Cisco Talos researchers have unearthed 20 vulnerabilities in the Samsung SmartThings Hub that could be leveraged by attackers to monitor, control and interfere with devices within the home.
Among other things, the attacker could unlock smart locks controlled by the SmartThings Hub, use the cameras deployed within the home to remotely monitor occupants, disable the motion detectors used by the home alarm system, or cause physical damage to appliances or other devices connected to smart plugs deployed within the smart home.
Samsung SmartThings Hub
The Samsung SmartThings Hub is a central controller for monitoring and managing IoT devices – cameras, thermostats, LED light bulbs, smart plugs, etc. – deployed in one’s home. It runs Linux-based firmware and communicates with those IoT devices via a variety of technologies such as Ethernet, Zigbee, Z-Wave and Bluetooth.
“In total, Talos found 20 vulnerabilities in the Samsung SmartThings Hub. These vulnerabilities vary in the level of access required by an attacker to exploit them and the level of access they give an attacker. In isolation, some of these might be hard to exploit, but together they can be combined into a significant attack on the device,” the researchers noted.
The vulnerabilities for can be exploited to achieve information disclosure, DoS conditions, and remote code execution.
More details about the specific vulnerabilities, attack vectors and possible attack chains are provided in this blog post.
The vulnerabilities have been responsibly disclosed to Samsung and the company has already released fixes.
Samsung pushes out firmware fixes to active Hubs and customers currently don’t have a say on whether they will be implemented or not. So, if you own and use the Samsung SmartThings Hub chances are good that it has already been upgraded to the latest firmware release (0.22.13 or 0.22.14) and you’re not longer vulnerable to attack.
But if your Hub has, for whatever reason, been inactive for a while, you might want to check whether the firmware is up-to-date. You can do that via the SmartThings mobile app, the SmartThings Classic app or the the SmartThings web console.
For enterprise network defenders Cisco Taos has also released Snort rules that should detect exploitation attempts.