Samsung is now responding to some alarming new research about the vulnerability of its SmartThings–a home control platform that allows homebuyers to control home appliances, locks, light bulbs and more with their mobile devices.
Samsung says it has fixed the vulnerabilities discussed in a report by a group of researchers at the University of Michigan and Microsoft. In what they’re calling the first in-depth security analysis of Samsung’s SmartThings, researchers say they discovered they could explore framework design flaws, which allowed them to pull off unsettling tricks over the Internet.
They were able to secretly plant door lock codes, steal existing door lock codes, disable vacation mode of the home and set a fake fire alarm. The scariest part is this proves hackers could gain silent access to your clients’ homes.
Now, Samsung is telling The Register that the researchers involved had been in contact well before the publication of their findings, and the Samsung has already fixed the issues.
“The potential vulnerabilities disclosed in the report are primarily dependent on two scenarios–the installation of a malicious SmartApp or the failure of third party developers to follow SmartThings guidelines on how to keep their code secure,” a spokeswoman told The Reg.
“Regarding the malicious SmartApps described, these have not and would not ever impact our customers because of the certification and code review processes SmartThings has in place to ensure malicious SmartApps are not approved for publication. To further improve our SmartApp approval processes and ensure that the potential vulnerabilities described continue not to affect our customers, we have added additional security review requirements for the publication of any SmartApp.”
The lesson for builders is to be cautious and ask dealers and manufacturers pointed questions before deciding on a home control platform. A recent survey by global trade body Mobile Ecosystem Forum (MEF) in partnership with AVG Technologies shows that as many as 60 percent of consumers worldwide are worried about connected devices and the Internet of Things (IoT). One in 10 don’t even see a benefit to IoT benefits at all.
The main reason for this is security concerns, so the last thing you want to do is offer a system that validates their concerns.
Researchers are expected to present these SmartThings results at the IEEE Symposium on Security and Privacy later this month. This controversy comes just days after Samsung unveiled some big announcements at its annual Developer Conference in San Francisco.
Researchers Show Video of Pincode Snooping Attack
For more great content, be sure to subscribe to our newsletters