In a sense, one of the attacks depends on the user downloading a malicious app from the SmartThings store or clicking on a malicious link. Once a malicious application is downloaded, an attacker can effectively carry out a remote attack from anywhere in the world.
Understandably, Samsung has championed critical security issues, claiming that it is working with full knowledge of the issues and proactively fixing them.
Is it good enough? Or should Samsung, an international technology company, actively investigate why their products come with security bugs? Let’s take a look.
Security researchers at the University of Michigan have developed several pilot experiments aimed at identifying potential disruptions in the Samsung SmartThings ecosystem. As one of the largest manufacturers of IoT Ready (Internet of Things) devices including refrigerators, thermostats, ovens, security doors, locks, panels, sensors and more, it’s no wonder their credentials are under scrutiny.
The researchers confirmed that the malfunctions were caused by two internal design flaws in the SmartThings ecosystem. Moreover, these two design flaws are not always easy to fix.
Another exploit involved exploiting a vulnerability to disable «vacation mode» by demonstrating access to high-level permissions. Once an attacker is given access to «vacation mode», they can mitigate any pre-programmed vacation protection modes, such as randomly turning on lights throughout the house or opening and closing blinds to simulate a busy residence.