A security vulnerability enabled attackers to take over LG smart devices

  • 276
  •  
  •  
  • 1
  •  
  •  
  •  
    277
    Shares

Security researchers from Check Point have discovered a security flaw called “HomeHack” in LG SmartThinQ smart home devices that enabled them to hijack internet-connected devices like refrigerators, ovens, dishwashers, air conditioners, dryers, and washing machines made by LG.

Hackers would have been able to log into LG users’ SmartThinQ® home devices accounts and take remote control of the devices that are connected to the account.

The HomeHack vulnerability existing in the login process of the user signing into their account on the LG SmartThinQ app.

According to Check Point:
First, the attacker needs to recompile the LG application on the client side, in order to bypass security protections. This enables the traffic between the appliance and the LG server to be intercepted. Then, the would-be attacker creates a fake LG account to initiate the login process. By manipulating the login process and entering the victim’s email address instead of their own, it was possible to hack into the victim’s account and take control of all LG SmartThinQ devices owned by the user.

More than 400,000 LG Hom-Bot robotic vacuum cleaners have been sold in the first half of 2016. As more and smarter devices are being used in the home, attackers will begin to shift their focus from targeting specific devices, to hacking the apps that control networks of devices. This will give cybercriminals more chances to exploit software vulnerabilities, cause confusion in users’ homes and access their private data.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!