Latest in Gear

Image credit: Samsung

Samsung patches multiple SmartThings Hub security flaws

Hackers could have exploited the vulnerabilities to control devices connected to the hub.
343 Shares
Share
Tweet
Share
Save

Sponsored Links

Samsung

Samsung's SmartThings hub suffered from 20 vulnerabilities that could have allowed attackers to control the internet-of-things devices connected to it. Thankfully, security intelligence firm Cisco Talos discovered the flaws and worked with the Korean company to resolve the issues, allowing Samsung to release a firmware update that patches them for all affected customers. Talos admits in its report that some of the vulnerabilities would've been difficult to exploit, but attackers can combine several at once to launch a "significant attack on the device."

While the hub may not have access to credit card and bank account numbers, hackers could have taken advantage of the flaws to disable smart locks and gain physical entry to people's homes, for instance, or to take command of nanny cams and CCTVs to monitor a house's occupants or an establishment's activities. They could've used the flaws to disable motion and alarm systems or even to damage appliances connected to the hub.

Despite the multiple vulnerabilities, Talos praised the company for working to resolve the situation after being informed. Craig Williams, Director of Cisco Talos Outreach, told ZDNet that Samsung "did a lot of things right and should be commended for the way [it] designed [its] devices to be easily updated." He added "Every piece of software from every vendor has bugs if you look closely enough." A Samsung spokesperson also told the publication that it had already released an automatic update to fix all the flaws Talos found and "all active SmartThings Hub V2 devices in the market are updated to date."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
343 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
TiVo's 'free' streaming service starts rolling out

TiVo's 'free' streaming service starts rolling out

View
NASA demos spacesuits for its Moon and Mars missions

NASA demos spacesuits for its Moon and Mars missions

View
Sony’s 360 Reality Audio launches this fall with 1,000 tracks

Sony’s 360 Reality Audio launches this fall with 1,000 tracks

View
Logitech unveils its first mouse and keyboard built for Chrome OS

Logitech unveils its first mouse and keyboard built for Chrome OS

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr