Vulnerability in LG Products Leads to Hacking and Compromise of Privacy
In a household of Internet-of-Things, suppose a dishwasher's lights continuously flashes, the smart oven keeps turning itself off and on, while the automatic vacuum cleaner having a web-cam constantly monitors the householder's movement in the house, such a household is probably a victim of hack.
According to security researchers at CheckPoint, security flaw inside nearly 1m LG smartThinQ IoT household appliances can allow hackers to infiltrate and compromise all the appliances letting invasion of personal privacy and causing mayhem. The implication is for all LG gadgets linked with an Internet account, such as the vacuum cleaner, washing machine, air conditioner, refrigerator etc.
The researchers further stated that the security problem named HomeHack potentially let hackers to monitor people's home activities through a robotic vacuum cleaner called Hom-Bot equipped with a video camera. Other compromises can have ill-intentioned hackers remotely pre-heat LG's ovens connected to the Internet, thus causing safety risk.
During 2016, 80m LG smart-home gadgets were sold globally, each of which was impacted with the security problem. However according to the big electronics manufacturer from South Korea, the company set the problem right through fresh revision of its application during September following a security advisory to it by CheckPoint. Gadgets.ndtv.com posted this, October 27, 2017.
CheckPoint security experts revealed vulnerability within the mobile application along with authentication process as well as the way the vulnerability responds to LG infrastructure created for interdependence of applications and the gadgets. The experts uncovered that no direct interdependency existed between the token/signature request and authentication request, eventually letting hackers to fake the username that they would utilize for compromising one genuine LG account followed with acquiring hold over the associated gadgets. This the hackers would manage by knowing the e-mail id of the individual owning the gadget.
The incident indicates no matter how well local networks of users are secured from infiltration hackers could still compromise their IoT appliances via exploitation of security vulnerabilities within the supplier's back-end infrastructure and his mobile applications. The above vulnerability within LG's (Life is Good) goods is among recently-discovered list of vulnerabilities within smart devices, like teddy bears, crock pots etc.
» SPAMfighter News - 03-11-2017