Navigate
  • Rene Millman On October 30, 2017, 12:06 pm

Homehack could turn LG appliances into spy kit for cyber criminals

(Credit: LG)

Check Point researchers warn that criminals could turn vacuum cleaners and dishwashers from LG into equipment for espionage. 

Researchers at IT security company Check Point have found a security flaw in SmartThinQ, the smart home software from South Korean consumer electronics company LG. This, they claim, could enable hackers to take over internet-connected devices such as refrigerators, ovens, dishwashers, air conditioners, dryers, and washing machines. They have outline their findings in a detailed blog post.

Dubbed ‘HomeHack’, the flaw can even take control of an in-built security camera mounted on LG’s Hom-Bot vacuum cleaner, which doubles up as a home security device. When Hom-Bot detects movement in the home, an alert is sent to the homeowner’s smartphone, who can then switch on the Hom-Bot’s camera.

“However, this camera, in the case of account takeover, would allow the attacker to spy on the victim’s home, with no way of them knowing, with all the obvious negative consequences of invasion of privacy and personal security violation,” write Check Point’s researchers.

Read more: Smart home device metadata offers hackers insight into residents’ habits

Security flaw in login app

Researchers found the flaw residing in the login process; that is, when users sign into their accounts on the LG SmartThinQ app. Hackers would need to recompile the LG application on the client side, in order to bypass security protections.

“This enables the traffic between the appliance and the LG server to be intercepted. Then, the would-be attacker creates a fake LG account to initiate the login process,” says Check Point’s researchers.

By manipulating the login process and entering the victim’s email address instead of their own,  they explain, it is possible to hack into the victim’s account and take control of all LG SmartThinQ devices owned by the user.

Check Point said the flaw highlights the potential for smart home devices to be exploited, either to spy on home owners and residents and to steal data, or to use devices as staging posts for further attacks, such as spamming, denial of service attacks (as seen with the giant Mirai botnet in 2016) or spreading malware.

The researchers urge users of LG products to download the latest software updates from the LG website.

Read more: Smart home security could be targeted by hackers

Rene Millman: Rene Millman is a freelance writer and broadcaster who covers IoT, mobile technology, cloud, and infrastructure. In the past, he has also worked as an analyst for both Gartner and IDC. He has made numerous television appearances discussing the technology trends and companies that shape our lives.
Related Post
  1. Augmented Reality in Manufacturing

    Augmented reality (AR) refers to the combination of real and virtual worlds (computer-generated). A real…

  2. Quality 4.0 Takes More Than Technology

    According to a recent report from Boston Consulting Group (BCG), “Quality 4.0 Takes More Than…

  3. AI Innovation in Manufacturing, Robotics, New Apps on Display at CES

    AI was showcased in many areas at the recent CES trade show in Las Vegas,…