Select Page

Back to all Advisories

ecobee3 lite Unencrypted Data Storage – Level Nine Group

Unranked
Advisory ID:
L9-15-159
First Published:
June, 28th, 2021
Last Updated:
January, 22nd, 2024
Version:
4.5.81.200
Category:
Unencrypted Data Storage
Vendor:
ecobee
Product:
ecobee3 lite

Risk Summary

The ecobee3 lite device does not use encryption on the NAND flash storage. The device firmware as well as user information is stored on the flash chip. A threat actor with physical access to the ecobee3 lite device can extract sensitive data from the flash storage by removing the NAND flash chip and connecting directly to the flash chip using the parallel flash reader.

With a copy of the device firmware, a threat actor can perform offline analysis to identify vulnerabilities in the device, including recovering the root password.

Technical Details

The research team demonstrated that device storage was unencrypted by desoldering and connecting directly to the NAND chip using an parallel flash reader.

ecobee3 lite hardware

ecobee3 lite hardware

Reballing flash

Reballing flash

The assessment team was able to recover the content of the device. Using the recovered information the assessment team was able to extract root passwords/pins used to access the serial console on the device.

Root password extraction

Root password extraction