Skip to main content

20 Samsung SmartThings Hub vulnerabilities jeopardized smart homes

Cisco’s Talos cybersecurity experts reported 20 vulnerabilities in the Samsung SmartThings Hub. Talos didn’t publicize the widespread weaknesses until after Samsung readied a firmware update for SmartThings customers.

The Samsung SmartThings Hub plays a central role for other SmartThings components including thermostats, cameras, light bulbs, smart plugs, motion detectors and more.

The threat also extended beyond Samsung’s smart home devices. The SmartThings Hub runs on Linux-based firmware that enables interoperability with other Internet of Things (IoT) smart home devices via Ethernet, Zigbee, Z-Wave, and Bluetooth connections. In other words, anyone who exploited the Hub’s weaknesses could potentially control all connected electronic devices in the home.

Other smart home vulnerabilities

Talos cybersecurity experts noted, “In total, Talos found 20 vulnerabilities in the Samsung SmartThings Hub. These vulnerabilities vary in the level of access required by an attacker to exploit them and the level of access they give an attacker. In isolation, some of these might be hard to exploit, but together they can be combined into a significant attack on the device.”

Some of the potential threat scenarios exposed because of the Hub vulnerability include:

  • Unlocking doors protected with smart locks
  • Disabling motion detectors and security cameras
  • Damaging appliances connected to smart plugs

Regarding the exploit and the subsequent firmware update, Samsung responded by email to GearBrain, “Samsung takes security very seriously, and our products and services are designed with security as a priority. We are aware of the security vulnerabilities for SmartThings Hub V2 and released a patch for the automatic update to address the issue. All active SmartThings Hub V2 devices in the market are updated to-date.”

How to check your Samsung SmartThings Hub firmware version

Samsung pushes out over-the-air (OTA) software and firmware updates to active devices, but it’s always a good idea to check on your own to confirm that nothing interfered with the update.

You can check your SmartThings Hub’s firmware version in three ways: The SmartThings mobile app, the SmartThings Classic app, and the SmartThings web console.

Once you have opened either of the apps or logged in to the website, click on Hub or Hubs and then check the Firmware Version field.

Bruce Brown
Digital Trends Contributing Editor Bruce Brown is a member of the Smart Homes and Commerce teams. Bruce uses smart devices…
What is IFTTT and how can you use it in your smart home?
A bunch of colorful shapes on a black background.

If you've spent any time shopping for smart home gadgets, you've probably noticed that many are built with support for Amazon Alexa, Apple HomeKit, and Google Home. These are smart home platforms, and they let you access all your devices through a single app or interface. You've probably also noticed support for something known as IFTTT. But what exactly is IFTTT? And is it something you should be concerned with? Here's a closer look at the unique (and incredibly useful) software.
What is IFTTT?

IFTTT stands for, "if this, then that." It's terminology often used in programming, allowing software to chain together functions and perform certain tasks if other tasks are detected. For example, if the user inputs the incorrect password, then they'll be notified to try logging in again.

Read more
Nest Hub Max vs. Echo Show 10: which is the better smart display?
The Nest Hub Max on a table.

The world of smart displays is dominated by two companies -- Amazon and Google. Amazon is responsible for the Echo Show 10, while Google is behind the Nest Hub Max. Both offer large screens, access to a massive roster of apps, and the ability to connect (and control) the rest of your smart home. There are a lot of similarities between the two popular displays, but there are a few key differences you should be aware of before adding one to your home.

Here's a closer look at the Echo Show 10 and Nest Hub Max to help you decide which is best.
Pricing and design

Read more
Nest Secure will be discontinued in April – prepare your smart home with these steps
Nest Secure Review

Google is dropping support for Nest Secure on April 8, at which time users will see a complete shutdown of its features. Whether you're using it as a bridge for your smart lock or as a home security system, the device will no longer connect to the internet, rendering it obsolete.

Google has already reached out to impacted users to let them know about the impending shutdown, but is there a replacement for Nest Secure available in 2024? And what exactly can you do to prepare for the discontinuation in April? Here's a look at everything you need to know about Nest Secure.
Check ADT for a Nest Secure replacement

Read more