According to a recent report published by security researchers from the University of Michigan, Samsung Smart Home solution isn’t secure anymore. Researchers claim that it has multiple security flaws, which can be used by remote hackers to exploit users’ homes, including creating dummy keys for front door locks.
In order to check the vulnerability of Samsung’s IoT security offerings, researchers analyzed over 132 device handlers and 499 SmartThings apps. Based on the study, experts claim that the SmartThings events subsystem doesn’t adequately protect those events that carry sensitive information like lock codes.
Multiple studies were conducted in order to collect proof-of-concept exploits that caused this trouble to IoT security offerings of the company. The major proof-of-concepts published by the researchers include:
- secretly planted door lock codes;
- disabled vacation mode of the home;
- stole existing door lock codes;
- trigger a fake fire alarm.
While analyzing, experts found out that most dangerous IoT security vulnerability was but backdoor pin-code injection attack. It could give a full excess of users’ houses to remote attackers.
Read More: Round Up: Security Breaches in IoT So Far
Samsung’s SmartThings platform uses OAuth token to validate the authenticity of its users. However, attackers can send a malicious HTTPS link to users and easily get access to OAuth token. Samsung is yet to make changes in its Smart Home solution to get rid of these IoT security issues; therefore, users are advised to think twice before giving it access to any of their critical components. More details of this update can be found here.