Researchers Ravage Samsung SmartThings Hub Using Digital Picks To Break Exploitable Locks
One of their creations is a lock-pick malware app. What it does is eavesdrop on someone setting up a new PIN code for a door lock and then sends the PIN in a text message to a hacker. The researchers disguised the malware as a smart battery monitor, a seemingly benign and handy utility that could leave owners vulnerable to intrusion.
That was one of four proof-of-concept attacks the researchers demonstrated. In another example, they showed how an existing SmartApp could be remotely exploited to make just about any spare door key by programming an additional PIN into the electronic lock, something the SmartApp wasn't originally designed to do.
Yet another SmartApp was exploited to turn off "vacation mode" so that an attacker can alter the timing of lights, blinds, and other functions, while a fourth proof-of-concept attack showed that a fire alarm could be made to go off by an SmartApp injecting false messages.
"The access SmartThings grants by default is at a full device level, rather than any narrower," said Atul Prakash, a professor of computer science and engineering at University of Michigan. "As an analogy, say you give someone permission to change the lightbulb in your office, but the person also ends up getting access to your entire office, including the contents of your filing cabinets."
Samsung is aware of the exploits and has been working with the researchers to beef up its security.
"The report discloses hypothetical vulnerabilities in the SmartThings platform and demonstrates how, under certain circumstances, they could be exploited. Over the past several weeks, we have been working with this research team and have already implemented a number of updates to further protect against the potential vulnerabilities disclosed in the report," Samsung said.
Samsung also downplayed the severity of the situation, saying that none of the vulnerabilities described by the researchers have affected customers because of the SmartApp approval process that it has in place.