The company has released many updates for securing SmartThings users from the vulnerabilities reported by the researchers. “Over the past several weeks, we have been working with this research team and have already implemented a number of updates to further protect against the potential vulnerabilities disclosed in the report. It is important to note that none of the vulnerabilities described have affected any of our customers thanks to the SmartApp approval processes that we have in place,” said Alex Hawkinson Founder and CEO, SmartThings. You may have wondered that how could it affect the SmartThings users ? The answer is quite simple as we have mentioned below : The vulnerabilities can prove to be fatal. The researchers also exploited the flaws in SmartThings framework and carried out attacks like stealing door lock pin codes, changing the lock code, activating a fake fire alarm and turning off vacation mode “all without requiring SmartApps to have capabilities to carry out these operations and without physical access to the home.” The hackers apparently creates link to Samsung’s actual login page with the potential to steal the user’s login tokens. When the hacker successfully acquires token, he/she is able to create the new PIN for door lock’s, without any user interaction.
The researchers selected SmartThings due to its fame and as it supports many devices, it has more apps than any other smart home platform. Researchers in their research paper stated that examining SmartThings was tricky as “apps run on a proprietary cloud platform, and the framework protects communication among major components such as hubs, cloud back end and the smartphone companion app.”