Bug in Mobile App Lets Hackers Take Control of LG Smart Devices

A reader shares a BleepingComputer report: LG Electronics has avoided a security disaster this summer after it worked with security researchers to patch a vulnerability in the mobile app that customers are using to control a breadth of LG smart home devices. The vulnerability affects the LG SmartThinQ app used to control all of LG's "smart" home appliances, a list that includes devices such as smart ovens, vacuums, dishwashers, refrigerators, washing machines, dryers, air conditioners, and more. The flaw was discovered by security researchers from Israeli firm Check Point, who reported the problem to LG technicians. According to researchers, an attacker would have been able to hijack the authentication process that occurs between the SmartThinQ app and LG's servers. The attacker could have been able to take over a user's account and control devices in the user's home, and paired with the user's profile. For example, attackers could have overheated ovens, altered a home's temperature via AC units in a Mr.Robot-style hack, or spied on users via camera-enabled devices.

What happens in 10 years?

[sinij]

What happens in 10 years, when some of these appliances are still working, still connected? Is LG going to continue issuing security patches?

Re: What happens in 10 years?

[Anonymous Coward]

Yeah sure they will issue patches... that will brick the machine.

Someone should start a replacement board service to redumb the smart devices.
All the hardware is there you just need a controller that doesn't have unnecessary features.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[fizzer06]

Latest irresistible buzzword is "blockchain". I has to hab it.

Re:

[olsmeister]

Refrigerators are the same way. They've reduced the warranties down to a year or two, they used to be much longer. They're basically disposable.

Re:

[Desler]

How is it BS? Case in point, DRAM price fixing between 1998-2002 where 12 manufacturers colluded to raise prices and no one popped up like you claim to sell things at a lower price and “take the whole market.” And there are plenty of other examples of price-fixing cartels that saw no such competition.

Re:

[Desler]

And before you try to claim otherwise, said price fixing only stopped because anti-trust charges were brought against them not because they felt bad for what they did or a new competitor rose up.

Re:

[Desler]

Also, most people are simply choosing the cheapest shit they can find so there’s also no incentive to create anything of lasting build quality. Cheap, replaceable junk is the standard these days. It’s also how you satisfy Wall Streets’ demand for infinite growth.

Re:

[plover]

When my grandmother passed about 20 years ago, the family got together to empty the house to sell it. We loaded her old refrigerator on to a truck, and hauled it to the dump (where the guy helping unload it from the truck commented that it was still cold!) On the back was the date of manufacture: 1941. That thing had kept food cold for nearly 60 years.

And you know what? That old fridge was so inefficient that it cost her far more on her electricity bill than if she had thrown it away in 1980 and bought

Re:

[sinij]

We said the same thing about Social Media, and look where we are now.

Re:

[Desler]

Or you have more money than brains.

Re:

[Desler]

I would be surprised if they issued updates 2 years after the product first came out.

Re:

[Aighearach]

I would be surprised if they issued updates 2 years after the product first came out.

Like Saint Ignucius said, if a device can't be updated you don't have to worry about software freedom.

Re:

[Aighearach]

I don't regret buying an LG, but I'm sure glad I bought the "dumb" model, even if I had to open it up and install my own headphone jack. (The dumb models are sold mostly for business use as wall displays, so they have a 3.5mm jack but hook it up to serial wired remote control interface)

Thanks to HDMI, anything internet connected I can run on a computer and still display on the TV. Thanks to PulseAudio it is super easy to switch a running audio source to the HDMI too, so I don't even have to restart anything

Sounds like the writers over at "Silicon Valley"..

[dr_canak]

Sounds like the writers over at "Silicon Valley" were already were aware of this. Wasn't it this last season that involved the hacking of intelligent refrigerators that saved the day?

Coincidence? I think not ... ;-)

Hmm

[kelemvor4]

Does this include the Pixel2 XL?

BFD

[Lije Baley]

People ARE getting wiped out this year, every year, by nature - Floods, Fires, Squirrels (hacking our power grid), etc. Shove off with all your "some vuln (say it short so you sound cool) COULD do something" hysteria. SO MUCH SECURITY FATIGUE - you are undermining your own cause. Next time, STOP, and think first about real risk, relative risk, cost vs. benefit, before you make your next grand proclamation about security. The level of insularity and hubris in the security community must be peaking soon.

Here's the basic though

[XSportSeeker]

Don't buy into IoT, smart appliances, and this absurd need to connect everything to the Internet or the cloud. Let go of the hype, apply critical reasoning, and don't connect more than what's strictly necessary. Don't trade the potential for a future catastrophe inside your home, or the complete erosion of privacy, just because you think you absolutely need minor conveniences.

Hate me all you want, but I need to be clear on this. Given the current security landscape, the constant hacks, the constant reveals