Researchers at the University of Michigan have discovered several security flaws in Samsung’s SmartThings Internet of Things consumer platform, allowing them to hack into the platform’s automation system and gain control over a user’s home system.
While they did not really reveal a lot of specific details, Craig Young, Cybersecurity Researcher for Tripwire says,
“One issue might be some 3rd party apps for Android that are not properly using SSL leading to intercepted OAUTH tokens. The other aspect of this research addresses questions of developer trust as they showed that they could write a battery check app with hidden malicious functionality. This is a very serious problem across the industry as software development moves from big firms with reputations at risk to somewhat anonymous developers sometimes with minimal legal exposure.”
“One way to limit exposure to these risks could be to use scanning technology to enumerate what device functionality is accessed on an app and compare whether it makes sense with the stated purpose of the app. Unfortunately attackers can still circumvent this logic somewhat by carefully selecting the advertised functionality of a malicious app. Another option is to request permission from users each time a sensitive operation is to be performed but this can become an annoyance and may hinder productivity.”