Improper Certificate Validation in Bosch Smart Home System App for iOS
- Advisory ID: BOSCH-SA-347336
- CVE Numbers and CVSS v3.1 Scores:
- Published: 25 Aug 2020
- Last Updated: 25 Aug 2020
A recently discovered security vulnerability affects the Bosch Smart Home System App for iOS. Both Bosch Smart Home Camera Apps as well as the Bosch Smart Home System App for Android are not affected. It potentially allows to intercept video contents by performing a man-in-the-middle attack. Since only connections to Bosch's video backend are potentially affected, this vulnerability applies only to customers that have paired a Bosch camera to their Bosch Smart Home Controller (SHC). Bosch Smart Home rates this vulnerability with a CVSS v3.1 base score of 6.8 (medium) and recommends customers to upgrade the app to updated versions.
As of 2020-07-22, updated app versions are available and offered to all customers via the Apple app store.
As of 2020-08-12, there is currently no indication that the vulnerability has been utilized.
The vulnerability was discovered during one of the regular internal security tests.
- Bosch Smart Home < 9.17.1 on: iOS
Solution and Mitigations
The recommended approach is to update the app to a fixed version, that is, 9.17.1 or higher. Updated apps are available and offered to all customers via the Apple app store.
No User Interaction
Since the vulnerability only affects customers that have paired a Bosch camera to the SHC and requires user interaction, customers may simply not use the camera functionality in the app or remove the camera from the SHC.
This vulnerability is classified as ‘improper certificate validation’, located in the TLS client setup for connections to the Bosch camera backend systems. It is accordingly ranked as “CWE-295: Improper Certificate Validation”. The fix ensures proper certificate validation. The vulnerability can be used to retrieve or modify information exchanged between the Bosch Smart Home System App for iOS and the Bosch camera backend systems, for instance video clips, video preview thumbnails, or video live streams. A necessary prerequisite for this attack is a position in the network path between the app and the backend that allows a man-in-the-middle scenario.
CVE description: Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.
- Problem Type:
CVSS Vector String:
- Base Score: 6.8 (Medium)
Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: firstname.lastname@example.org .
- 25 Aug 2020: Initial Publication