The discovery this week of a security vulnerability within SmartThinQ, a technology touted by LG for automating communication with its range of home appliances and devices, has reinforced the risks of remote Internet of Things (IoT) takeover as attackers progressively master new methods of attacking increasingly smart devices.
LG’s SmartThinQ is a framework for communication between devices that enables them to, among other things, be controlled by smartphone apps or by voice through integration with emerging smart-home devices such as Amazon Alexa and Google Home. It has been built into a range of LG refrigerators, ovens, dishwashers, air purifiers, washing machines, dryers, and robotic vacuums.
Weaknesses in the core software, which were named ‘HomeHack’ and disclosed by Check Point Software Technologies researchers to LG on 31 July, allowed an attacker to create a fake LG account, then use this to take over the account of a legitimate user that would provide access to all of their appliances.