The Samsung SmartThings Hub, a device used to control a wide range of smart home devices like door locks, security cameras, thermostats and more, was found to contain 20 software vulnerabilities, leaving smart homes open to attack.
The exploits were patched by a security update issued by Samsung on July 9, however the incident shines a light on how insecure software in smart home devices can lead to serious consequences.
- Which smart home hub is right for you? Everything you need to know
- Now even your robot vacuum cleaner can have its camera hacked
- Over two-thirds of is fear smart home and IoT devices will be hacked
- Samsung SmartThings Hub, 3rd Gen Review, an all-in-one smart home controller
Thankfully for Samsung, the vulnerabilities were discovered by researchers from Talos Intelligence, who alerted the company and gave it time to issue the software update before going public about its findings.
Talos explains in a blog post how scenarios made possible by the insecure software include:
- Smart locks controlled by the SmartThings Hub could be unlocked, allowing for physical access to the home.
- Cameras deployed within the home could be used to remotely monitor occupants.
- The motion detectors used by the home alarm system could be disabled.
- Smart plugs could be controlled to turn off or on different things that may be connected.
- Thermostats could be controlled by unauthorized attackers.
Attackers could cause physical damage to appliances or other devices that may be connected to smart plugs deployed within the smart home.
While Talos admits that "some of these [vulnerabilities] might be hard to exploit," when grouped together "they can be combined into a significant attack on the device."
The report, which addresses each of the 20 vulnerabilities in detail, explains how attackers would have needed to chain several vulnerabilities together in order to fully compromise a victim's smart home devices.
The company adds: "Given that these [smart home hubs and] devices can be deployed in many different scenarios, the impact of a successful attack against them could be severe," before reminding consumers of the importance of keeping device software up to date.
In a statement emailed to GearBrain, a Samsung spokesperson said: "Samsung takes security very seriously and our products and services are designed with security as a priority. We are aware of the security vulnerabilities for SmartThings Hub V2 and released a patch for automatic update to address the issue. All active SmartThings Hub V2 devices in the market are updated to-date."