A vulnerability detected in LG Electronics smart-home series devices provides an open access and control of every network-connected appliance. These potentially vulnerable appliances include refrigerators, dishwashers, dryers and washing machines, air conditioners, vacuum cleaners, ovens and more.
Security experts at CheckPoint detected the HomeHack flaw – millions of LG SmartThinQ consumer devices were exposed to the risk of open access and unauthorized remote control.
How could it happen? According to experts, the problem was discovered in LG SmartThinkQ mobile application and cloud application. These vulnerabilities enable cybercriminals to log in and take over the victim’s legitimate LG account. In this case, hackers become able to access and control smart home appliances, such as a refrigerator and its video camera.
Thus, after logging in to the legitimate LG account, the user is able to access any device in a home network and take over a complete control of it.
In other words, malicious actors and cybercriminals can spy on consumers via the integrated video camera. This camera transmits live video to the LG SmartThinQ mobile application which is associated with the smart-home network as HomeGuard Security.
In addition, hackers also are able to control the compromised device, for example, turn off and on the dishwasher or dryer.
According to Oded Vanunu, head of products vulnerability research at Check Point:
As more and more smart devices are being used in the home, hackers will shift their focus from targeting individual devices to hacking the apps that control networks of devices. This provides cyber-criminals with even more opportunities to exploit software flaws, cause disruption in users’ homes and access their sensitive data. Users need to be aware of the security and privacy risks when using their IoT devices and it’s essential that IoT manufacturers focus on protecting smart devices against attacks by implementing robust security during the design of software and devices.
Once they were made aware of the issues, LG has patched the problems and encouraged its consumers to update their mobile apps.
Kooseok Lee, manager of Smart Development Team at LG announced:
As part of LG Electronics’ mission to enhance the lives of consumers worldwide, we are expanding our next-generation smart-home appliance lineup, while also prioritizing the development of safe and reliable software programs. Effective September 29th, the security system has been running the updated 1.9.20 version smoothly and issue-free. LG Electronics plans to continue strengthening its software security systems as well as work with cybersecurity solution providers like Check Point to provide safer and more convenient appliances.
In addition, we want to warn and remind you to protect your smart-home appliances and keep them up to date.