“A smoke detector that sends you a text alert when your house is on fire seems like a good idea. An internet-connected door lock with a PIN that can be programmed from your smartphone sounds convenient, too,” Andy Greenberg reports for Wired. “But when a piece of malware can trigger that fire alarm at four in the morning or unlock your front door for a stranger, your ‘smart home’ suddenly seems pretty dumb.”
“one group of researchers at the University of Michigan and Microsoft have published what they call the first in-depth security analysis of one such ‘smart home’ platform that allows anyone to control their home appliances from light bulbs to locks with a PC or smartphone,” Greenberg reports. “They discovered they could pull off disturbing tricks over the internet, from triggering a smoke detector at will to planting a ‘backdoor’ PIN code in a digital lock that offers silent access to your home, all of which they plan to present at the IEEE Symposium on Security and Privacy later this month.”
“The Microsoft and Michigan researchers focused their testing on Samsung’s SmartThings platform, a networked home system that’s in hundreds of thousands of homes, judging by Google’s count of downloads of its Android app alone,” Greenberg reports. “In a statement, a SmartThings spokesperson said that the company had been working with the researchers for weeks ‘on ways that we can continue to make the smart home more secure,’ but nonetheless downplayed the severity of their attacks… The researchers say, however, that their attacks would still work today as well as they did when they first approached SmartThings; neither the Android app they reverse engineered to exploit the SmartThings authentication flaw nor the privilege overreach flaw itself has been fixed.”
Read more in the full article here.
MacDailyNews Take: Now, to be fair, this only because there are those who’ll waste their money on half-assed Samsung crap. “SmartThings.” From Samsung? Puleeze.
Samsung. StupidThings for StupidPeople™.
SEE ALSO:
Elgato Eve connected-home system: Elegant design and operation with HomeKit compatibility – February 16, 2016
Honeywell announces ‘Lyric Round’ smart thermostat with Apple HomeKit integration – January 5, 2016
Apple HomeKit-compatible thermostat Ecobee closes in on Google’s Nest – September 28, 2015
Apple pulls Google’s Nest thermostat from stores with launch of HomeKit-compatible Ecobee 3 – July 23, 2015
First Apple-certified HomeKit-compliant devices launch – June 2, 2015
Google engineer trashes Tony Fadell’s precious Nest smoke alarm – February 19, 2015
With HomeKit and Honeywell’s Lyric, a Nest acquisition by Apple would have been foolish – June 18, 2014
Will Apple’s Internet of Things vision hurt a beautiful idea? With HomeKit, Apple promises easy home automation – June 6, 2014
Smart thermostat war heats up as Apple-partner Honeywell takes aim at Google’s Nest – June 13, 2014
Honeywell takes dead aim at Google’s Nest with new iPhone-compatible Lyric smart thermostat – June 10, 2014
Google to SEC: We could serve ads on thermostats, refrigerators, car dashboards, and more – May 21, 2014
Dead to me: Apple’s Schiller ‘unfollows’ Tony Fadell and Nest after Google acquisition – January 18, 2014
[Thanks to MacDailyNews Reader “Edward W.” for the heads up.]
There must be at least one government out there that is drooling at the prospects of increasing their online spying, sabotage and other dehumanizing efforts thanks to these devices though they might have to ask the companies that manufacture them to provide them with back doors but I’m sure they won’t mind stooping that low, it’s not as if it’s new them.
it’s all according to plan.
Samsung also owns a large subdivision:
“Samsung Fire and Marine Insurance’.
Make sure you buy insurance with your smoke alarms.
https://en.wikipedia.org/wiki/Samsung_Fire_%26_Marine_Insurance
IMAGE from Samsung Insurance Ad:
samsung’s new ad tagline:
“Don’t worry if we infect your smoke alarms and completely wreck them , just buy Samsung Fire Insurance !”
sent to all downloaders 10 days after they have downloaded their malware, opps.. app.
Is this satire or for realz? Should I laugh or cry?
Samsung actually owns the Insurance company as far as I can tell and that pix is from an ad from that company (according to a blog). the rest is ‘imaginative interpretation’ .
From what I gather the fire alarms still work except they can give false alarms , so Samsung if they actually sold insurance to those people probably wouldn’t be a jeopardy paying out from too many properties burning down! but I figure all those false alarms might kick people in the ass to buy insurance (or buy more)….
OMF what a setup.
The joy of bashing Samsung aside, this is why the Internet of things is a bad idea.
Theoretically, IOT could be security hardened to be unhackable as long as some ‘Luser’ isn’t social engineered into allowing in malware. Sadly, the Luser Factor is turning out to be profound all over the world, right on up to the top of business management. (o_0) I have no idea how to harden wetware security beyond training/education.
I am SO surprised! /s
ScamScum is so fscking stupid!
But to be fair, almost the ENTIRE IOT (Internet of Things) is outrageously insecure to the point of insanity. It’s plain old lack of responsibility for the technology they foist on their victim customers.
Oh look: Takata blew out the record for recalled defective devices! We’re going to see similar nightmares of defective IOT devices. ScamScum is just one of many irresponsible purveyors of CRAP technology.
Sam-Dung
New PR ad tagline for Samsung: SAMSUNG, OUR TECHNOLOGY WILL BE THE DEATH OF YOU – SOONER OR LATER.”
The thing that annoys me with this is that it allows certain people tho say “I tried it, but it doesn’t work too well” and then assume that Apple’s version is just as flawed. We had this with fingerprint readers.
I recently mentioned something similar with somebody who hates TrackPads because the ones he’s used on Windows laptops were rubbish, so therefore all TrackPads must be rubbish. I showed him a succession of my Apple laptops going right back to a twenty tear old Powerbook 1400c and he conceded that they all had pretty decent TrackPads. He was pretty amazed to see that the 1996 era PB 1400 TrackPad was better than some recent laptops that he’s used.
He was even more amazed to see a twenty year old laptop instantly start up when the lid was opened and working while using the original battery ( for 10-15 mins anyway – but you wouldn’t want to use it for that long these days as it’s so S-l-o-w with it’s 133 MHz PPC 603e ).