LG flaw could have created refrigerator spies
Check Point Software has discovered a critical vulnerability within LG’s SmartThinQ smart home technologies that would have allowed hackers to remotely control and turn household electronics into spying devices.
The flaw, nicknamed HomeHack, exposed millions of customers to unauthorised control over robot vacuum cleaners, refrigerators, ovens, dishwashers, washing machines and dryers, and air conditioners.
Hackers can exploit the flaw to turn robot vacuum cleaners into spying devices via the attached video camera, switch off refrigerators, turn on ovens and hotplates, and remotely interfere with air-conditioning settings.
Check Point researchers were able to exploit vulnerabilities in the SmartThinQ mobile app to create a fake account and use it to take over a user’s legitimate account, gaining the control required over smart LG appliances.
The company informed LG of the vulnerabilities at the end of July and LG responded by fixing the reported issues at the end of September. The companies are urging customers to update both the app and the devices to the latest version as quickly as possible.
“As more and more smart devices are being used in the home, hackers will shift their focus from targeting individual devices to hacking the apps that control networks of devices. This provides cybercriminals with even more opportunities to exploit software flaws, cause disruption in users’ homes and access their sensitive data,” Check Point Head of Products Vulnerability Research Oded Vanunu said.
“Users need to be aware of the security and privacy risks when using their IoT devices and it’s essential that IoT manufacturers focus on protecting smart devices against attacks by implementing robust security during the design of software and devices.”
APAC workers in need of phishing training: report
A report from workforce security company KnowBe4 indicates that 1 in 3 Australian employees is...
Critical vulnerabilities doubled in past year: report
Research published by Check Point indicates that critical vulnerabilities have doubled since last...
DigiCert launches Quantum Central tool
DigiCert's recently launched Quantum Central solution can help security and IT teams prepare...
