Researchers at the University of Michigan have identified a number of security vulnerabilities in Samsung’s SmartThings platform that allowed them to remotely unlock doors, set off smoke alarms, and perform other malicious actions through the use of overprivileged apps. The discovery casts doubt over what functions in the home we should be allowing our smart home platforms control over. Ashley Carman at the Verge reveals all.
but most pressing are the privileges given to apps, many of which they don’t need to function. A smart lock might only need the ability to lock itself remotely, for instance, but the SmartThings API bundles that command with the unlock command, which an attacker can leverage to carry out a physical attack
Samsung were quick to respond on their smart things blog.