20 Samsung SmartThings Hub vulnerabilities left smart home locks and cameras open to attack

Alistair Charlton
Jul. 27, 2018 05:30AM EST

The Samsung SmartThings Hub, a device used to control a wide range of smart home devices like door locks, security cameras, thermostats and more, was found to contain 20 software vulnerabilities, leaving smart homes open to attack.

The exploits were patched by a security update issued by Samsung on July 9, however the incident shines a light on how insecure software in smart home devices can lead to serious consequences.

Read More:

Norton Core Secure Wi-Fi Router, Smart security for network and IoT devices, Protect against hackers and viruses, Parental controls, Replaces wireless router, One-year of Norton Security included
List Price: $199.99
New From: $179.99in Stock

Thankfully for Samsung, the vulnerabilities were discovered by researchers from Talos Intelligence, who alerted the company and gave it time to issue the software update before going public about its findings.

Talos explains in a blog post how scenarios made possible by the insecure software include:

  • Smart locks controlled by the SmartThings Hub could be unlocked, allowing for physical access to the home.
  • Cameras deployed within the home could be used to remotely monitor occupants.
  • The motion detectors used by the home alarm system could be disabled.
  • Smart plugs could be controlled to turn off or on different things that may be connected.
  • Thermostats could be controlled by unauthorized attackers.

Attackers could cause physical damage to appliances or other devices that may be connected to smart plugs deployed within the smart home.

The SmartThings Hub controls a wide range of smart home devicesSamsung

While Talos admits that "some of these [vulnerabilities] might be hard to exploit," when grouped together "they can be combined into a significant attack on the device."

The report, which addresses each of the 20 vulnerabilities in detail, explains how attackers would have needed to chain several vulnerabilities together in order to fully compromise a victim's smart home devices.

The company adds: "Given that these [smart home hubs and] devices can be deployed in many different scenarios, the impact of a successful attack against them could be severe," before reminding consumers of the importance of keeping device software up to date.

In a statement emailed to GearBrain, a Samsung spokesperson said: "Samsung takes security very seriously and our products and services are designed with security as a priority. We are aware of the security vulnerabilities for SmartThings Hub V2 and released a patch for automatic update to address the issue. All active SmartThings Hub V2 devices in the market are updated to-date."

This is not the first time the SmartThings Hub has come under fire from the cybersecurity community. In May 2016, researchers from the University of Michigan uncovered multiple design flaws which could let a hacker unlock a smart home's doors, change access codes and set off smoke alarms, among other things. As with the latest news, security patches were issued before the report was made public, in a bid to keep consumers safe. Check out The GearBrain, our smart home compatibility checker to see the other compatible products that work with Samsung SmartThings
Dojo Smart internet security and privacy solution for your Wi-Fi network - Safe from hacks, cyberattacks and privacy breaches, 1 year subscription included
List Price: $128.49
New From: $128.48in Stock
Related Articles Around the Web