Your robot vacuum cleaner may be doing more than sucking up dirt and scaring the cats while roaming the hallways of your home. When it’s not attacking you, it could also be spying on you and revealing the information to hackers.
Security firm Check Point recently alerted consumers to a security flaw in the LG Hom-Bot robot, demonstrating how a hacker can take control of the device and use the built-in camera for covert surveillance of the home or office. What’s more, the vulnerability in the firm’s SmartThinQ phone application allowed them to hijack all the connected devices, such as refrigerators, microwaves, and air conditioners.
In our time with the Home-Bot, we liked the usefulness of the app and were impressed with the functions available using the on-board cameras, but these turned out to be two of the favorite features for potential hackers as well.
The connected nature of the Internet of Things (IoT) leads to some cool tech and great convenience, but the entire network can be at risk if someone breaches the security of even one appliance. In this particular instance, Check Point’s researchers were able to create a false LG account, and then use it to take over a legitimate LG account.
In a press release, Check Point announced that it has partnered with LG to detect security flaws in its software, allowing for immediate fixes. “As more and more smart devices are being used in the home, hackers will shift their focus from targeting individual devices, to hacking the apps that control networks of devices,” researcher Oded Vanunu said. “This provides cyber criminals with even more opportunities to exploit software flaws, cause disruption in users’ homes and access their sensitive data.”
The LG Hom-Bot is a very popular model, with more than one million sold. LG has already patched the flaw, so if you own one of the LG smart home appliances you should immediately update your SmartThinQ app to the latest version (version 1.9.2.3).
Koonseok Lee of LG praised the work of Check Point and noted that looking for flaws that could be exploited will be an ongoing process. “LG Electronics plans to continue strengthening its software security systems as well as work with cyber-security solution providers like Check Point to provide safer and more convenient appliances,” he said.