Samsung Smart Home Flaws Let Hackers Pick Connected Doors From Anywhere In the World

Researchers have discovered flaws in Samsung's Smart Home automation system, which if exploited, allows them to carry a range of remote attacks. These attacks include digitally picking connected door locks from anywhere in the world. The flaws have been documented by researchers from the University of Michigan ahead of the 2016 IEEE Symposium on Security and Privacy. "All of the above attacks expose a household to significant harm -- break-ins, theft, misinformation, and vandalism," the researchers wrote in a paper. "The attack vectors are not specific to a particular device and are broadly applicable." Dan Goodin, reports for Ars Technica: Other attacks included a malicious app that was able to obtain the PIN code to a smart lock and send it in a text message to attackers, disable a preprogrammed vacation mode setting, and issue a fake fire alarm. The one posing the biggest threat was the remote lock-picking attack, which the researchers referred to as a "backdoor pin code injection attack." It exploited vulnerabilities in an existing app in the SmartThings app store that gives an attacker sustained and largely surreptitious access to users' homes. The attack worked by obtaining the OAuth token that the app and SmartThings platform relied on to authenticate legitimate users. The only interaction it required was for targeted users to click on an attacker-supplied HTTPS link that looked much like this one that led to the authentic SmartThings login page. The user would then enter the username and password. A flaw in the app allowed the link to redirect the credentials away from the SmartThings page to an attacker-controlled address. From then on, the attackers had the same remote access over the lock that users had.

Today's News...

[npslider]

This just in...

A man is found trapped in his new Samsung smart-house tied up in a basement closet with two pieces of toast stuffed in his mouth, covered in ice cubes.

Apparently a burnt toast hacker, found and exploited a security flaw in every electrically powered device in his home. After refusing to pay the ransom his microwave demanded. The microwave ordered the owners toaster to eject the toast into the owners mouth while the Dyson wireless battery powered vacuum cleaner snuck up from behind. The "possessed" cleaning appliance wrapped him up in a magnetically detachable charging cord.

This new Dyson model, well known for its ability to remove facial hair from across the room made easy prey of the 45 year old computer programmer. The man was literally drug across his own kitchen floor kicking and sobbing, spit on by the ice maker as he frantically willed the fridge to help him, he had never done the fridge wrong. The basement door opened itself and the vacuum quickly went from suck to blow, ejecting him at near critical velocity into the open closet. The closet door self-closed.

He was only found because the UPS deliverer, heard the commotion while passing this haunted house.

In other news, Apple Inc. buys Microsoft, settling the largest online debate about which platform is superior...