November 1, 2017

Beware! Flaw in Mobile App Could Let Hackers Take Control of Any LG IoT Home Appliance

We are in a period where smart devices have become an integral part of our lives. If these smart devices are smart enough to make our life easier, then their smart behavior could also be exploited by hackers to invade our privacy, if not secured properly.

HomeHack-LG-devices-hacked (3)

Recently, the security researchers from Check Point has highlighted the privacy concerns surrounding smart home devices manufactured by the South Korean technology giant LG. They have discovered a security vulnerability in LG’s SmartThinQ range of devices, which consists of a selection of IoT (Internet of Things) devices like air conditioners, dishwashers, dryers, ovens, refrigerators, vacuum cleaners, and washing machines manufactured by LG – all which are remotely controlled by a Smartphone.

Dubbed HomeHack, the vulnerability resides in the mobile app and in the cloud platform linked to LG’s SmartThinkQ home appliances, allowing an attacker to remotely gain control of any connected appliance controlled by the app.

What even worse is, hackers could even remotely take control of LG’s Hom-Bot, a camera-equipped robotic vacuum cleaner, and access the live video feed to spy on anything in the device’s vicinity. This hack doesn’t even require hacker and targeted device to be on the same network.

You can watch the video demonstration of the HomeHack attack posted by the Check Point researchers here. It shows how easy it is for hackers to hijack the appliance and use it to spy on users and their homes.

YouTube video

The issue is in the way SmartThinQ app processes logins. In this sense, the research team explained,

“By manipulating the login process and entering the victim’s email address instead of their own, it was possible to hack into the victim’s account and take control of all LG SmartThinQ devices owned by the user. In some cases, the devices could be turned on and off without user supervision.”

However, the Check Point researchers notified LG about this vulnerability on July 31 , 017, and the company managed to correct them at the end of September.

How to be Protected against HomeHack?

According to researchers, to protect their devices, users of the LG SmartThinQ mobile app and appliances should ensure they are updated to the latest software versions from the LG website.

Check Point also advises consumers to update to the latest version (1.9.23) of LG SmartThinQ mobile app via Google play store, Apple’s App Store or via LG SmartThinQ app settings –  to secure their smart devices and home Wi-Fi networks against intrusion and the possibility of remote device takeover.

Undoubtedly, this is one of the most serious cases exposed in recent times, since hackers could invade the privacy of users and violate their personal safety. The researchers cautioned that as more and smart devices are being used within the home, the risks of hackers violating user privacy increase. Hackers start to shift their focus from targeting individual devices, to hacking the apps that control networks of devices. In addition, the researchers urged users to be aware of the security and privacy risks when using their IoT devices and IoT device manufacturers to focus on protecting smart devices against attacks, by implementing a robust security system during the design of software and devices.

About the author 


{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}