If you are a smart home lover and connected all your smart devices to the Samsung SmartThings hub, the first thing you should check is security. We have witnessed a lot of security breaches on security cameras, smart door locks, thermostats and more. We know that Samsung is one of the leading tech giants in the world. Samsung smart home company still has some flaws to work out.
Is Samsung SmartThings hub secure? It is secure unless you expose the device for vulnerabilities. We have some official reports of Samsung’s SmartThings hub’s vulnerability issues. There are 20 issues that were recorded already and Samsung released the updated Firmware version. Make sure that you are updating the firmware version manually to keep it secure.
Once you decide to make your home smarter, you switch to control all your smart home devices with a single hub. While most of the Smart hubs work with Bluetooth, newer versions can also pair up with WiFi. Which Samsung SmartThing device is more secure and what are the vulnerability challenges you could face? Let’s know.
Samsung SmartThings Vulnerabilities
There have been some reports that say researchers reveal 20 vulnerabilities in Samsung SmartThings Hub. Cisco talos researches said that Samsung SmartThings can be exposed to 20 security vulnerabilities that attackers can use to spy on camera via IP address or even they can hack Smart locks remotely, disable thermostats, controlling smart plugs, turning off motion sensors and more.
The Samsung SmartThings hub is a linux based device that can integrate with some popular technologies like ZigBee, z-wave and Bluetooth. The information is continuously transmitted between the server and the devices, attackers can target this Linux OS that is acting as a Hub for all the devices.
Once the parental software is in control, attackers can control devices from their end. Professors also worried about the data synchronization and there might be some vulnerabilities that would be challenging to breach the security. But the multiple attacks could result in the security danger that can make a device to be hacked.
Cisco talos blog published a post on these 20 various samsung SmartThings vulnerabilities like Remote code execution, Remote Information leakage, WiFi scan code execution vulnerabilities and more.
While the information is being transmitted between the hub and devices, these are the discovered vulnerabilities that people have complained to Samsung.
- Smart locks that can be controlled by SmartThings Hub
- Cameras can be exposed to the attackers and they can remotely use them
- Motion detectors can be dsibaled to stop alerting the alarm
- Smart plugs can be controlled to turn off the connected devices
- Thermostat could be controlled to change temperature
There are some apps users see about this Samsung SmartThings hub. If you download the apps the apps need permissions to draw over your device to check the life of batteries. Most of the people want to use this feature but they fail to realize that these apps could be dangerous.
A lot of apps from ads or from developers would popup as the Samsung SmartThings app extensions/addons. Mobile apps or more dangerous than the leaked IP address. Attackers need to watch your behaviour and apps have that information.
Those apps can access a lot more than checking the batteries. For instance, it could unlock the door or it could access to change the passcodes as well. 42% apps about SmartThings have more privileges than they should be which is something to worry about.
Alex responded on the community page regarding this security issue. He said Samsung is protecting the customers’ data and privacy by performing regular penetration tests of the systems. Adding to that, none of the customers affected by these vulnerabilities but still they are working with professional third party security experts for smart home applications.
SmartThings security experts are checking every third party app to detect any hidden malicious code. Only after the complete review by experts, those apps are meant to be published on platforms and should obey what they advertise as its purpose.
Samsung SmartThings Security
When Samsung got to know about these vulnerabilities, they just started to work on a firmware that can solve the issues. The new firmware was released on July 9th by the officials. Where there is an automation, there could be issues. Samusng has been warning the customers about security and passcodes.
Samsung or any other smart hub’s priority would be providing the security to the customers. Samsung is concerned about the issues and immediately they released the version V2 with the new firmware.
These new devices will automatically update the firmware but customers have to keep an eye on the updates. Whenever there is a new security patch, you shouldn’t miss to update.
Back to the vulnerabilities, Cisco Talos has worked with Samsung security engineers to resolve the issues and released a firmware update to the affected customers.
The second generation SmartThings hub is still on demand because the 3rd generation smart hub is lagging in battery backup and design. However, I like the second generation SmartThings hub for its beautiful design.
You need an ethernet connection to connect the 2nd generation smartthing hub but you can connect the 3rd generation device with WiFi. The Smartthing app is compatible with both android and iOS devices but I faced some issues on iPhone. It’s simple, beginner friendly but has some minor issues. You can ask the app to automatically sense any new device or you can manually do it.
Samsung SmartThings is one of the most discussed topics on Samsung forum. While SmartThings hub is clearly exposed to vulnerabilities, it would take time to consider this as an attack free model.
The newly discovered security flaws in Samsung’s SmartThings hub say that they (devices) aren’t safe as we assume. Researchers discovered some issues with this platform that allow attackers to access passcodes.
Most of the people trying to download some third party apps to make things more easier like creating passcodes for them or monitoring the life of devices. If you are signing into the SmartThings app page from the apps, it would be a scam to steal your credentials.
Although SmartThings issues guidelines, attackers send a link to login to your SmartThings page which looks similar to the official page. They can steal the tokens and IP address with the custom generated links they created.
Researchers created an app that designed to monitor and alert about the battery life but surprisingly it was able to control thermostats and sensors. Users without the knowledge of this could download and use it. You need to pay attention before giving permissions to apps you’ve downloaded even from official stores.
What Home Security works with SmartThings?
‘Samsung SmartThings’ works with ADT home security systems. The fast response system features a 7-inch touchscreen control panel, battery and a cellular data backup. You can connect a wide range of devices including lights, smart door locks, thermostats, sensors and more.
I wouldn’t recommend it to use as a Hub for more devices. I had some bad experiences and most of the people shared their views when talking about Smathings. Samsung SmartThings hub’s security is at the brink of the line to make any statements.
Conclusion
If you connect a few devices to this Samsung SmartThings, it would be a good device. There is a point of value. SmartThings hub or any other smart hub needs to be more secure. While we are depending on the automation, we are exposing our secrets to the attackers.
We have a lot of incidents that need to keep it in mind before completely relying on the smart things. It is good for automation unless you are neglecting the updates and passcodes.
SmartThings is not only the device that has attacking breaches, there are some other devices in the range of exposing vulnerabilities. Users have to take some precautions to make it free from security breaches especially the Smart locks, thermostat and security cameras.
