A security flaw with the LG SmartThinQ mobile app and cloud application left owners of LG smart appliances open to hacking, a new investigation by Check Point has revealed.
Security researchers recently discovered HomeHack, a security vulnerability that allowed them to create a fake LG SmartThinQ account, and then use it to take over a user’s legitimate LG account. This meant they could remotely control the user’s smart LG appliances.
Not only could they access the camera on the LG Hom-Bot robot vacuum cleaner – giving a potentially intrusive view into the owner’s home – but they could also remotely control the settings on connected refrigerators, ovens, dishwashers, washing machines and dryers using the SmartThinQ platform.
The good news is that LG has released a fix for this issue. Read on for details, and to find out more about how to keep your smart home secure.
Find out more about the security of the internet of things.
How to protect your LG SmartThinQ appliances
Check Point contacted LG at the end of July 2017 to alert it to the vulnerability of the SmartThinQ app. LG then issued a fix at the end of September.
If you’re a user of the LG SmartThinQ platform, head to the LG website and download the latest software version for each of your smart connected appliances. You’ll also need to update the mobile app, so run any updates on your smartphone or tablet to ensure you’re using the latest version of the app.
What about other smart devices or appliances?
Even if you don’t have an LG SmartThinQ appliance, there’s a good chance you have another smart appliance or internet-connected device in your home. We strongly recommend keeping your software up to date so that you benefit from the latest security updates.
There are other steps you can take to preserve your privacy, too. Take a look at our five ways to protect your smart home from hackers guide to make sure your smart home stays secure.
Previous privacy issues
It’s estimated that there will be a staggering 75.4 billion connected devices in the world by 2025. While these products can make life easier, a Which? investigation in June 2017 raised serious concerns about the security of internet-enabled and smart products. Our investigation revealed that hackers could gain access to a home network and various connected devices – including an internet router, CCTV camera and even a smart connected children’s toy – in a matter of days.
And earlier this month, an investigation by the Norwegian Consumer Council (NCC) found worrying security flaws with three children’s smartwatches. Hackers could easily take control of the watches and use them to track a child’s location and eavesdrop on – or communicate with – them. Not only that, but it would even be possible to trick parents into thinking the watch was somewhere it was not. One of the watches – the Gator 2 – was previously available to buy from John Lewis, but was removed from sale after we contacted the retailer.
Expert view – Andrew Laughlin, Which? principal researcher
‘Barely a week goes by now without a story of some device being hacked, whether that’s a wireless camera, smart fridge or vacuum cleaner.
‘It’s easy to get carried away with fancy-sounding ‘smart’ features, but adding a network connection to any product can carry risks as well as rewards.
‘It’s very concerning when even huge companies such as LG can make mistakes with security that could put devices at risk. It’s great to see that this has been addressed by the company, but no less worrying that it happened in the first place.
‘Manufacturers of consumer products must take greater care with the security of our devices and ensure our privacy is always protected.’