DEVELOPING: Samsung Addresses SmartThings Hacking Concerns

DEVELOPING: Samsung Addresses SmartThings Hacking Concerns

Samsung is now responding to some alarming new research about the vulnerability of its SmartThings–a home control platform that allows homebuyers to control home appliances, locks, light bulbs and more with their mobile devices. 

Samsung says it has fixed the vulnerabilities discussed in a report by a group of researchers at the University of Michigan and Microsoft.  In what they’re calling the first in-depth security analysis of Samsung’s SmartThings, researchers say they discovered they could explore framework design flaws, which allowed them to pull off unsettling tricks over the Internet.

They were able to secretly plant door lock codes, steal existing door lock codes, disable vacation mode of the home and set a fake fire alarm. The scariest part is this proves hackers could gain silent access to your clients’ homes.

Samsung made some big announcements at its annual developers conference.
Samsung made some big announcements at its annual developers conference.

Now, Samsung is telling The Register that the researchers involved had been in contact well before the publication of their findings, and the Samsung has already fixed the issues.

“The potential vulnerabilities disclosed in the report are primarily dependent on two scenarios–the installation of a malicious SmartApp or the failure of third party developers to follow SmartThings guidelines on how to keep their code secure,” a spokeswoman told The Reg.

“Regarding the malicious SmartApps described, these have not and would not ever impact our customers because of the certification and code review processes SmartThings has in place to ensure malicious SmartApps are not approved for publication. To further improve our SmartApp approval processes and ensure that the potential vulnerabilities described continue not to affect our customers, we have added additional security review requirements for the publication of any SmartApp.”

SmartThings2.jpg

The lesson for builders is to be cautious and ask dealers and manufacturers pointed questions before deciding on a home control platform. A recent survey by global trade body Mobile Ecosystem Forum (MEF) in partnership with AVG Technologies shows that as many as 60 percent of consumers worldwide are worried about connected devices and the Internet of Things (IoT). One in 10 don’t even see a benefit to IoT benefits at all.

RELATED: New Study: Could Consumer Mistrust Crush IoT?

The main reason for this is security concerns, so the last thing you want to do is offer a system that validates their concerns.

Researchers are expected to present these SmartThings results at the IEEE Symposium on Security and Privacy later this month. This controversy comes just days after Samsung unveiled some big announcements at its annual Developer Conference in San Francisco.

RELATED: Samsung Says “Bring It On” to Amazon, Smart Home Industry

Researchers Show Video of Pincode Snooping Attack

For more great content, be sure to subscribe to our newsletters

Follow TecHomeBuilder on Twitter and like us on Facebook

About The Author

Andrea Medeiros is editor-in-chief, multimedia director and content developer at TecHome Builder. She is a former TV news reporter turned home technology guru and is using her broadcast journalism skills to help our team deliver complicated, tech-focused content in a conversational way. She has a decade of experience in the editorial realm—interviewing, writing and editing stories as well as shooting, editing and producing video content. She is most interested in covering interoperability among smart devices.

Related posts

Leave a Reply

Your email address will not be published. Required fields are marked *