Researchers from the University of Michigan and the tech giant Microsoft have discovered a vulnerability in Samsung SmartThings, which allows hackers to make a series of attacks. Samsung SmartThings is one of the leading online platforms to connect “smart devices”.
The researchers also developed POC attacks demonstrating how they could disable vacation mode and induce a fake fire alarm. With the PoC-code, researchers secretly changed the door lock codes; kidnapped established owners of the door lock codes; deactivated vacation mode in the house; activated the fire alarm.
Vulnerabilities In Samsung SmartThings Allow Hackers To Break Into The House
Attacks have been made possible for the two vulnerabilities in the framework of the Samsung SmartThings, which are difficult to correct.
According to the security team, “We found two forms of over privilege for SmartThings. First, coarse-grained capabilities lead to over 55% of existing SmartApps to be overprivileged. Second, coarse SmartApp-SmartDevice binding leads to SmartApps gaining access to operations they did not explicitly ask for. Our analysis reveals that 42% of existing SmartApps are overprivileged in this way”.
The researchers could open the door locks, catch OAuth tokens, and use applications and SmartThings for user authentication.
For the successful implementation of the attack, it was enough to force the user to go through a malicious link that leads to a page that looks like a legitimate page of SmartThings authentic; when the user enters all its credentials, they are forwarded to an address controlled by the hacker. Because of this, they could gain access to the house as legitimate users.
Implementation of the code redirects the user, made possible by vulnerabilities in a second SmartThings. The vulnerabilities allow increasing the privileges for managing “smart home” applications. After analyzing, experts stated that over 55% of the 499 SmartThings applications had elevated privilege, and 132 device handlers; they arrived at two major findings.
The global threat communications manager for Trend Micro, Christopher Budd, said, “Without knowing the specifics of the development, it’s impossible to know how the vulnerability was left exposed”.
Christopher Budd added, “This is a broad and common class of issues not just in IoT devices, but desktop applications and mobile apps as well”.