Check Point Software has discovered a critical vulnerability within LG’s SmartThinQ smart home technologies that would have allowed hackers to remotely control and turn household electronics into spying devices.
The flaw, nicknamed HomeHack, exposed millions of customers to unauthorised control over robot vacuum cleaners, refrigerators, ovens, dishwashers, washing machines and dryers, and air conditioners.
Hackers can exploit the flaw to turn robot vacuum cleaners into spying devices via the attached video camera, switch off refrigerators, turn on ovens and hotplates, and remotely interfere with air-conditioning settings.
Check Point researchers were able to exploit vulnerabilities in the SmartThinQ mobile app to create a fake account and use it to take over a user’s legitimate account, gaining the control required over smart LG appliances.
The company informed LG of the vulnerabilities at the end of July and LG responded by fixing the reported issues at the end of September. The companies are urging customers to update both the app and the devices to the latest version as quickly as possible.
“As more and more smart devices are being used in the home, hackers will shift their focus from targeting individual devices to hacking the apps that control networks of devices. This provides cybercriminals with even more opportunities to exploit software flaws, cause disruption in users’ homes and access their sensitive data,” Check Point Head of Products Vulnerability Research Oded Vanunu said.
“Users need to be aware of the security and privacy risks when using their IoT devices and it’s essential that IoT manufacturers focus on protecting smart devices against attacks by implementing robust security during the design of software and devices.”
Image credit: ©stock.adobe.com/au/wip-studio