• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 15th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Hacking News » Researchers hack vacuum cleaner; turn it into perfect spying device

Researchers hack vacuum cleaner; turn it into perfect spying device

October 27th, 2017 Waqas Hacking News, Security 0 comments
Researchers hack vacuum cleaner; turn it into perfect spying device
Share on FacebookShare on Twitter

According to the findings of Check Point researchers, there is a vulnerability in the LG smart home infrastructure through which hackers can take full control of an authentic user account and later remotely hijack LG SmartThinq home appliances including refrigerators, dryers, dishwashers, microwaves and robotic vacuum cleaners. When a user leaves any of these devices switched on or off, cybercriminals get the perfect opportunity to convert them into real-time spying devices.

To prove their point, Check Point researchers demonstrated how a hacker could turn LG Hom-Bot vacuum cleaner into an espionage gadget. This was made possible through taking control of the integrated video camera installed inside the device. They disassembled the Hom-Bot to locate the Universal Asynchronous Receiver/Transmitter (UART) connection and when it was discovered that they could manipulate it to acquire access to the file system. Once the main process was debugged, they started looking for the code that initiated communication between the Hom-Bot and the SmartThinq mobile app.

“This is when we had the idea to investigate the SmartThinQ application – leading to the discovery of the HomeHack vulnerability,” revealed Check Point researchers.

Investigation of the app and backend platform was made possible after installation of the app on a rooted phone and utilizing debugging tools. When the anti-root and SSL pining mechanisms were bypassed, it became possible to intercept the app’s traffic, and this helped in the creation of an LG account. Now it was not a big deal to log in to the app.

Afterwards, researchers analyzed the login process and identified that there wasn’t any direct link between the authentication request through which user credentials were identified and the creation of username based signature, which generated the access token for the user account.

Therefore, it was identified that attacker could use his username to bypass the authentication process and then switch to the victim’s username to get the access token and this is how the login process can successfully be completed. This is termed as the HomeHack vulnerability by Check Point researchers in their blog post. “By exploiting the HomeHack vulnerability, the attacker could take over the victim’s account and control his smart LG devices,” researchers noted.

Check Point identified the vulnerability on July 31st, 2017 and LG immediately fixed the issue in its SmartThinq app by the end of September and the company has urged users of LG smart appliances to update to the app v1.9.23 version, which can be downloaded from Google Play Store or Apple’s App Store. On the other hand, to update smart home physical devices, click on the smart home product option available on SmartThinq app Dashboard.

Researchers hack vacuum cleaner; turn it into perfect spying device

Targeted LG Robot Vacuum Cleaner

[q]Hackers can Compromise LG SmartThinq App to Convert LG Smart Home Devices into Spying Gadgets.[/q]

According to Check Point’s products vulnerability research head Oded Vanunu, with the advancements in hacking capabilities, cybercriminals are shifting their focus more on hacking individual devices through exploiting software flaws. This would eventually affect user’s homes and result in leaking of sensitive user data.

This is why it is important that users beware of the “security and privacy risks” associated with using IoT devices and robust security mechanisms must be employed to ensure that software and devices both remain protected from unauthorized access and manipulation, stated Vanunu.

Watch the demonstration below:

[fullsquaread][/fullsquaread]

  • Tags
  • hacking
  • Infosec
  • internet
  • IoT
  • LG
  • Privacy
  • security
  • Spying
  • Surveillance
  • Technology
  • Vulnerability
Facebook Twitter Google+ LinkedIn Pinterest
Previous article EternalRomance NSA Exploit a Key Player in Bad Rabbit Ransomware Mayhem
Next article iPhone apps can access cameras to secretly take photos and record videos
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

Plundervolt: A new attack on Intel processors threatening SGX data

Plundervolt: A new attack on Intel processors threatening SGX data

2.7 billion email addresses & plain-text passwords exposed online

2.7 billion email addresses & plain-text passwords exposed online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Popular forms of cybercrime you should be aware of
Cyber Crime

Popular forms of cybercrime you should be aware of

502
70% of the entire US population is now on Facebook
Technology News

70% of the entire US population is now on Facebook

334
Hundreds of counterfeit branded shoe stores hacked with web skimmer
Cyber Crime

Hundreds of counterfeit branded shoe stores hacked with web skimmer

313
NGINX office in Moscow raided by police
Cyber Events

NGINX office in Moscow raided by police

1383

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us