Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bug in Mobile App Lets Hackers Take Control of LG Smart Devices (bleepingcomputer.com)

Posted by msmash on from the smart,-connected-things dept.

A reader shares a BleepingComputer report: LG Electronics has avoided a security disaster this summer after it worked with security researchers to patch a vulnerability in the mobile app that customers are using to control a breadth of LG smart home devices. The vulnerability affects the LG SmartThinQ app used to control all of LG's "smart" home appliances, a list that includes devices such as smart ovens, vacuums, dishwashers, refrigerators, washing machines, dryers, air conditioners, and more. The flaw was discovered by security researchers from Israeli firm Check Point, who reported the problem to LG technicians. According to researchers, an attacker would have been able to hijack the authentication process that occurs between the SmartThinQ app and LG's servers. The attacker could have been able to take over a user's account and control devices in the user's home, and paired with the user's profile. For example, attackers could have overheated ovens, altered a home's temperature via AC units in a Mr.Robot-style hack, or spied on users via camera-enabled devices.

37 comments

  1. What happens in 10 years? by sinij · · Score: 3, Interesting

    What happens in 10 years, when some of these appliances are still working, still connected? Is LG going to continue issuing security patches?

    1. Re: What happens in 10 years? by Anonymous Coward · · Score: 1

      Yeah sure they will issue patches... that will brick the machine.

      Someone should start a replacement board service to redumb the smart devices.
      All the hardware is there you just need a controller that doesn't have unnecessary features.

    2. Re:What happens in 10 years? by Anonymous Coward · · Score: 0

      Guaranteed LG is planning on making sure these machines are completely obsolete in 10 years. Remember when washing machines used to be reliable for twenty plus years with a new belt every few years? Now they're getting iffy within three and due for replacement within five. I was actually told by a repair guy that expected life cycle on new washing machines is five years. BY A GUY THAT MAKES HIS ENTIRE LIVING FIXING BROKEN WASHING MACHINES, NOT SELLING NEW. That's crazy. But that's also modern philosophy when it comes to manufacturing.

      Make it last just long enough to beat the competition, and the bar gets ever lower.

    3. Re:What happens in 10 years? by olsmeister · · Score: 2

      Refrigerators are the same way. They've reduced the warranties down to a year or two, they used to be much longer. They're basically disposable.

    4. Re: What happens in 10 years? by Anonymous Coward · · Score: 0

      Yet another reason to avoid IOT devices. Unless you are severely disabled.

    5. Re: What happens in 10 years? by Anonymous Coward · · Score: 0

      Bingo. IoT as a field is still drastically sub-par. Absolutely no one should buy or use IoT devices unless they have a dire physical need to do so.

    6. Re:What happens in 10 years? by Anonymous Coward · · Score: 0

      I hear this all the time and it has to be such bs. If all manufactures are designing machines with short lifespans, someone new will come along, build reliable machines and take the whole market.

    7. Re:What happens in 10 years? by Desler · · Score: 1

      I would be surprised if they issued updates 2 years after the product first came out.

    8. Re: What happens in 10 years? by Anonymous Coward · · Score: 0

      But I need to be able to flush the toilet using my phone!

      - Average IoT-buying Idiot

    9. Re: What happens in 10 years? by Desler · · Score: 1

      Or you have more money than brains.

    10. Re:What happens in 10 years? by Desler · · Score: 1

      How is it BS? Case in point, DRAM price fixing between 1998-2002 where 12 manufacturers colluded to raise prices and no one popped up like you claim to sell things at a lower price and “take the whole market.” And there are plenty of other examples of price-fixing cartels that saw no such competition.

    11. Re:What happens in 10 years? by Anonymous Coward · · Score: 0

      Is it thick, veiny and black? Unf! Unf! Unf!

    12. Re:What happens in 10 years? by Anonymous Coward · · Score: 0

      The same had been said with respect to OPEC and yet it’s still around and still controls nearly half the world’s oil production. Methinks you live in libertarian fantasy world.

    13. Re:What happens in 10 years? by Desler · · Score: 1

      And before you try to claim otherwise, said price fixing only stopped because anti-trust charges were brought against them not because they felt bad for what they did or a new competitor rose up.

    14. Re:What happens in 10 years? by Anonymous Coward · · Score: 0

      And yet, it doesn't happen. Maybe it's more profitable to build shit than build something reliable and not have anyone to sell to after a few years?

    15. Re: What happens in 10 years? by sinij · · Score: 1

      We said the same thing about Social Media, and look where we are now.

    16. Re:What happens in 10 years? by Aighearach · · Score: 1

      I don't regret buying an LG, but I'm sure glad I bought the "dumb" model, even if I had to open it up and install my own headphone jack. (The dumb models are sold mostly for business use as wall displays, so they have a 3.5mm jack but hook it up to serial wired remote control interface)

      Thanks to HDMI, anything internet connected I can run on a computer and still display on the TV. Thanks to PulseAudio it is super easy to switch a running audio source to the HDMI too, so I don't even have to restart anything... just move it to a virtual desktop on the TV screen, and change the audio output in the mixer. Thanks, future!

      So sad to see all those appers apping maliciously against their will.

    17. Re:What happens in 10 years? by Aighearach · · Score: 1

      I would be surprised if they issued updates 2 years after the product first came out.

      Like Saint Ignucius said, if a device can't be updated you don't have to worry about software freedom.

