
Bug in Mobile App Lets Hackers Take Control of LG Smart Devices (bleepingcomputer.com) 37
A reader shares a BleepingComputer report: LG Electronics has avoided a security disaster this summer after it worked with security researchers to patch a vulnerability in the mobile app that customers are using to control a breadth of LG smart home devices. The vulnerability affects the LG SmartThinQ app used to control all of LG's "smart" home appliances, a list that includes devices such as smart ovens, vacuums, dishwashers, refrigerators, washing machines, dryers, air conditioners, and more. The flaw was discovered by security researchers from Israeli firm Check Point, who reported the problem to LG technicians. According to researchers, an attacker would have been able to hijack the authentication process that occurs between the SmartThinQ app and LG's servers. The attacker could have been able to take over a user's account and control devices in the user's home, and paired with the user's profile. For example, attackers could have overheated ovens, altered a home's temperature via AC units in a Mr.Robot-style hack, or spied on users via camera-enabled devices.