Vulnerability in LG Hom-Bot Allows Hackers to Use the Device’s Camera and Spy

Vulnerability in LG Hom-Bot Allows Hackers to Use the Device’s Camera and Spy

Vulnerability in LG Hom-Bot Allows Hackers to Use the Device’s Camera and Spy

Vulnerability in LG Hom-Bot Allows Hackers to Use the Device’s Camera and Spy

Check Point researchers have discovered a vulnerability in LG’s Hom-Bot vacuum cleaner. Hackers can now hijack the LG SmartThing home appliances, thanks to this vulnerability. The affected devices include dryers, refrigerators, vacuum cleaners, dishwashers, and microwaves.

The experts demonstrated their findings by showing how hackers could compromise LG Hom-Bot. The video camera installed inside the device can be controlled by the hackers.

The first part involves disassembling the LG Hom-Bot to locate the UART (Universal Asynchronous Receiver/Transmitter) connection. Once they had done this, they had to make sure the main process debugged. After that, they look for the connection between the SmartThing and Hom-Bot.

The researchers said,

“This is when we had the idea to investigate the SmartThinQ application – leading to the discovery of the HomeHack flaw.”

The process was possible using debugging tools and a rooted phone. Once the SSL pining and anti-root mechanism bypassed. Hackers could intercept the application’s traffic. Thus, now an LG account could be created.

The researchers from CheckPoint also performed an analysis of the login process. They were not able to find any link between the creation of username based signature and the authentication request. It can help them identify the actual user credentials.

Once they had all this data, the only thing hackers needed to bypass confirmation process. Then switch to the owner’s username to get access for completing the process. “By exploiting the vulnerability, the attacker could take over the victim’s account. Also, control his smart LG devices,” experts noted.

LG was quick to fix the issue after the announcement of the vulnerability on July 31st, 2017. The solution made by LG included a fix to the SmartThing application. Altogether with urging users to update to the app from Google or Apple Play Store. The process to update the app is quite simple. The update button is available on Dashboard of the SmartThing app. A step by step solution is given below.

CheckPoint researchers express their concerns about hacker’s new focus on individual devices. A consequence of the advances made in hacking capabilities, affect more than ever.

How to Protect from HomeHack Vulnerability

The users of LG SmartThinQ mobile app should update the app, to protect their devices. Experts also tell users to take the following steps if they want to secure their devices:
  • Download the updated version of LG SmartThinQ app from Google and Apple Play Store.
  • You can update the app via its settings.
  • Smart home physical appliances should up to date.
  • Click on the ‘smart home product’ under smartThinQ Dashboard.
  • If the update is missing a popup will alert you about it.

4 Comments

  1. Who says hackers are not real? I read several comments on YouTube and on Quora when they recommended a hacker. I mailed him when I suspected my wife was cheating and you wouldn’t believe this hacker helped me hack into her phone without any glitch. He did it remotely and swiftly without my wife knowing, i discovered my wife wasn’t actually cheating, i’m glad I contacted Hacklord first instead of confronting my wife.Here is his Gmail Stephenlogicalhacklord@gmail.Com contact him on or on whatsapp +19094479732 and You can text or call him on +19094479732 for anyone that may require his help

  2. This is my advice to anyone who wants to hack a phone, do not pay for spy apps if you don’t have access to the phone. I wish I knew this sooner, I would not have spent so much on different spy apps. It took sometime before I finally found a way to hack my husband’s phone without having access to it. I mentioned my fears and insecurities to a friend and she recommended kelvinethicalhacker at gmail.com to me, This hacker provided a service that allows me to monitor his calls and conversations. I haven’t decided on what to do yet. I don’t think I can continue in this marriage. He is cheating on me.contact him here for help, via, kelvinethicalhacker@gmail.com,

  3. This is my advice to anyone who wants to hack a phone, do not pay for spy apps if you don’t have access to the phone. I wish I knew this sooner, I would not have spent so much on different spy apps. It took sometime before I finally found a way to hack my husband’s phone without having access to it. I mentioned my fears and insecurities to a friend and she recommended kelvinethicalhacker at gmail.com to me, This hacker provided a service that allows me to monitor his calls and conversations. I haven’t decided on what to do yet. I don’t think I can continue in this marriage. He is cheating on me.contact him here for help, via, kelvinethicalhacker@gmail.com.

  4. This is my advice to anyone who wants to hack a phone, do not pay for spy apps if you don’t have access to the phone. I wish I knew this sooner, I would not have spent so much on different spy apps. It took sometime before I finally found a way to hack my husband’s phone without having access to it. I mentioned my fears and insecurities to a friend and she recommended kelvinethicalhacker at gmail.com to me, This hacker provided a service that allows me to monitor his calls and conversations. I haven’t decided on what to do yet. I don’t think I can continue in this marriage. He is cheating on me.contact him here for help, via, kelvinethicalhacker@gmail.com. ry

Leave a Reply

Your email address will not be published. Required fields are marked *