![]() Again, however, these aren't trivial steps, but they remain entirely feasible for any advanced attacker. To inspect the traffic, Check Point removed the SSL pinning feature from the code. LG uses SSL pinning, which is designed to avoid man-in-the-middle snooping by taking extra steps to sure that an application is only communicating with an authorized server. Again, Check Point says that LG practiced good security. Next up for analysis was the application's traffic with the Hom-Bot. To evade the root protections, Check Point removed the functions that would cause SmartThinQ to defend itself by shutting down, and then recompiled this protection-free version of the application for study. The SmartThinQ application was designed to stop running if it detected it was running on a "rooted" Android phone, referring to any device that's been modified by a third party who wants to gain high-level access to the innards of its operating system.īy rooting the Android device, Check Point researchers say they were able to obtain a copy of the SmartThinQ application, via an Android debug bridge tool, and eventually to decompile it. To its credit, LG had built-in protections to try to blunt any such code autopsies. Check Point did a comprehensive, under-the-hood examination of the Hom-Bot's code and how it communicates with SmartThinQ, LG's mobile application for its web-connected appliances. The IOT vacuum vulnerability wasn't necessarily easy to find. LG Hom Bot Carpet Care VSR8600RR Vacuum Robot "This camera, in the case of account takeover, would allow the attacker to spy on the victim's home with no way of them knowing, with all the obvious negative consequences of invasion of privacy and personal security violation," Check Point researchers say in a blog post. A demonstration video kicks off with a peppy ukulele number that quickly turns dark when Hom-Bot begins creeping around a house and an office and capturing surreptitious video. ![]() An onboard camera doubles as a motion detector, sending alerts via the web app to its owner.Ĭheck Point, however, found a vulnerability in an LG portal login process that allowed its researchers to take control of the Hom-Bot and its camera, giving them access to live-stream video from inside a home. LG also markets the Hom-Bot as a security device. Why someone might need a Wi-Fi connected vacuum robot remains an open question, but LG has created three versions of the Hom-Bot, which sell for $700 and up. These include washing machines, dryers, refrigerators, dishwashers and vacuum cleaners that can be controlled via a web application. The latest such finding comes via an examination conducted by researchers at Tel Aviv-based security firm Check Point Software into South Korean multinational firm LG's SmartThinQ range of connected devices. See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases As more internet-capable home appliances with built-in cameras, microphones and sensors replace legacy appliances, the potential for exploitable security flaws that might be used for incredibly invasive privacy violations dramatically increases. It also sent a team of experts to the Jincheon facility on Tuesday and to the national team's training center in Seoul on Wednesday to search for spy cameras, but didn't find any, Park said.It doesn't take long for security research into IoT vulnerabilities to swerve into creepy territory. The KOC has launched an independent investigation into the allegations. Police and the KOC didn't name the swimmers. Police are currently analyzing the laptop computer of the swimmer who confessed, to see whether the footage was leaked to the internet. Police said the other swimmer, who according to Park was one of the athletes representing South Korea at the recent Olympics in Rio de Janeiro, has denied involvement. Police in Seoul have been investigating two former national team swimmers over the allegations, and said one of them has admitted installing a camera at the national training facility in Jincheon, central South Korea, and discarding it after footage was taken. The head coach of South Korea's national team resigned Wednesday as police investigate allegations that two male swimmers secretly filmed female swimmers after installing a spy camera in their locker room at a training facility in 2013.Īhn Jong-taek, who was named head coach in 2012, felt responsible for what allegedly happened under his watch, but maintained he and other coaches didn't know what went on, said Park Seong-su, an official from the Korean Olympic Committee. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |