Check Point Software Technologies discovered a serious security vulnerability in LG smart products that exposed millions of homes to hackers from around the world. By exploiting the vulnerability, the hackers spied on homeowners and were able to figure out when the houses were empty. According to Check Point, the issue was discovered in July and fixed after two months.
Watch: What you don’t suspect from your smart product at home
The Israeli cybersecurity giant Check Point Software Technologies revealed Thursday that a severe security vulnerability in LG smart products has been discovered. Hackers have exploited the vulnerability in order to control the devices and surveil the millions of homes where the products are used, making it easier for burglars to spy on homeowners and know when the home is empty. The issue was discovered in July and fixed after two months.
According to Check Point, the security issue was found in the mobile app SmartThinkQ and the LG cloud platform. When hackers gain access to LG user accounts, they can control all the smart electronic devices that are connected to the accounts, such as vacuum cleaners, refrigerators, ovens, washing machines, dryers and air conditioning units.
If an account is linked to an LG Hom-Bot robotic vacuum cleaner, the hackers can monitor the movements and actions of the homeowners through the device’s camera, which streams a live feed to the smartphone using the app. The hackers can also interfere with refrigerator data, change air-conditioning settings and turn on stoves and ovens that are connected to the hacked accounts.
From the “eye” of the vacuum cleaner Photo Credit: Check Point/Channel 2 News
“We are seeing that as more and more smart products are being introduced into homes, hackers are abandoning the attempt to take over a single device and focusing on gaining access to apps that operate networks of devices,” Oded Vanunu, Check Point’s product vulnerability chief.
Check Point recommended that those who use the SmartThinkQ app to operate their smart home devices make sure that they have downloaded the most updated version of the software from the LG website.