Embedded Files
Response from SmartThings on Flaw 1 (Device ID disclosure)
Response from SmartThings on Flaw 1 (Device ID disclosure)
This is a screenshot of the confirmation by SmartThings for device ID disclosure. They acknowledged the problem we reported, thanked to our findings, deployed a fix and rewarded us $ 1000.
This is a screenshot of the confirmation by SmartThings for device ID disclosure. They acknowledged the problem we reported, thanked to our findings, deployed a fix and rewarded us $ 1000.
Response from SmartThings on Flaw 2 (Leaking secret of downstream delegatee cloud)
Response from SmartThings on Flaw 2 (Leaking secret of downstream delegatee cloud)
This is a screenshot of the confirmation by SmartThings for leaking IFTTT secret URL. They acknowledged the problem we reported, thanked to our findings and deployed a fix.
This is a screenshot of the confirmation by SmartThings for leaking IFTTT secret URL. They acknowledged the problem we reported, thanked to our findings and deployed a fix.
Response from SmartThings on Flaw 3 (Exposing hidden devices in the upstream cloud)
Response from SmartThings on Flaw 3 (Exposing hidden devices in the upstream cloud)
This is a screenshot of the confirmation by SmartThings for exposing hidden devices in the upstream LIFX cloud. They acknowledged the problem we reported, thanked to our findings, deployed a fix, and rewarded us $1,000 for our discovery.
This is a screenshot of the confirmation by SmartThings for exposing hidden devices in the upstream LIFX cloud. They acknowledged the problem we reported, thanked to our findings, deployed a fix, and rewarded us $1,000 for our discovery.
Response from Philips Hue on Flaw 5 (Abusing cross-cloud delegation API)
Response from Philips Hue on Flaw 5 (Abusing cross-cloud delegation API)
This is a screenshot of the confirmation by Philips Hue for incomplete revocation enforcement. They acknowledged the problem we reported, thanked to our findings and comfirmed that they will release the fix to our reported vulnerability in their upcoming update.
This is a screenshot of the confirmation by Philips Hue for incomplete revocation enforcement. They acknowledged the problem we reported, thanked to our findings and comfirmed that they will release the fix to our reported vulnerability in their upcoming update.
Page updated
Google Sites
Report abuse