Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Advertisement

×

Message

EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

You have declined cookies. This decision can be reversed.

Hackers could hijack LG's SmartThinQ to spy on you in real time

Written by  Oct 26, 2017

Experts from cyber firm Check Point, who dubbed the flaws "HomeHack", were able to exploit the bugs to take control of LG user accounts which, by extension, gave them access to the connected devices.

"By manipulating the login process [...] it was possible to hack into the victim's account and take control of all LG SmartThinQ devices," the team explained.

In some cases, products could be switched on and off.

The company highlighted the flaws by taking control of the video camera in LG's Hom-Bot robot vacuum cleaner. In the end, researchers were able to snoop on the live feed as it skulked around the house.

"This camera, in the case of account takeover, would allow the attacker to spy on the victim's home, with no way of them knowing, with all the obvious negative consequences of invasion of privacy and personal security violation," Check Point said in a blog post.

The HomeHack vulnerabilies were disclosed to LG on 31 July 2017, with the electronics firm successfully patching the SmartThinQ app at the end of September.

"As more and more smart devices are being used in the home, hackers will shift their focus from targeting individual devices, to hacking the apps that control networks of devices," said Oded Vanunu, head of products and vulnerability research at Check Point.

He continued: "This provides cybercriminals with even more opportunities to exploit software flaws, cause disruption in users' homes and access their sensitive data.

"Users need to be aware of the security and privacy risks when using their IoT devices and it is essential that IoT manufacturers focus on protecting smart devices against attacks by implementing robust security during the design of software."

The LG Hom Bot in actionLG

Sales of the Hom-Bot robotic vacuum cleaner alone reached 400,000 in the first half of 2016. In 2016, LG said that 80m smart home devices had been shipped worldwide.

Koonseok Lee, manager of LG's smart development team, said: "LG Electronics plans to continue strengthening its software security systems as well as work with cybersecurity solution providers like Check Point to provide safer and more convenient appliances."

He said that the company was still planning to expand its IoT product range in future.

Check Point advised users to ensure they have the latest mobile security updates installed – which can be done via the Google Play and Apple stores. The LG smart home appliances will also need to be updated with the latest software version via the SmartThinQ application dashboard.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

  1. Popular
  2. Trending
  3. Comments

Calendar

« January 2018 »
Mon Tue Wed Thu Fri Sat Sun
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

Advertisement

Tech Bargains