30.07.18

Samsung patches 20 weaknesses on SmartThings platform

samsung smartthings imagery showing app, hub and things

Samsung's SmartThings IoT platform may have mainstream popularity, but it’s been previously exploitable by those with the right skills to do so – but the manufactures hopes to affirm its commitment to security with its latest move.

Samsung's SmartThings hub had not one, not two, but twenty potential vulnerabilities open for hackers to take advantage of and resultantly get access to devices connected to hubs in homes everywhere.

The issues came to light from feedback from Security Intelligence and Research Group Cisco Talos (part of the Cisco brand), which has been working with Samsung to tackle the issue. Although hackers would have required serious skills to cause damage, Talos’ report still found the threat of a “significant attack on the device” was still present – i.e. the ability to access CCTV & other home cameras, disable ‘smart’ locks and wider motion sensing and alarm systems was possible.

The Korean powerhouse has since rolled out a firmware update to patch vulnerabilities for those at risk. Talos since confirmed that all active SmartThings Hub V2 devices are now up to date.

Craig Williams, director of Cisco Talos Outreach, has since come out to assure us that we shouldn’t be too quick to criticise Samsung for allowing these weakness in the first place – telling ZDNet that the company “did a lot of things right and should be commended for the way [it] designed [its] devices to be easily updated.”

“Every piece of software from every vendor has bugs if you look closely enough,” he concluded – a fact that rings all too true when it comes to entry-level/ ‘DIY’ IoT products in the marketplace… we can only hope the rest of the sector follows suit.


 
 
.
 
.