LG SmartThinQ, the mobile app that connects and controls smart home appliances made by LG Electronics, has been vulnerable. HomeHack vulnerability allowed potential attackers to spy on users via Hom-Bot vacuum’s video camera, or to play around with washing machines and dishwashers, turning them on or off.
Luckily, Check Point’s research team discovered HomeHack. It notified LG Electronics of this on July 31st. Nearly 2 months later, on September 29th, LG rolled out the updated 1.9.20 version of the software, eliminating the threat.
The problem lied in the login process of SmartThinQ app. CheckPoint was able to bypass security protections by making changes to and subsequently recompiling the application, then log in with a fake account, but using the victim’s email address. It gave them remote access to all the connected devices.
Why is HomeHack important?
The amount of connected IoT devices grows by the minute. More customers acquire them and more engineers and manufacturers constantly create new ones. Supply and demand, right?
We would rather see the cake stay in the oven a little longer, though. In many cases, IoT devices are being sold before their security is developed to a high enough standard. At some instances, it’s missing completely.
LG was able to fix their app. But more than 1 million Hom-bot units have been sold, and there was a window of opportunity for hackers to strike. Updating an app is easy and fast. However other IoT devices might need a firmware update in cases likes this, which a lot of users will ignore. It is important to educate ourselves about these threats and do our part as users too.
What should you do?
First of all, remember, that with every new device and app you purchase and install, you add another possible vulnerability to your home network. It is not only bringing you comfort and entertainment or solves a problem, so stay vigilant.
In this case, the best thing one can do is update not only the app itself but also Smart Home devices’ firmware (how to update them, you can find in manufacturer’s instructions or from LG website).
It is also advised to secure your home WiFi and change its password to protect your homes further. And without being too paranoid, users should pay attention to any weird or unexplained behavior of gadgets at home.
You could do that yourself, or you could let us protect your smart devices for you. Get CUJO AI internet security device and join a community of people that are sure about the security of your devices.
Take a look at our Amazon page 650+ reviews that average on 4.5 stars.