Thinking of getting a Samsung SmartSmartThings Home system installed to secure your home? You may want to rethink and take a look at what a group of computer scientists have discovered related to the security system that can allow potential hackers to gain access to your house.
The researchers from the University of Michigan discovered critical vulnerabilities in Samsung's SmartThings automation systems, that allowed them to open electronic locks, change the smart home's vacation settings, and even set off a house's fire alarm with false messages.
The security flaw stems from the system's alleged complacency to malicious apps that take control of the SmartThings app and hence allow access to these devices. The researchers call this "Overprivilege" which is a security design flaw wherein an app gains access to more operations on protected resources than it requires to complete its claimed functionality.
In this instance two forms of overprivilege for SmartThings were reportedly found. Combining the both the scientists concluded that 42% of the existing SmartApps in the Smart Home system are Overprivileged thus leaving a huge window at risk for a potential hack.
A blog also details what the specific areas are that are most vulnerable:
- Secretly planted door lock codes
- Existing door lock codes
- Disabled vacation mode of the home
- Fake fire alarms
When questioned as to why the team chose Samsung's system in particular they said: " We analysed Samsung-owned SmartThings because it has the largest number of apps among currently available smart home platforms, and supports a broad range of devices including motion sensors, fire alarms, and door locks." The University of Michigan and SmartThings are now working together to fix these vulnerabilities.