Computer scientists have discovered vulnerabilities in Samsung’s Smart Home automation system that allowed them to carry out a host of remote attacks, including digitally picking connected door locks from anywhere in the world.
The attack, one of several proof-of-concept exploits devised by researchers from the University of Michigan, worked against Samsung’s SmartThings, one of the leading Internet of Things (IoT) platforms for connecting electronic locks, thermostats, ovens, and security systems in homes. The researchers said the attacks were made possible by two intrinsic design flaws in the SmartThings framework that aren’t easily fixed. They went on to say that consumers should think twice before using the system to connect door locks and other security-critical components.
“All of the above attacks expose a household to significant harm—break-ins, theft, misinformation, and vandalism,” the researchers wrote in a paper scheduled to be presented later this month at the 2016 IEEE Symposium on Security and Privacy. “The attack vectors are not specific to a particular device and are broadly applicable.”