• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 18th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Researchers hack vacuum cleaner; turn it into perfect spying device

October 27th, 2017 Waqas Hacking News, Security 0 comments
Researchers hack vacuum cleaner; turn it into perfect spying device
Share on FacebookShare on Twitter

According to the findings of Check Point researchers, there is a vulnerability in the LG smart home infrastructure through which hackers can take full control of an authentic user account and later remotely hijack LG SmartThinq home appliances including refrigerators, dryers, dishwashers, microwaves and robotic vacuum cleaners. When a user leaves any of these devices switched on or off, cybercriminals get the perfect opportunity to convert them into real-time spying devices.

To prove their point, Check Point researchers demonstrated how a hacker could turn LG Hom-Bot vacuum cleaner into an espionage gadget. This was made possible through taking control of the integrated video camera installed inside the device. They disassembled the Hom-Bot to locate the Universal Asynchronous Receiver/Transmitter (UART) connection and when it was discovered that they could manipulate it to acquire access to the file system. Once the main process was debugged, they started looking for the code that initiated communication between the Hom-Bot and the SmartThinq mobile app.

“This is when we had the idea to investigate the SmartThinQ application – leading to the discovery of the HomeHack vulnerability,” revealed Check Point researchers.

Investigation of the app and backend platform was made possible after installation of the app on a rooted phone and utilizing debugging tools. When the anti-root and SSL pining mechanisms were bypassed, it became possible to intercept the app’s traffic, and this helped in the creation of an LG account. Now it was not a big deal to log in to the app.

Afterwards, researchers analyzed the login process and identified that there wasn’t any direct link between the authentication request through which user credentials were identified and the creation of username based signature, which generated the access token for the user account.

Therefore, it was identified that attacker could use his username to bypass the authentication process and then switch to the victim’s username to get the access token and this is how the login process can successfully be completed. This is termed as the HomeHack vulnerability by Check Point researchers in their blog post. “By exploiting the HomeHack vulnerability, the attacker could take over the victim’s account and control his smart LG devices,” researchers noted.

Check Point identified the vulnerability on July 31st, 2017 and LG immediately fixed the issue in its SmartThinq app by the end of September and the company has urged users of LG smart appliances to update to the app v1.9.23 version, which can be downloaded from Google Play Store or Apple’s App Store. On the other hand, to update smart home physical devices, click on the smart home product option available on SmartThinq app Dashboard.

Researchers hack vacuum cleaner; turn it into perfect spying device

Targeted LG Robot Vacuum Cleaner

[q]Hackers can Compromise LG SmartThinq App to Convert LG Smart Home Devices into Spying Gadgets.[/q]

According to Check Point’s products vulnerability research head Oded Vanunu, with the advancements in hacking capabilities, cybercriminals are shifting their focus more on hacking individual devices through exploiting software flaws. This would eventually affect user’s homes and result in leaking of sensitive user data.

This is why it is important that users beware of the “security and privacy risks” associated with using IoT devices and robust security mechanisms must be employed to ensure that software and devices both remain protected from unauthorized access and manipulation, stated Vanunu.

Watch the demonstration below:

[fullsquaread][/fullsquaread]

  • Tags
  • hacking
  • Infosec
  • internet
  • IoT
  • LG
  • Privacy
  • security
  • Spying
  • Surveillance
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article EternalRomance NSA Exploit a Key Player in Bad Rabbit Ransomware Mayhem
Next article iPhone apps can access cameras to secretly take photos and record videos
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
A hacker claims to be selling sensitive data from OTP generating firm

A hacker claims to be selling sensitive data from OTP generating firm

2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
A hacker claims to be selling sensitive data from OTP generating firm
Hacking News

A hacker claims to be selling sensitive data from OTP generating firm

1-click code execution vulnerabilities in popular software apps
News

1-click code execution vulnerabilities in popular software apps

2021 and Emerging Cybersecurity Threats
Security

2021 and Emerging Cybersecurity Threats

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us