Security researchers recently disclosed a vulnerability that could have allowed hackers to take control of a number of smart appliances made by LG Electronics. The issue could have allowed attackers to turn appliances on or off remotely — or even to access a live video feed in a user’s home.
The security flaw was published by the researchers at Check Point. Dubbed the HomeHack vulnerability, the flaw could have allowed hackers to switch dishwashers and washing machines off or on, or most disturbingly, allowed live video access through the camera on LG’s Hom-Bot robotic vacuum cleaner.
The problem would have affected users of LG’s SmartThinQ appliances by giving hackers access to user accounts. The researchers noted that more than 400,000 customers bought a Hom-Bot in the first half of 2016, which could have made this issue not just invasive, but widespread.
Fortunately, all of these possible problems appear to have been avoided. Check Point claims they contacted LG in late July, and LG issued a security patch for the vulnerability in late September.
That’s still a two-month gap between being notified and fixing the issue, but LG Electronics seems confident in its solution. Koonseok Lee of LG Electronics told ZDNet that “Effective September 29th the security system has been running the updated 1.9.20 version smoothly and issue-free.”
Further details about the attack — including a demo of how it would work — can be found in Check Point’s blog post.
While smart appliance users seem to have dodged a bullet with this particular vulnerability, it still stands as a reminder that the Internet of Things (IoT) — including smart appliances — is susceptible to hackers. There are many fears about overall security issues involving IoT products, and this isn’t going to change any minds.
Companies need to do their part in staying on top of security holes, as do users of these products: make sure to check for software updates often, and update as much as possible.