If you let it, Samsung’s SmartThings Hub can control virtually your entire home, up to and including locks and cameras. That makes it wildly convenient to use — but also extraordinarily important to secure. It’s not easy.
On Thursday, the cybersecurity researchers at Cisco Talos published 20 vulnerabilities in the hub that can be combined to gain complete control of it.
Samsung has already released an automatic patch. Users are urged to verify their own hub is updated.
As IoT devices rapidly proliferate across the U.S. and around the world — a home can be “smartened” up for a few hundred bucks — hackers are increasingly looking to twist the gadgets to their own ends. Cellebrite, the world famous Israeli firm most known for cracking iPhones, is increasingly targeting IoT devices because of a rise in demand from police and intelligence agencies around the world.
“Given that these devices often gather sensitive information, the discovered vulnerabilities could be leveraged to give an attacker the ability to obtain access to this information, monitor and control devices within the home, or otherwise perform unauthorized activities,” Cisco’s researchers wrote on Thursday.
The vulnerabilities and attacks described by the researchers include, for instance, the ability to take over cameras and view their output.