Cisco’s Talos cybersecurity experts reported 20 vulnerabilities in the Samsung SmartThings Hub. Talos didn’t publicize the widespread weaknesses until after Samsung readied a firmware update for SmartThings customers.
The Samsung SmartThings Hub plays a central role for other SmartThings components including thermostats, cameras, light bulbs, smart plugs, motion detectors and more.
The threat also extended beyond Samsung’s smart home devices. The SmartThings Hub runs on Linux-based firmware that enables interoperability with other Internet of Things (IoT) smart home devices via Ethernet, Zigbee, Z-Wave, and Bluetooth connections. In other words, anyone who exploited the Hub’s weaknesses could potentially control all connected electronic devices in the home.
Other smart home vulnerabilities
- Could this Z-Wave vulnerability put millions of smart home devices at risk?
- Are smart cities as safe as we think they are? Security experts say not yet
- New guidelines to protect smart home devices from botnets and privacy invasion
Talos cybersecurity experts noted, “In total, Talos found 20 vulnerabilities in the Samsung SmartThings Hub. These vulnerabilities vary in the level of access required by an attacker to exploit them and the level of access they give an attacker. In isolation, some of these might be hard to exploit, but together they can be combined into a significant attack on the device.”
Some of the potential threat scenarios exposed because of the Hub vulnerability include:
- Unlocking doors protected with smart locks
- Disabling motion detectors and security cameras
- Damaging appliances connected to smart plugs
Regarding the exploit and the subsequent firmware update, Samsung responded by email to GearBrain, “Samsung takes security very seriously, and our products and services are designed with security as a priority. We are aware of the security vulnerabilities for SmartThings Hub V2 and released a patch for the automatic update to address the issue. All active SmartThings Hub V2 devices in the market are updated to-date.”
How to check your Samsung SmartThings Hub firmware version
Samsung pushes out over-the-air (OTA) software and firmware updates to active devices, but it’s always a good idea to check on your own to confirm that nothing interfered with the update.
You can check your SmartThings Hub’s firmware version in three ways: The SmartThings mobile app, the SmartThings Classic app, and the SmartThings web console.
Once you have opened either of the apps or logged in to the website, click on Hub or Hubs and then check the Firmware Version field.
