LG Electronics has avoided a security disaster this summer after it worked with security researchers to patch a vulnerability in the mobile app that customers are using to control a breadth of LG smart home devices.
The vulnerability affects the LG SmartThinQ app used to control all of LG's "smart" home appliances, a list that includes devices such as smart ovens, vacuums, dishwashers, refrigerators, washing machines, dryers, air conditioners, and more.
The flaw was discovered by security researchers from Israeli firm Check Point, who reported the problem to LG technicians.
Vulnerability allowed hackers to take over LG smart devices
According to researchers, an attacker would have been able to hijack the authentication process that occurs between the SmartThinQ app and LG's servers. The attacker could have been able to take over a user's account and control devices in the user's home, and paired with the user's profile.
For example, attackers could have overheated ovens, altered a home's temperature via AC units in a Mr.Robot-style hack, or spied on users via camera-enabled devices.
Once such device was the LG Hom-Bot smart vacuum, which also comes with an on-board camera. To prove how intrusive the hack could have been, Check Point put together a video showing how the SmartThinQ hack could have allowed an attacker to spy on a family's home.
