“The mantra must be to ask: what’s the task that needs to be solved? And does the product perform it well?”
One of my friends pointed me in the direction of a new CVE listing, which is the database containing known exploits. One description immediately caught my eye: “ismartgate Pro 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors.”
Remote hack into a web-based controller when doing a firmware upgrade? Maybe. Sending a malformed request causing a buffer overrun? Yes, I could see that too. Sending a sound to a garage door? This had to be worth digging into.
You can check out the CVE listing yourself at pcpro.link/315cve, which includes a handy link direct to ismartgate.com. Looking at the site, it’s clear that this is a fully featured IoT-style garage door controller. It has bells, whistles and many more waveforms besides. Digging deeper reveals that, “ismartgate acts as its own server. In other words, all information is stored locally,” which certainly sounds like a good thing. Then, in red for added importance: “No data is stored in the cloud.”
It supports Apple HomeKit, Google Assistant, SmartThings, Alexa and IFTTT. So all those boxes are ticked appropriately. Going further down the features list we find “Your music in your garage! Define which song you want to play when coming home and which one when leaving home.”
Now I guess your reaction is probably the same as mine. Music to play when coming home isn’t exactly a top feature for me when choosing a garage door opener. But by Tina Turner every time you get out of your Porsche. Or some soothing birdsong if you have a Prius.
You’re reading a preview, subscribe to read more.
Start your free 30 days