Researchers discovered that Smart Home exposes homes to “significant harm,” Ars Technica reports. The group will publish their findings in a paper to be presented at the 2016 IEEE Symposium on Security and Privacy later this month.
Two fatal weaknesses gave the researchers access to the system. The design flaws lie deep within the app and will not be easy for Samsung to fix or update. The system used to authenticate users can be exploited to give the attacker control of the house.
The login page for the app allows hackers to divert the user’s data to their own server. It could then be stored for later use and sent to the real SmartThings server as required. The weakness is in the OAuth authentication token used to validate a user’s identity.
Once exploited, an attacker would have complete access to the network. They could change thermostat settings, heat up ovens, trigger a fire alarm or turn lights on or off. Anything the user could do the hacker would be able to replicate remotely, through a malicious SmartThings app.
The researchers also found that many third-party SmartThings apps are over-privileged. They obtain access to devices and features that they never use, exposing sensitive areas of the network to the outside.
The most prominent example found was a simple app designed to lock and unlock doors. An attacker being able to unlock a door remotely may sound worrying enough, but the over-privileged nature of the app makes it possible to do even more.
The way SmartThings gives permissions to apps allowed the researchers to remotely reset the lock and assign their own PIN, even though the app was never supposed to use that feature and should only be able to lock and unlock doors. Hackers could lock you out of your house and change your code to stop you getting back in.
The blame for this issue doesn’t really lie with the app’s developer. There is little that could be done to prevent it as the problem lies with the code provided by Samsung, rather than the app itself. The researchers discovered that 55 percent of apps available for SmartThings are over-privileged for their functionality and 42 percent receive permissions they never request.
Despite the evidence to the contrary, Samsung suggested that app developers are responsible. “The potential vulnerabilities disclosed in the report are primarily dependent on two scenarios – the installation of a malicious SmartApp or the failure of third party developers to follow SmartThings guidelines on how to keep their code secure,” the company said in a statement.
Samsung proceeded to suggest that the problem doesn’t affect users, claiming “these have not and would not ever impact our customers because of the certification and code review processes SmartThings has in place to ensure malicious SmartApps are not approved for publication.” This is despite at least one app studied by the researchers already being present in the store.
The researchers who discovered the vulnerabilities advised consumers to think twice before making essential components of their home “smart.” The issues could leave people vulnerable to break-ins and vandalism or, in a worst case scenario, locked out of their home. Samsung has yet to fully respond to the allegations that the SmartThings platform is responsible for the security problems.
