According to the findings of Check Point researchers, there is a vulnerability in the LG smart home infrastructure through which hackers can take full control of an authentic user account and later remotely hijack LG SmartThinq home appliances including refrigerators, dryers, dishwashers, microwaves and robotic vacuum cleaners. When a user leaves any of these devices switched on or off, cybercriminals get the perfect opportunity to convert them into real-time spying devices.
To prove their point, Check Point researchers demonstrated how a hacker could turn LG Hom-Bot vacuum cleaner into an espionage gadget. This was made possible through taking control of the integrated video camera installed inside the device. They disassembled the Hom-Bot to locate the Universal Asynchronous Receiver/Transmitter (UART) connection and when it was discovered that they could manipulate it to acquire access to the file system. Once the main process was debugged, they started looking for the code that initiated communication between the Hom-Bot and the SmartThinq mobile app.
“This is when we had the idea to investigate the SmartThinQ application – leading to the discovery of the HomeHack vulnerability,” revealed Check Point researchers.
Investigation of the app and backend platform was made possible after installation of the app on a rooted phone and utilizing debugging tools. When the anti-root and SSL pining mechanisms were bypassed, it became possible to intercept the app’s traffic, and this helped in the creation of an LG account. Now it was not a big deal to log in to the app.
Afterwards, researchers analyzed the login process and identified that there wasn’t any direct link between the authentication request through which user credentials were identified and the creation of username based signature, which generated the access token for the user account.
Therefore, it was identified that attacker could use his username to bypass the authentication process and then switch to the victim’s username to get the access token and this is how the login process can successfully be completed. This is termed as the HomeHack vulnerability by Check Point researchers in their blog post. “By exploiting the HomeHack vulnerability, the attacker could take over the victim’s account and control his smart LG devices,” researchers noted.
Check Point identified the vulnerability on July 31st, 2017 and LG immediately fixed the issue in its SmartThinq app by the end of September and the company has urged users of LG smart appliances to update to the app v1.9.23 version, which can be downloaded from Google Play Store or Apple’s App Store. On the other hand, to update smart home physical devices, click on the smart home product option available on SmartThinq app Dashboard.
Hackers can Compromise LG SmartThinq App to Convert LG Smart Home Devices into Spying Gadgets.
According to Check Point’s products vulnerability research head Oded Vanunu, with the advancements in hacking capabilities, cybercriminals are shifting their focus more on hacking individual devices through exploiting software flaws. This would eventually affect user’s homes and result in leaking of sensitive user data.
This is why it is important that users beware of the “security and privacy risks” associated with using IoT devices and robust security mechanisms must be employed to ensure that software and devices both remain protected from unauthorized access and manipulation, stated Vanunu.
Watch the demonstration below:
