Remote Denial of Service of ecobee3 lite
A threat actor sharing the same network as the Ecobee3 can craft a malicious HTTP request which will cause the device to crash and reboot.
The Wireless Access Configuration (WAC) server used to connect the ecobee3 device to the WiFi networking using an Apple device crashes when a specially crafted web request is received.
A threat actor can send a POST request to the endpoint http://<thermostat_ip>:1200/config and omit the 'Content-Type' header which causes the 'HKProcessConfig==>memcpy' function to read from the address space 0x00000000 causing the main application (idtm) to crash. Once a crash has occurred the 'watchdog' will cause the device to reset.