Check Point Joins Forces with LG to Secure Smart Home Devices

Check Point Software Technologies Ltd announced that its security researchers have discovered HomeHack – a vulnerability that exposed millions of users of LG SmartThinQ smart home devices to the risk of unauthorized remote control of their SmartThinkQ home appliances.

The vulnerabilities in the LG SmartThinkQ mobile app and cloud application enabled the Check Point research team to remotely login to SmartThinQ cloud application, take over the user’s legitimate LG account, and gain control of the vacuum cleaner and its integral video camera.  

Once in control of a specific user’s LG account, any LG device or appliance associated with that account could be controlled by the attacker – including the robot vacuum cleaner, refrigerators, ovens, dishwashers, washing machines and dryers, and air conditioners.

The HomeHack vulnerability gave attackers the potential to spy on users’ home activities via the Hom-Bot robot vacuum cleaner video camera, which sends live video to the associated LG SmartThinQ app as part of its HomeGuard Security feature.  Depending on the LG appliances in the owner’s home, attackers could also switch dishwashers or washing machines on or off.

“As more and more smart devices are being used in the home, hackers will shift their focus from targeting individual devices, to hacking the apps that control networks of devices. This provides cyber criminals with even more opportunities to exploit software flaws, cause disruption in users’ homes and access their sensitive data,” said Oded Vanunu, head of products vulnerability research at Check Point.

“Users need to be aware of the security and privacy risks when using their IoT devices and it’s essential that IoT manufactures focus on protecting smart devices against attacks by implementing robust security during the design of software and devices.”