Researchers at Cisco’s security unit Talos have identified a total of twenty vulnerabilities in Samsung’s SmartThings controller. The South Korean manufacturer has since released patches that are applied automatically.
Talos researchers describe their findings in a blog post. In it they mention, among other things, that the leaks have now been reported to Samsung and that the manufacturer has released patches this month. According to the researchers, these are different types of vulnerabilities, which can be used in combination to gain access to the Hub, which acts as a home automation controller. The seriousness of the vulnerabilities should therefore be viewed in relation to each other, because the vulnerabilities can be combined via chaining.
For example, they found leaks that allow remote code execution, even without authentication. The latter scenario only occurs if the attacker can get a user of the Hub to install a malicious app in the form of a so-called SmartApp. Other possible attack vectors include intercepting a valid OAuth token or masquerading as a SmartThings server.