Home Appliances Left Vulnerable With Security Flaw Found In LG IoT Software – ZMR Blog
Trending News & Updates

Home Appliances Left Vulnerable With Security Flaw Found In LG IoT Software

Home Appliances Left Vulnerable With Security Flaw Found In LG IoT Software

The software has been updated by LG after the security researchers identified a bug that enabled them to achieve command over devices such as dishwashers, ovens, refrigerators, and even gain the live feed through a robot vacuum cleaner.

The vulnerability named HomeHack infects potentially several LG SmartThinQ home appliances. The professionals at the Check Point unearthed the bug when they found that the cloud application and mobile apps linked to the IoT devices enabled them to achieve command remotely over the connected appliances. The team revealed a flaw in the authentication process & mobile app and the means through which it interrelates with the LG infrastructure between the devices and apps.

Altogether, there are 4 phases in the procedure, specifically, an authentication request that validates user records, a signature request that generates a username-based signature from an authentication application, a token request that utilizes the signature reply as a heading and username as factor to obtain an access token for the customer account, which is then conveyed to allow the login request to occur.

It was found that there was no direct reliance between the authentication request and the token or signature request, eventually permitting attackers to structure a bogus username and utilize it to capture a valid LG account and achieve command over the appliances. All invaders require to attack the device of a particular person is their email address. It is possible to change the settings on the hacked devices or also can be turned off or on.

LG Google Home

Check Point’s head of products vulnerability research, Oded Vanunu, said, “As there is a rise in the use of smart devices in the home, attackers will budge their spotlight to hacking the applications that control systems of devices instead of targeting individual devices. This offers cyber criminals with yet more chances to use software faults, cause trouble in homes of the users and gain entry to their sensitive information.”

The vulnerability only affected the LG SmartThinQ ecosystem; the professionals said that it would not be likely for hackers to use the fault to access the non-LG devices on the ecosystem.

Manager of the Smart Development Team, LG Electronics, Koonseok Lee, said, “The security system has been mow functioning issue-free and smoothly on the updated 1.9.20 version. LG Electronics intends to carry on fortifying its software security systems and effort with cyber-security solution providers such as Check Point to offer secure and more expedient appliances.”

To make certain that their devices cannot be distantly compromised, the customers have to update to the most recent software versions of the apps and the appliances.

Leave A Reply

Your email address will not be published.