Mobile App Flaw Allows Hackers To Control Smart Home Devices and Spy on Owners

By Nicholas West

As people begin acquiring greater numbers of smart tech gadgets to manage their lives and homes, each one of these items is being revealed as an open invitation to be spied upon.

We’ve heard about vulnerabilities being exposed in children’s toys, baby monitors, smart TVs, smartphones and smart meters, to name a few. A look at the graphic below illustrates a potential reality for full-spectrum hacking that makes one episode from Mr. Robot not seem fantastical in the least.

Often it is not the software of the products themselves, but the third party apps and programs that also are used to operate these systems.

Tech giant LG is the latest to be alerted by private researchers of a major vulnerability that could have allowed hackers to take over their line of smart home products including all major appliances, air conditioners and even the camera embedded in smart vacuum cleaners that also supposedly serves as home security.

Motherboard reports how the flaw was discovered, as well as the stunning ease with which anyone could have gained remote access simply by using an e-mail address:

The flaw was found by researchers from Check Point in the user authentication process between the SmartThinQ mobile app and LG’s back-end platform. This application allows users to remotely control different functions of their appliances, including turning them on and off. For example, users can preheat their oven or start their AC unit before they get home, can check their smart refrigerator’s inventory before stopping by the supermarket or can see when their washing machine finished a cycle.

The flaw, which Check Point dubbed HomeHack, was privately reported to LG in July and was quietly patched at the end of September. It enabled attackers to easily hijack people’s SmartThinQ accounts and gain control over their linked devices by knowing only their email addresses.

To pull off the attack, hackers would have needed to modify LG’s app on their own device in order to disable some security checks and then manipulate the log-in process to use the victim’s username—their email address—instead of their own, the Check Point researchers said in a report released today. This process did not require the victim to click on anything, nor would it have alerted them of any suspicious activity.

(Emphasis added)

The researchers’ video can be viewed below which offers up exactly what a hacker might see as they enter your home through a smart device:

Fortunately, it doesn’t appear that any actual hacks have taken place on the millions of smart devices that LG has sold, but it is a bit disconcerting that they were alerted many months ago and made a patch without notifying the public of possible intrusion.

One has to wonder how many other issues are being continuously discovered without our knowledge and what level of exposure is being purchased in the name of convenience and security. If we have learned anything thus far in the pursuit of an Internet of Things: the more problems we look for, the more we find.

Nicholas West writes for He also writes for Counter Markets agorist newsletter. Follow us at Twitter and Steemit.

This article may be freely republished in part or in full with author attribution and source link.

Also Read: Smart Devices Are Snitching on Owners and Rewriting the Criminal Justice System

Top image credit: Pixabay

Hat Tip: MassPrivateI

Activist Post Daily Newsletter

Subscription is FREE and CONFIDENTIAL
Free Report: How To Survive The Job Automation Apocalypse with subscription

3 Comments on "Mobile App Flaw Allows Hackers To Control Smart Home Devices and Spy on Owners"

  1. Simple to stop, and to make those domestic enemies of our nation who believe that they can do whatever they want against the American people find out they cannot, do NOT own any of those devices. IF it is a “Smartanything” do NOT buy it, do not receive it as a gift – refuse politely, etc.

    • Not that easy if you already have smart electric,water,gas meters on your house. Just try to get them removed. Also the new facial recognition drones, lamppost spying devices & TSA biometrics is destroying our privacy & leaving us open to identity theft & wrongful arrest. Guess they just want us to stay home & keep us isolated.

  2. I install this stuff for a living. I won’t have any of it in my home.

    So called “smart” devices are anything but. There is absolutely no security built into any of them.

Leave a comment

Your email address will not be published.