Multiple Vulnerabilities in Samsung SmartThings Hub
Several vulnerabilities have been discovered in the firmware of Samsung’s SmartThings Hub, a central controller that monitors and manages various internet-of-things (IoT) devices from a smartphone, such as LED light bulbs, thermostats, cameras, smart plugs, and more. First discovered by Cisco Talos researchers, the vulnerabilities could allow an attacker to execute operating system commands or other arbitrary code on affected devices. Once a device is accessed, a threat actor could perform unauthorized activities, such as unlocking doors and granting physical access to homes, remotely viewing cameras, changing thermostat temperatures, or causing physical damage to appliances. Samsung released a patch for vulnerable devices prior to the release of the Cisco Talos vulnerability alert. The NJCCIC advises users and administrators of the Samsung SmartThings Hub to review the Cisco Talos report for more information and, while the SmartThings Hub receives updates from Samsung automatically, it is recommended that owners of affected devices confirm the latest firmware patch has been applied.