- Samsung updated its SmartThings Hub after 20 vulnerabilities were reported by security intelligence firm Cisco Talos.
- Talos worked with Samsung to resolve the underlying security flaws and helped the Korean company release an automatic security update.
- The security flaws had the potential to allow attackers access to smart locks, CCTV devices and more.
Samsung’s home security system SmartThings received a major update that patched recently discovered vulnerabilities that left the platform vulnerable to hackers. The patched vulnerabilities had the potential to allow attackers to tap into CCTV footage of SmartThings users and also carry out unauthorized actions using the hub. The recent firmware update was developed with the help of security intelligence firm Cisco Talon, who helped the Korean tech giant to secure 20 exploits.
While the number of vulnerabilities sounds high for a security system, Cisco revealed that a large number of the discovered exploits would require advanced hacking skills to perform successful attacks. However, if a large number of attackers would launch a combined attack, it could lead to a significant data breach on the Samsung SmartThings platform at large.
Information that could be stolen by taking advantage of the exploits includes personal identification information and hardware information about the connected smart devices. Fortunately, credit card information and bank account numbers are not stored on the SmartThings platform.
Director of Cisco Talos Outreach Craig Williams revealed “There is no such thing as bullet-proof software. Samsung did a lot of things right and should be commended for the way they designed their devices to be easily updated. Every piece of software from every vendor has bugs if you look closely enough.” Talos released a detailed report on the vulnerabilities explaining the severity of each threat and how they could affect SmartThings users.
The vulnerabilities were specific to the first-generation SmartThings Hub devices only. A Samsung spokesperson revealed that the latest automatic update has already fixed all of the flaws and all active SmartThings Hub V2 devices available for purchase are already up to date. If you own Samsung’s smart home device, it is recommended to connect it to the internet to allow an automatic update as soon as possible.