A security researcher discovered vulnerabilities in an automation system for smart homes and buildings that allowed taking over accounts belonging to other users and control associated devices. Barak Sternberg shows how some weak spots in the HDL automation system could have been leveraged by attackers to fully compromise it. An attacker could register the email address for the debug username to receive the instructions for changing the password. Once the procedure completes, the attacker can control the components (lights, temperature, cameras, various sensors) in the automated environment as well as configure them.
Source: https://www.bleepingcomputer.com/news/security/bugs-in-hdl-automation-expose-iot-devices-to-remote-hijacking/