LG IoT security bug highlights risks of home automation

Tech Central:  The discovery this week of a security vulnerability within SmartThinQ, a technology touted by LG for automating communication with its range of home appliances and devices, has reinforced the risks of remote Internet of Things (IoT) takeover as attackers progressively master new methods of attacking increasingly smart devices.LG’s SmartThinQ is a framework for communication between devices that enables them to, among other things, be controlled by smartphone apps or by voice through integration with emerging smart home devices such as Amazon Alexa and Google Home. It has been built into a range of LG refrigerators, ovens, dishwashers, air purifiers, washing machines, dryers, and robotic vacuums.Weaknesses in the core software, which were named ‘HomeHack’ and disclosed by Check Point Software Technologies researchers to LG on 31 July, allowed an attacker to create a fake LG account, then use this to take over the account of a legitimate user that would provide access to all of their appliances.

This presents, among other things, security concerns that the remote-monitor camera on automatic vacuums could be used to surveil a target home or office.

The risk of poor IoT security isn’t limited to renegade vacuums, however: even as home video cameras and other appliances are relentlessly probed for vulnerabilities, the risk of vulnerabilities in medical devices or industrial-control sensors – which could potentially cause injury or death – have let to prioritisation of the need for urgent improvements as IoT reshapes the future of device security.

LG Electronics responded quickly to the Check Point alert, remotely updating what LG manager of smart development team Koonseok Lee said in a statement was “an advanced rooting process designed to detect security issues”. The patched and updated SmartThinQ kernel has been running “smoothly and issue-free” since then, Lee said.

This seemingly smooth patch process belies the experience of most IoT device makers, which have been notoriously lax on security in their devices. The issues are compounded as increasing development of IoT standards like MQTT improves inter-device communications and opens new channels for wholesale takeover of large numbers of devices.  Full Article:

Comments (0)

This post does not have any comments. Be the first to leave a comment below.


Post A Comment

You must be logged in before you can post a comment. Login now.

Featured Product

Universal Robots Add a Sense of Touch in New e-Series Cobots with  Built-in Force/Torque Sensor and Re-Designed User Interface

Universal Robots Add a Sense of Touch in New e-Series Cobots with Built-in Force/Torque Sensor and Re-Designed User Interface

With the new e-Series cobot line, Universal Robots raises the bar for cobots, adding unique new features while significantly strengthening the four core principles defining collaborative robots: fast set-up, easy programming, flexible deployment, and safe operation. With a new built-in, tool-centric Force/Torque sensor the e-Series is ready to take on applications requiring force control right out of the box. A repeatability of 30 micron means the new cobots are suitable for very precise finishing, assembly and electronics tasks. A re-designed user interface decreases cognitive load and expedites program development, while a new externally accessible, 500Hz system bus enables more complex motion control algorithms or profiles.