Attacker within IR range can install arbitrary firmware over the air

Aleph Research Advisory

Identifier

CVE-2023-24503

Severity

High

Product

Electra Smart Kit for Split AC

Vulnerable Version

Electra Smart Kit for Split AC

Technical Details

An attacker located within the IR range of an AC unit utilizing the Electra Smart Kit can communicate with the unit and cause the unit to connect to a malicious WiFi.

The WiFi can be used to direct the unit to a malicous update server. The malicious update server can be used to return arbitrary firmware that will be flashed onto the device.

Timeline

12-Mar-23
: Public disclosure.
12-Mar-23
: CVE-2023-24503 assigned.
30-Oct-22
: Reported.

Posts

Why is it so hot here? Hacking Electra Smart air conditioners for fun and profit
By Lev Aronsky & Idan Strovinsky,
19-Jun 2023

Credit

Lev Aronsky (@levaronsky) of Aleph Research, HCL Technologies
Idan Strovinsky of Aleph Research, HCL Technologies