Latest in Gear

Image credit: Samsung

Samsung patches multiple SmartThings Hub security flaws

Hackers could have exploited the vulnerabilities to control devices connected to the hub.
343 Shares
Share
Tweet
Share
Save

Sponsored Links

Samsung

Samsung's SmartThings hub suffered from 20 vulnerabilities that could have allowed attackers to control the internet-of-things devices connected to it. Thankfully, security intelligence firm Cisco Talos discovered the flaws and worked with the Korean company to resolve the issues, allowing Samsung to release a firmware update that patches them for all affected customers. Talos admits in its report that some of the vulnerabilities would've been difficult to exploit, but attackers can combine several at once to launch a "significant attack on the device."

While the hub may not have access to credit card and bank account numbers, hackers could have taken advantage of the flaws to disable smart locks and gain physical entry to people's homes, for instance, or to take command of nanny cams and CCTVs to monitor a house's occupants or an establishment's activities. They could've used the flaws to disable motion and alarm systems or even to damage appliances connected to the hub.

Despite the multiple vulnerabilities, Talos praised the company for working to resolve the situation after being informed. Craig Williams, Director of Cisco Talos Outreach, told ZDNet that Samsung "did a lot of things right and should be commended for the way [it] designed [its] devices to be easily updated." He added "Every piece of software from every vendor has bugs if you look closely enough." A Samsung spokesperson also told the publication that it had already released an automatic update to fix all the flaws Talos found and "all active SmartThings Hub V2 devices in the market are updated to date."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
343 Shares
Share
Tweet
Share
Save

Popular on Engadget

Runkeeper drops its Wear OS app due to a 'buggy experience'

Runkeeper drops its Wear OS app due to a 'buggy experience'

View
Drako's GTE electric supercar will be a four-motor, 1,200HP monster

Drako's GTE electric supercar will be a four-motor, 1,200HP monster

View
Nintendo says there is no Switch exchange program

Nintendo says there is no Switch exchange program

View
IKEA creates a business unit devoted to smart home tech

IKEA creates a business unit devoted to smart home tech

View
US will reportedly give Huawei another temporary reprieve

US will reportedly give Huawei another temporary reprieve

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr