Errors on mobile applications allow hackers to control LG devices

LG Electronics tried to avoid a security disaster when working with researchers to patch vulnerabilities in mobile applications that customers use to control LG smart home devices.

The vulnerability affecting LG SmartThinQ application is used to control LG's smart home devices such as ovens, dishwashers, refrigerators, washing machines, air conditioners .

This vulnerability was discovered by researchers at Israel's Check Point and reported to LG.

The vulnerability allows hackers to take over LG devices

According to researchers, an attacker can hijack into the authentication process between SmartThinQ and LG servers.

Hackers can then occupy user accounts, control the device. For example, increase the oven temperature, change the temperature in the house or spy on the device using the camera. A device with integrated camera is a dust collector LG Hom-Bot.

Errors on mobile applications allow hackers to control LG devices Picture 1
The vulnerability helps hackers control LG's smart home device that has been patched

To prove, Check Point has posted a video demonstrating how to hack SmartThinQ can allow an attacker to spy.

The good news is that this vulnerability has been fixed even if you use the old application, it is not easy to exploit this vulnerability.

The steps to exploit the vulnerability are not easy to implement if the hacker is not skilled.

There were vulnerability patches

LG updated SmartThinQ (v1.9.20 on September 29) and updated the firmware for affected smart home devices.

Check Point calls this vulnerability HomeHack and gives a detailed report here.

https://blog.checkpoint.com/2017/10/26/homehack-how-hackers-could-have-taken-control-of-lgs-iot-home-appliances/