thermostat would accept. Consequently, the thermostat would download and apply the compromised firmware from an attacker-controlled URL.

Bosch’s Response

In response to the vulnerability, Bosch has released a patch that shuts the vulnerable TCP port. The company has urged users to update their thermostats to the latest firmware version, v4.13.33, to attenuate the risk of exploitation. This vulnerability was initially reported to Bosch on August 29, 2023, and the patch was released in October 2023. The public was made aware of the vulnerability on January 9, 2024.

Cybersecurity Germany
Wojciech Zylm

Hailing from Warsaw, Wojciech Zylm is a devoted correspondent with a keen interest in communicating vital global news. Since 2018, he has consistently furthered his journalistic talents, keeping his finger on the pulse of current affairs and political happenings. Infusing facts with compelling narratives, Wojciech provides extensive reports on a myriad of subjects, spanning politics, culture, and technology, ensuring his audience stays abreast and interested. His extraordinary abilities and dedication to his profession solidify his position as a crucial asset in the realm of international journalism.

