The researchers said the attacks were made possible by two intrinsic design flaws in the SmartThings framework that aren't easily fixed. They also said that consumers should think twice before using the system to connect door locks and other security-critical components.
They were able to perform four attacks that allowed them entry to the home or the ability to take over different functions. A lock-pick malware app, disguised as a battery-level monitor, could spy on a user setting a new PIN code for a door lock and sent the PIN code to a potential hacker via text message.
The security flaw stems from the system's alleged complacency to malicious apps that take control of the SmartThings app and hence allow access to these devices.
The platform had a vulnerability called "overprivilege," which means the SmartApps allowed more access to the devices than originally intended, and the devices could be made to do things that they were not programmed to do originally.
The researchers tested SmartThings because of its wide use. The Android app for the system has been downloaded more than 100,000 times.
No comments:
Post a Comment