Samsung has been selling the second generation of its SmartThings kit for over half a year now, but the home monitoring system is still far from perfect. As researchers at the University of Michigan recently revealed, the platform features several rather serious vulnerabilities which can be exploited by a malicious app which can then do stuff like unlocking locks, changing home access codes, turn off connected devices and do all kinds of other actions you definitely don’t want a malevolent stranger doing to your smart home. To make matters worse, the said vulnerabilities can be exploited without particularly hard-to-achieve prerequisites; an unsuspecting user just has to install a malicious app or click on an equally malicious link in order to compromise his or her SmarThings platform. In other words, the user only has to do what hundreds of millions of technology users are already doing every day.
Researchers at the University of Michigan claim that the biggest issue with the SmartThings framework is the fact that it’s too liberal with giving privileges to apps. The academic team then built a prototype app designed to exploit such vulnerabilities and demonstrated the issue in a practical manner. Their app “claimed” that it’s just a battery monitoring piece of software that can be used to monitor several devices. However, given the fact that SmartThings bundles a lot of permissions together, the app was not only given the ability to monitor the battery level of a smart lock but was also allowed to control the said device and – among other things – unlock the door. Another proof-of-concept app developed at the University of Michigan created an additional PIN code for a smart lock, i.e. a fully fledged backdoor for unlocking the device without any knowledge from its owner.
The researchers then proceeded to analyze 499 apps on the SmartApps store and have concluded that an alarming 42 percent of them are overprivileged in one way or another. Furthermore, 91 percent of SmartThings users they’ve interviewed stated that they would allow a battery monitoring app to access their smart lock without thinking twice which proved what many software security analysts have been telling us for years – users can be careless. Samsung’s SmartThings state that it has updated its SmartThings developer documentation following these reports. The company claims that the discovered vulnerabilities depend on either an installation of a malicious app or a failure of third-party developers to keep their source code secure. The company also stated that it’s constantly conducting app reviews in order to identify and remove malicious apps from its SmartApps store, but the University of Michigan team said that these efforts might not be enough and a complete design of the privilege-granting system should be in order. Not long ago, the same team of researchers managed to trick fingerprint sensors of numerous smartphones.