Cybersecurity researchers discovered 20 ways to exploit the smart home hub
The Samsung SmartThings Hub, a device used to control a wide range of smart home devices like door locks, security cameras, thermostats and more, was found to contain 20 software vulnerabilities, leaving smart homes open to attack.
The exploits were patched by a security update issued by Samsung on July 9, however the incident shines a light on how insecure software in smart home devices can lead to serious consequences.
Thankfully for Samsung, the vulnerabilities were discovered by researchers from Talos Intelligence, who alerted the company and gave it time to issue the software update before going public about its findings.
Talos explains in a blog post how scenarios made possible by the insecure software include:
Attackers could cause physical damage to appliances or other devices that may be connected to smart plugs deployed within the smart home.
While Talos admits that "some of these [vulnerabilities] might be hard to exploit," when grouped together "they can be combined into a significant attack on the device."
The report, which addresses each of the 20 vulnerabilities in detail, explains how attackers would have needed to chain several vulnerabilities together in order to fully compromise a victim's smart home devices.
The company adds: "Given that these [smart home hubs and] devices can be deployed in many different scenarios, the impact of a successful attack against them could be severe," before reminding consumers of the importance of keeping device software up to date.
In a statement emailed to GearBrain, a Samsung spokesperson said: "Samsung takes security very seriously and our products and services are designed with security as a priority. We are aware of the security vulnerabilities for SmartThings Hub V2 and released a patch for automatic update to address the issue. All active SmartThings Hub V2 devices in the market are updated to-date."This is not the first time the SmartThings Hub has come under fire from the cybersecurity community. In May 2016,