Researchers at the University of Michigan have discovered several security flaws in Samsung’s SmartThings Internet of Things consumer platform, allowing them to hack into the platform’s automation system and gain control over a user’s home system.
While they did not really reveal a lot of specific details, Craig Young, Cybersecurity Researcher for Tripwire says,
“One issue might be some 3rd party apps for Android that are not properly using SSL leading to intercepted OAUTH tokens. The other aspect of this research addresses questions of developer trust as they showed that they could write a battery check app with hidden malicious functionality. This is a very serious problem across the industry as software development moves from big firms with reputations at risk to somewhat anonymous developers sometimes with minimal legal exposure.”
Craig explains,
“One way to limit exposure to these risks could be to use scanning technology to enumerate what device functionality is accessed on an app and compare whether it makes sense with the stated purpose of the app. Unfortunately attackers can still circumvent this logic somewhat by carefully selecting the advertised functionality of a malicious app. Another option is to request permission from users each time a sensitive operation is to be performed but this can become an annoyance and may hinder productivity.”
[su_box title=”About CRAIG YOUNG” style=”noise” box_color=”#336588″][short_info id=’67965′ desc=”true” all=”false”][/su_box]
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…