Samsung’s SmartThings hub suffered from 20 vulnerabilities that could have allowed attackers to control the internet-of-things devices connected to it. Thankfully, security intelligence firm Cisco Talos discovered the flaws and worked with the Korean company to resolve the issues, allowing Samsung to release a firmware update that patches them for all affected customers. Talos admits in its report that some of the vulnerabilities would’ve been difficult to exploit, but attackers can combine several at once to launch a “significant attack on the device.”
While the hub may not have access to credit card and bank account numbers, hackers could have taken advantage of the flaws to disable smart locks and gain physical entry to people’s homes, for instance, or to take command of nanny cams and CCTVs to monitor a house’s occupants or an establishment’s activities. They could’ve used the flaws to disable motion and alarm systems or even to damage appliances connected to the hub.
Despite the multiple vulnerabilities, Talos praised the company for working to resolve the situation after being informed. Craig Williams, Director of Cisco Talos Outreach, told ZDNet that Samsung “did a lot of things right and should be commended for the way [it] designed [its] devices to be easily updated.” He added “Every piece of software from every vendor has bugs if you look closely enough.” A Samsung spokesperson also told the publication that it had already released an automatic update to fix all the flaws Talos found and “all active SmartThings Hub V2 devices in the market are updated to date.”