    18. Re:What happens in 10 years? by Desler · · Score: 2

      Also, most people are simply choosing the cheapest shit they can find so there’s also no incentive to create anything of lasting build quality. Cheap, replaceable junk is the standard these days. It’s also how you satisfy Wall Streets’ demand for infinite growth.

    19. Re: What happens in 10 years? by Anonymous Coward · · Score: 0

      So we should just execute IoT device buyers?

    20. Re:What happens in 10 years? by Anonymous Coward · · Score: 0

      The 9419 bug has persisted for over 10 years and can still be exploited. The thing is, nobody cares until it becomes a huge issue.

    21. Re:What happens in 10 years? by plover · · Score: 2, Interesting

      When my grandmother passed about 20 years ago, the family got together to empty the house to sell it. We loaded her old refrigerator on to a truck, and hauled it to the dump (where the guy helping unload it from the truck commented that it was still cold!) On the back was the date of manufacture: 1941. That thing had kept food cold for nearly 60 years.

      And you know what? That old fridge was so inefficient that it cost her far more on her electricity bill than if she had thrown it away in 1980 and bought a new one. 60 year reliability was certainly a positive quality, but efficiency was definitely a negative quality that far surpassed it in terms of cost of ownership.

      A washing machine from 20 years ago would likely use about 45 gallons of water per wash load, regardless of the load size. A smart HE washer from 2017 uses a sensor to measure the load, and uses between 5-20 gallons. Even in a place where water is cheap, heating the water costs. And the amount of electricity consumed by a modern direct drive motor is a fraction of the belt-driven beasts of the past.

      Does that mean your washer should break down after five years, just so you can benefit from whatever gains in efficiency they've made? Of course not. But it does imply that buying a washer built to last 60 years is a waste of money.

      --
      John
    22. Re:What happens in 10 years? by Anonymous Coward · · Score: 0

      rms can suck my rockhard two inch wang.

    23. Re: What happens in 10 years? by cjjjer · · Score: 1

      Serves you right for buying anything with "Smart" in the name... /s

    24. Re: What happens in 10 years? by Anonymous Coward · · Score: 0

      There isn't anything else on the menu genius.

    25. Re: What happens in 10 years? by Anonymous Coward · · Score: 0

      The last C in OPEC is literally Cartel.

      I think we know how they survive already.

    26. Re: What happens in 10 years? by Anonymous Coward · · Score: 0

      No we aren't choosing cheap shit.
      The price is very high, washing machines are more expensive than ever.
      That "choosing the cheapest" is what the manufacturers are doing, they just aren't passing the savings and still charging a premium for something that is literally inferior to what we had in the 90's.

    27. Re: What happens in 10 years? by Anonymous Coward · · Score: 0

      HE washers don't use less water. They use the appropriate amount.
      Older machine had a "load size" or "water level" knob so you were in control regardless of your knowledge of the feature.

    28. Re: What happens in 10 years? by fizzer06 · · Score: 1

      Latest irresistible buzzword is "blockchain". I has to hab it.

  2. Sounds like the writers over at "Silicon Valley".. by dr_canak · · Score: 1

    Sounds like the writers over at "Silicon Valley" were already were aware of this. Wasn't it this last season that involved the hacking of intelligent refrigerators that saved the day?

    Coincidence? I think not ... ;-)

  3. Hmm by kelemvor4 · · Score: 1

    Does this include the Pixel2 XL?

  4. blah blah hackers blah blah hacking blah blah by Anonymous Coward · · Score: 0

    Oh, bleepingcomputer, of course.

    Another content-free piece that could've been useful, but isn't. Thanks for wasting our time, msmash.

  5. more iot fail by Anonymous Coward · · Score: 0

    This is why I don't understand why people are pushing iot devices and the concept in general. It seems that time and time again, when something is said to work or be secure, some one finds it's broken. Or they hack into it. Also, I fail to understand why you would want an internet/network connected oven.

    1. Re:more iot fail by Anonymous Coward · · Score: 0

      "I don't understand why people are pushing iot devices and the concept in general."

      Hint: $$$$$$$$$$$

      It's hard to justify a price increase for basic appliances whose technology has been well-developed for decades. Unless you stuff a lot of electronics in there.

  6. BFD by Lije+Baley · · Score: 1

    People ARE getting wiped out this year, every year, by nature - Floods, Fires, Squirrels (hacking our power grid), etc. Shove off with all your "some vuln (say it short so you sound cool) COULD do something" hysteria. SO MUCH SECURITY FATIGUE - you are undermining your own cause. Next time, STOP, and think first about real risk, relative risk, cost vs. benefit, before you make your next grand proclamation about security. The level of insularity and hubris in the security community must be peaking soon.

    --
    Strange things are afoot at the Circle-K.
  7. Here's the basic though by XSportSeeker · · Score: 1

    Don't buy into IoT, smart appliances, and this absurd need to connect everything to the Internet or the cloud. Let go of the hype, apply critical reasoning, and don't connect more than what's strictly necessary. Don't trade the potential for a future catastrophe inside your home, or the complete erosion of privacy, just because you think you absolutely need minor conveniences.

    Hate me all you want, but I need to be clear on this. Given the current security landscape, the constant hacks, the constant reveals of weak security practices and of devices being breached left and right, if you buy something that is Internet connected and it has controls that can be used to put your own life in danger, it'll be at least partially your own fault. You have not only been fooled into the hype, but you also funded this entire charade. And we all know that singular cases matters nothing to these huge corporations. If you wanna be part of collateral damages, a guinea pig that is paying to be experimented on, that's your call.