SECURITY RESEARCHERS have uncovered 20 bugs in Samsung's SmartThings Internet of Things (IoT) controller.
Cisco Talos' cybersecurity team discovered the vulnerabilities in the SmartThings Hub, warning that the security holes could allow hackers to break into smart locks, crack into connected cameras and mess around will all manner of network connected devices
"These vulnerabilities vary in the level of access required by an attacker to exploit them and the level of access they give an attacker. In isolation, some of these might be hard to exploit, but together they can be combined into a significant attack on the device," the researchers warned in a technical breakdown of the vulnerabilities.
"Given that these devices often gather sensitive information, the discovered vulnerabilities could be leveraged to give an attacker the ability to obtain access to this information, monitor and control devices within the home, or otherwise perform unauthorised activities."
Security holes in IoT and smart home devices are nothing new; the low-power and limited processing power of such devices means it's hard to put solid security defences into them. However, vulnerabilities in hub devices that shepherd a home's smart gadgets is a big no-no.
Compromise the hub and you've effectively compromised an entire smart home and potentially the servers it connects back to in order to deliver its smart functions.
The Talos researchers noted that a hacking technique called "chaining" could enable hackers to use some of the bugs in the SmartThings hub to exploit other bugs in the device that would have otherwise been unreachable. As such, hackers could gain all manner of access to the devices connected to the SmartThings Hub and set about causing havoc to smart homes.
Samsung has since released a firmware update that squashes the bugs, which should be rolling out to devices automatically. But this once again demonstrated the need to ensure cyber security in smart devices isn't simply pushed to one side in favour of features, otherwise hackers will have tempting targets on which to unleash cyber chaos. µ
You're not the voice, try and understand it
Not 'Appy bunnies
News reaches us, per Plex