11 October 2016
Samsung SmartThings is a system that lets you monitor your home digitally. You can call it a home monitoring system that has been around for a while now. As a matter of fact, Samsung is actively selling its 2-gen SmartThings kit for at least six months now after unveiling it in October last. However, there are a few bugs here or there that keeps the system far from being foolproof. And this was brought forward by University of Michigan researchers. And it is not only about calling the system short of guaranteed service.
There are still many more things that can be done through the platform that carries with it a chunk of vulnerabilities. The system is liable to be exploited via a naughty app that can unlock your locks and change the access codes for your home. As if that wasn’t enough, it can turn off all of your connected devices and carry out things that you wouldn’t like someone tampering with. Matters can be worse, as the above-mentioned vulnerabilities can be carried out the need to have “hard-to-achieve prerequisites”.
If a malicious app is installed unsuspectingly or the user clicks on malevolent links, he/she stands a chance to compromise the platform. This can indeed be a risky business as you can open up your entire house to a stranger who can do whatever he wants and you will remain unaware about it.
The issue about the security, as per the University of Michigan researchers, is that Samsung easily allows privileges and permissions to apps, which can cause serious issues later. The team then built a prototype app for exploiting the loopholes as a practical illustration. Accordingly, the app was only a piece of battery monitor software to keep a watch on multiple devices. And as said earlier, Samsung easily allows permissions in one go, the app allowed to keep an eye on smart lock battery levels. And what’s more, it also allowed opening the door.
One more app was created regarding the PIN code for smart locks. And it also allowed unlocking the home with the owner having no knowledge at all.