Researchers discovered a critical vulnerability dubbed HomeHack in LG's SmartThinQ mobile app that could be extensively exploited by hackers.
Researchers discovered a critical vulnerability dubbed HomeHack in LG's SmartThinQ mobile app that could be extensively exploited by hackers. As relief for the consumers, LG Electronics successfully patched the app, that is used by their customers to control the LG smart home devices. This vulnerability otherwise could have led to a disastrous situation for their customers. But unless the customers have the updated mobile app, the risk still exists, and are exposed to attacks. The HomeHack vulnerability affects LG's SmartThinQ mobile app which is used to control all of LG's smart home appliances such as smart ovens, vacuums, dishwashers, refrigerators, washing machines, air conditioners, and much more. The experts from Israeli cyber firm Check Point discovered this critical bug and dubbed as HomeHack. They disclosed about this flaw to LG in July 2017. LG Electronics could successfully release the patch for SmartThinQ app by the end of September 2017. The HomeHack flaw would have helped the cybercriminals to hijack the authentication process that occurs between the SmartThinQ app and LG's servers. This could help the attacker access users’ account and ultimately get control all of LG's smart home appliances. This vulnerability and the risks associated point to a bigger problem in home automation systems and IoT devices, as the security weakness in these can lead to massive impact to consumers privacy and safety.
Read some key insights from Global Cyber Security Leader on IoT Security -Prem on IoT SecurityTo bypass the security protections, the hacker has to, first of all, recompile the LG application on the client side and so the traffic between the LG server and the appliance will be obstructed. Then the attacker could easily create a fake account and log in. After manipulating the login process the attacker could easily take control of all LG SmartThinQ devices the user has. Check Point released a video to show how easily the appliance could be misused by cybercriminals to spy on a victim’s home. They used the LG Hom-Bot robot vacuum cleaner in their video, which comes with an onboard camera. Oded Vanunu, head of products and vulnerability research at Check Point said that since more and more smart devices are being used in the home, hackers will shift their focus towards hacking the apps that control networks of devices rather than targeting individual devices He also added that it provides cybercriminals with even more opportunities to exploit software flaws, cause disruption in users' homes and misuse their sensitive data.
IoT Device weakness can lead to bigger problems to the cyber world -Read the News about IoT_Reaper!The HomeHack weakness discovery conveys that even if people try to secure their local networks against attacks, their IoT devices could still be hijacked through the vulnerabilities in mobile applications or the vendor's back-end infrastructure. Cyber Security Experts and IoT appliance manufacturers must work closely to ensure that the solutions coming out for convenience and features shall be having the right level of security to avoid any privacy breaches and safety challenges.
Read why holistic security is important and is the answer for these challenges? Effectiveness through Holistic Security