Researchers reveal 20 vulnerabilities in Samsung SmartThings Hub

Samsung released firmware to patch 20 flaws that if exploited, could have let attackers remotely control and even physically damage IoT gadgets connected the SmartThings Hub.

Researchers reveal 20 vulnerabilities in Samsung SmartThings Hub
Dave Zatz/IDG

If you are so inclined, you could connect all sorts of smart devices to the Samsung SmartThings Hub as a handy way to control them. Until recently, though, vulnerabilities could have allowed an attacker to remotely control devices connected to the hub.

Cisco Talos researchers revealed the 20 SmartThings Hub vulnerabilities that attackers could have exploited to unlock smart locks, remotely spy on people in their homes via IP cameras, disable motion detectors, control thermostats, control smart plugs to turn connected things off or on, and even cause physical damage to appliances and devices connected to the smart plugs.

Those are but a few examples of what attackers could have remotely controlled, as the Linux-based SmartThings Hub can communicate with all kinds of Internet of Things (IoT) devices, such as those using Zigbee, Z-Wave, Ethernet, and Bluetooth.

“Given that these devices often gather sensitive information, the discovered vulnerabilities could be leveraged to give an attacker the ability to obtain access to this information, monitor and control devices within the home, or otherwise perform unauthorized activities,” Cisco Talos said.

The researchers admitted that some of the vulnerabilities would be challenging to exploit, but chained together, the flaws could result in a “significant attack on the device.” They found “three notable chains, the last of which allows for remotely compromising the device without prior authentication.”

After describing the notable chains, the researchers discussed multiple attack vectors, such as “anyone owning a valid OAuth bearer token, or the relative username and password pair to obtain it, can talk to the remote SmartThings servers as an authenticated user.”

The full list of the 20 identified bugs and a description of each can be found in the Cisco Talos blog post.

“While devices such as the SmartThings Hub are typically deployed to provide additional convenience and automation to users,” the researchers wrote, “special consideration must be made to ensure that they are configured securely, and updated when new firmware updates are made available by the manufacturer. Given that these devices can be deployed in many different scenarios, the impact of a successful attack against them could be severe.”

New SmartThings Hub firmware released July 9

Cisco Talos did not go public with the vulnerabilities until Samsung had issued a patch for the SmartThings Hub V2. The new firmware was released July 9. Samsung has been issuing statements to the public about taking “security very seriously” and designing its products and services “with security as a priority.” Samsung added that “all active SmartThings Hub V2 devices in the market are updated to date.”

The good news is that Samsung automatically pushes out firmware updates; yet the researchers advised customers to manually verify that the updated version was applied and that the devices are no longer vulnerable. You can check the firmware version from the SmartThings mobile app, classic app, or the hub’s web console.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.