Users of Samsung’s SmartThings Hub have been advised to update the device’s firmware after 20 vulnerabilities were found that could allow an attacker to gain remote control of smart home devices.
Researchers from Cisco Talos uncovered a long list of vulnerabilities in the hubs, which are used as central controllers for internet of things devices in smart homes.
Connected things typically include smart plugs, smart light bulbs, thermostats, security cameras and more.
The hub is designed so that the smart home owner can “remotely connect to and manage these devices using a smartphone”.
However, the vulnerabilities in the hub can allow an attacker to gain remote control of the connected devices instead.
“The discovered vulnerabilities could be leveraged to give an attacker the ability to obtain access to this information, monitor and control devices within the home, or otherwise perform unauthorised activities,” the researchers said in a blog post.
“Some example scenarios [could include] smart locks controlled by the SmartThings Hub [being] unlocked, allowing for physical access to the home; cameras deployed within the home could be used to remotely monitor occupants” and attackers causing physical damage to appliances.
The researchers said the vulnerabilities vary in the ease with which they can be exploited and in the level of access and control that a breach would grant an attacker.
“In isolation, some of these might be hard to exploit, but together they can be combined into a significant attack on the [hub] device,” they said.
Talos recommended that users update hubs as quickly as possible, though it noted that Samsung is also pushing updates out automatically, meaning that most users won’t need to download the patches themselves.
However, “it is important to verify the updated version has actually been applied to devices to ensure that they are no longer vulnerable”, the researchers said.