Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Bug in Mobile App Lets Hackers Take Control of LG Smart Devices (bleepingcomputer.com) 37

A reader shares a BleepingComputer report: LG Electronics has avoided a security disaster this summer after it worked with security researchers to patch a vulnerability in the mobile app that customers are using to control a breadth of LG smart home devices. The vulnerability affects the LG SmartThinQ app used to control all of LG's "smart" home appliances, a list that includes devices such as smart ovens, vacuums, dishwashers, refrigerators, washing machines, dryers, air conditioners, and more. The flaw was discovered by security researchers from Israeli firm Check Point, who reported the problem to LG technicians. According to researchers, an attacker would have been able to hijack the authentication process that occurs between the SmartThinQ app and LG's servers. The attacker could have been able to take over a user's account and control devices in the user's home, and paired with the user's profile. For example, attackers could have overheated ovens, altered a home's temperature via AC units in a Mr.Robot-style hack, or spied on users via camera-enabled devices.
This discussion has been archived. No new comments can be posted.

Bug in Mobile App Lets Hackers Take Control of LG Smart Devices

Comments Filter:
  • by sinij ( 911942 ) on Friday October 27, 2017 @11:03AM (#55444517)
    What happens in 10 years, when some of these appliances are still working, still connected? Is LG going to continue issuing security patches?
    • by Anonymous Coward

      Yeah sure they will issue patches... that will brick the machine.

      Someone should start a replacement board service to redumb the smart devices.
      All the hardware is there you just need a controller that doesn't have unnecessary features.

    • by Desler ( 1608317 )

      I would be surprised if they issued updates 2 years after the product first came out.

      • I would be surprised if they issued updates 2 years after the product first came out.

        Like Saint Ignucius said, if a device can't be updated you don't have to worry about software freedom.

    • I don't regret buying an LG, but I'm sure glad I bought the "dumb" model, even if I had to open it up and install my own headphone jack. (The dumb models are sold mostly for business use as wall displays, so they have a 3.5mm jack but hook it up to serial wired remote control interface)

      Thanks to HDMI, anything internet connected I can run on a computer and still display on the TV. Thanks to PulseAudio it is super easy to switch a running audio source to the HDMI too, so I don't even have to restart anything

  • Sounds like the writers over at "Silicon Valley" were already were aware of this. Wasn't it this last season that involved the hacking of intelligent refrigerators that saved the day?

    Coincidence? I think not ... ;-)

  • Does this include the Pixel2 XL?
  • People ARE getting wiped out this year, every year, by nature - Floods, Fires, Squirrels (hacking our power grid), etc. Shove off with all your "some vuln (say it short so you sound cool) COULD do something" hysteria. SO MUCH SECURITY FATIGUE - you are undermining your own cause. Next time, STOP, and think first about real risk, relative risk, cost vs. benefit, before you make your next grand proclamation about security. The level of insularity and hubris in the security community must be peaking soon.

  • Don't buy into IoT, smart appliances, and this absurd need to connect everything to the Internet or the cloud. Let go of the hype, apply critical reasoning, and don't connect more than what's strictly necessary. Don't trade the potential for a future catastrophe inside your home, or the complete erosion of privacy, just because you think you absolutely need minor conveniences.

    Hate me all you want, but I need to be clear on this. Given the current security landscape, the constant hacks, the constant reveals

news: gotcha

Working...