Published in IoT

Samsung's IOT has security flaws

by on27 July 2018

Issues in the centralised controller

Cisco Talos researchers found flaws located in Samsung's centralised controller, a component that connects to an array of IoT devices around the house -- from light bulbs, thermostats, and cameras.

SmartThings Hub is one of several DIY home networking devices designed to allow homeowners to remotely manage and monitor digital devices.

The SmartThings Hub is a central controller that monitors and manages various internet-of-things (IoT) devices such as smart plugs, LED light bulbs, thermostats, cameras, and more that would typically be deployed in a smart home. The SmartThings Hub functions as a centralized controller for these devices and allows users to remotely connect to and manage these devices using a smartphone. The firmware running on the SmartThings Hub is Linux-based and allows for communications with IoT devices using a variety of different technologies such as Ethernet, Zigbee, Z-Wave and Bluetooth.

"Given that these devices often gather sensitive information, the discovered vulnerabilities could be leveraged to give an attacker the ability to obtain access to this information, monitor and control devices within the home, or otherwise perform unauthorized activities", researchers said in a report.

There are several different attack scenerios and Samsung has moved quick to patch the bugs.

"We are aware of the security vulnerabilities for SmartThings Hub V2 and released a patch for automatic update to address the issue," a Samsung spokesperson told Threatpost. "All active SmartThings Hub V2 devices in the market are updated to date." The company released a firmware advisory for Hub V2 devices.

Last modified on 27 July 2018
Rate this item
(0 votes)

Read more about: