LG IoT security bug highlights risks of home automation

Tech Central:  The discovery this week of a security vulnerability within SmartThinQ, a technology touted by LG for automating communication with its range of home appliances and devices, has reinforced the risks of remote Internet of Things (IoT) takeover as attackers progressively master new methods of attacking increasingly smart devices.LG’s SmartThinQ is a framework for communication between devices that enables them to, among other things, be controlled by smartphone apps or by voice through integration with emerging smart home devices such as Amazon Alexa and Google Home. It has been built into a range of LG refrigerators, ovens, dishwashers, air purifiers, washing machines, dryers, and robotic vacuums.Weaknesses in the core software, which were named ‘HomeHack’ and disclosed by Check Point Software Technologies researchers to LG on 31 July, allowed an attacker to create a fake LG account, then use this to take over the account of a legitimate user that would provide access to all of their appliances.

This presents, among other things, security concerns that the remote-monitor camera on automatic vacuums could be used to surveil a target home or office.

The risk of poor IoT security isn’t limited to renegade vacuums, however: even as home video cameras and other appliances are relentlessly probed for vulnerabilities, the risk of vulnerabilities in medical devices or industrial-control sensors – which could potentially cause injury or death – have let to prioritisation of the need for urgent improvements as IoT reshapes the future of device security.

LG Electronics responded quickly to the Check Point alert, remotely updating what LG manager of smart development team Koonseok Lee said in a statement was “an advanced rooting process designed to detect security issues”. The patched and updated SmartThinQ kernel has been running “smoothly and issue-free” since then, Lee said.

This seemingly smooth patch process belies the experience of most IoT device makers, which have been notoriously lax on security in their devices. The issues are compounded as increasing development of IoT standards like MQTT improves inter-device communications and opens new channels for wholesale takeover of large numbers of devices.  Full Article:

Comments (0)

This post does not have any comments. Be the first to leave a comment below.


Post A Comment

You must be logged in before you can post a comment. Login now.

Featured Product

PureLink - HCE III TX/RX: 4K HDR over HDBaseT Extension System w/ Control and Bi-Directional PoE

PureLink - HCE III TX/RX: 4K HDR over HDBaseT Extension System w/ Control and Bi-Directional PoE

The HCE III Tx/Rx HDBaseT™ extension system offers full HDMI 2.0 compliance supporting HDR (High Dynamic Range) and 4K@60Hz with 4:4:4 chroma sampling. Featuring PureLink's proprietary Prcis codec, a light compression technology, the HCE III can transport Ultra HD/4K, multi-channel audio, and High Dynamic Range (10 bits support) content over a single CATx cable. The HCE III provides HDMI extension up to 130 feet (40 meters) at Ultra HD/4K and up to 230 ft. (70 meters) at 1080p over category cable with embedded multi-channel audio, CEC pass-through, bi-directional RS-232 and IR control, and PoE - all with zero loss and zero noise. The HCE III Tx/Rx also supports Dolby TrueHD, Dolby Digital Plus and DTS-HD Master Audio plus LCPM (up to 192 kHz). Additionally, the low profile "slim box" enclosure design make the HCE III ideal for limited space installation environments, such as behind flat panel displays and video walls.