A research conducted by Cisco Talos researchers indicates that 20 vulnerabilities that affect Samsung’s SmartThings Hub may enable hackers to compromise third-party smart devices. A successful exploit of these vulnerabilities could let attackers connect remotely the devices and obtain sensitive information.
Nowadays more and more people choose to modernize their homes by putting into action Internet of Things (IoT) devices. The recent discovery made by Talos’ researcher Claudio Bozzato is yet another proof that these devices could be subject of unauthorized activities which demands owners to review all security options and update devices to the latest version as soon as possible.
20 Vulnerabilities Could Disrupt SmartThings HubSmartThings Hub is a linux-based controller that monitors and manages various internet-of-things (IoT) devices. It allows users to establish a remote connection between their IoT devices and smartphones in order that they could control the devices through the phones. Most of the devices that are typically deployed in smart homes like smart plugs, LED light bulbs, thermostats, cameras and other feature the SmartThings Hub central controller that according to the report is the one vulnerable to unauthorized control.
Related Story: Security Tips for Configuring IoT Devices
The discovered vulnerabilities equal 20 and as reported they could be leveraged by hackers for executing compromised OS commands and other arbitrary code on the IoT devices. Furthermore, by leveraging the flaws attackers could obtain sensitive information stored by the devices.
Since some of the flaws might be hard to exploit hackers could combine a few of them to cause a significant attack on the device. A possible scenario of remote information leakage attack is a chain that leverages several vulnerabilities. For it the CVE-2018-3879 needs to be combined with CVE-2018-3926 and CVE-2018-3927 .
The first one can be used for the creation of an empty file inside (Read more...)