Check Point joins forces with LG to secure their smart home devices
October 26 2017 - 9:00AM
Check Point Software Technologies Ltd. (NASDAQ:CHKP) a leading
provider of cyber-security solutions globally, today announced that
its security researchers have discovered HomeHack – a vulnerability
that exposed millions of users of LG SmartThinQ® smart home devices
to the risk of unauthorized remote control of their SmartThinkQ
home appliances.
The vulnerabilities in the LG SmartThinkQ mobile app and cloud
application enabled the Check Point research team to remotely login
to SmartThinQ cloud application, take over the user’s legitimate LG
account, and gain control of the vacuum cleaner and its integral
video camera. Once in control of a specific user’s LG
account, any LG device or appliance associated with that account
could be controlled by the attacker – including the robot vacuum
cleaner, refrigerators, ovens, dishwashers, washing machines and
dryers, and air conditioners.
The HomeHack vulnerability gave attackers the potential to spy
on users’ home activities via the Hom-Bot robot vacuum cleaner
video camera, which sends live video to the associated LG
SmartThinQ app as part of its HomeGuard Security feature.
Depending on the LG appliances in the owner’s home, attackers could
also switch dishwashers or washing machines on or off.
“As more and more smart devices are being used in the home,
hackers will shift their focus from targeting individual devices,
to hacking the apps that control networks of devices. This provides
cyber criminals with even more opportunities to exploit software
flaws, cause disruption in users’ homes and access their sensitive
data,” said Oded Vanunu, head of products vulnerability research at
Check Point. “Users need to be aware of the security and privacy
risks when using their IoT devices and it’s essential that IoT
manufactures focus on protecting smart devices against attacks by
implementing robust security during the design of software and
devices.”
The vulnerabilities in the SmartThinQ mobile app enabled Check
Point’s researchers to create a fake LG account, and then use this
to take over a user’s legitimate LG account, and in turn gain
remote control of the user’s smart LG appliances. Check Point
disclosed the vulnerability to LG on July 31 2017, following
responsible disclosure guidelines. LG responded by fixing the
reported issues in the SmartThinQ application at the end of
September. “Thankfully, LG responsibly provided a quality fix
to stop possible exploitation of the issues in its SmartThinQ app
and devices,” said Oded Vanunu.
“As part of LG Electronics’ mission to enhance the lives of
consumers worldwide, we are expanding our next-generation smart
home appliance lineup, while also prioritizing the development of
safe and reliable software programs,” said Koonseok Lee Manager of
Smart Development Team, Smart Solution BD, LG Electronics.
“In August, LG Electronics teamed with Check Point Software
Technologies to run an advanced rooting process designed to detect
security issues and immediately began updating patch programs.
Effective September 29th the security system has been running the
updated 1.9.20 version smoothly and issue-free. LG
Electronics plans to continue strengthening its software security
systems as well as work with cyber-security solution providers like
Check Point to provide safer and more convenient appliances.”
To protect their devices, users of the LG SmartThinQ mobile app
and appliances should ensure they are updated to the latest
software versions from the LG website. Check Point also advises
consumers to take the following steps to secure their smart devices
and home Wi-Fi networks against intrusion and the possibility of
remote device takeover:
- Update LG SmartThinQ app to the latest version
(V1.9.23), you can update the app via Google play store, Apple’s
App Store or via LG SmartThinQ app settings.
- Update your Smart home physical devices with the latest
version, you can do that by clicking on the smart home product
under smartThinQ application Dashboard (if an update is available
you will get a popup alerting you).
LG’s SmartThinQ® range of smart appliances and safety solutions
enable users to monitor and maintain their homes from a smartphone.
Sales of the Hom-Bot robotic vacuum cleaner alone exceeded 400,000
in the first half of 2016. In 2016, 80 million smart home
devices were shipped worldwide, a 64% increase from 2015.
A video of how the attack could be done can be viewed, here.To
learn more about this vulnerability, visit the Check Point
blog.
Follow Check Point via:Twitter:
http://www.twitter.com/checkpointswFacebook:
https://www.facebook.com/checkpointsoftwareBlog:
http://blog.checkpoint.com YouTube:
http://www.youtube.com/user/CPGlobalLinkedIn:
https://www.linkedin.com/company/check-point-software-technologies
About Check Point Software Technologies
Ltd.Check Point Software Technologies Ltd.
(www.checkpoint.com) is a leading provider of cyber security
solutions to governments and corporate enterprises globally. Its
solutions protect customers from cyber-attacks with an industry
leading catch rate of malware, ransomware and other types of
attacks. Check Point offers a multilevel security architecture that
defends enterprises’ cloud, network and mobile device held
information, plus the most comprehensive and intuitive one point of
control security management system. Check Point protects over
100,000 organizations of all sizes.
Investor ContactKip E. Meintzer Check Point
Software Technologies +1.650.628.2040 ir@checkpoint.com
Media Contact Emilie Beneitez Check Point
Software Technologies +44 (0) 7785 381
302press@checkpoint.com
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Mar 2024 to Apr 2024
Check Point Software Tec... (NASDAQ:CHKP)
Historical Stock Chart
From Apr 2023 to Apr 2024