Samsung SmartThings Vulnerability Allows Hackers Access Your Devices
Samsung SmartThings Vulnerability Allows Hackers Access Your Devices

Researchers have discovered a vulnerability in Samsung’s SmartThings platform that lets hackers to carry illegal activities via the malicious app. Samsung’s SmartThings witnessed second security flaw in six months.

Samsung SmartThings Vulnerability Allows Hackers Access Your Devices

Research team from University of Michigan and Microsoft Research have found vulnerability in Samsung’s SmartThings open platform which lets hacker to gain control over various devices under SmartThings like fire alarms, sensors, and door locks. Notably, the issue with app privileges could also let hacker to control devices remotely under SmartThings, it could also steal PIN for home’s door locks.

The company has released many updates for securing SmartThings users from the vulnerabilities reported by the researchers.

“Over the past several weeks, we have been working with this research team and have already implemented a number of updates to further protect against the potential vulnerabilities disclosed in the report. It is important to note that none of the vulnerabilities described have affected any of our customers thanks to the SmartApp approval processes that we have in place,” said Alex Hawkinson Founder and CEO, SmartThings.

You may have wondered that how could it affect the SmartThings users ? The answer is quite simple as we have mentioned below :

  1. The hacker can enter your home by unlocking the door while you are sleeping.
  2. The hacker can simultaneously set off your smoke alarm.

The vulnerabilities can prove to be fatal. The researchers also exploited the flaws in SmartThings framework and carried out attacks like stealing door lock pin codes, changing the lock code, activating a fake fire alarm and turning off vacation mode “all without requiring SmartApps to have capabilities to carry out these operations and without physical access to the home.”

The hackers apparently creates link to Samsung’s actual login page with the potential to steal the user’s login tokens. When the hacker successfully acquires token, he/she is able to create the new PIN for door lock’s, without any user interaction.

The researchers selected SmartThings due to its fame and as it supports many devices, it has more apps than any other smart home platform. Researchers in their research paper stated that examining SmartThings was tricky as “apps run on a proprietary cloud platform, and the framework protects communication among major components such as hubs, cloud back end and the smartphone companion app.”