Thursday, November 02, 2017 by Jayson Veley
You’ve heard of Smart TVs and certain applications on your phone spying on you, but what about microwaves, refrigerators and vacuums?
According to security researchers, a flaw in the LG SmartThinQ application could allow hackers to take control of various household appliances, such as smart dishwashers, refrigerators, microwaves, dryers and vacuums. Needless to say, if a hacker were able to tap into one of these LG appliances, the results could be devastating. The hacker could use a vacuum cleaner camera to spy on its user, for example, or even turn on a smart oven and increase the temperature to the max.
After being contacted by security experts, LG did end up fixing the problem, but users who have yet to install the latest software update may still be at risk.
The Tel Aviv-based security firm Check Point elaborated on the potential security risks that could arise from smart LG appliances in a recent blog post: “The HomeHack vulnerability could have allowed attackers to stop your refrigerator from working, turn on your oven, access the video camera on your robotic vacuum cleaners and turn the device into a spy in your home.”
LG’s smart vacuum cleaner is equipped with a tiny camera, which is capable of sending live video to the SmartThingQ app. In addition, the robot can also act as a security device due to its ability to send out an alert when movement is detected. Of the smart vacuum, Check Point said: “However, this camera, in the case of account takeover, would allow the attacker to spy on the victim’s home, with no way of them knowing, with all the obvious negative consequences of invasion of privacy and personal security violation.”
Security experts explained that a vulnerability in the login process could allow hackers to intercept traffic between the LG server and the actual appliance. “By manipulating the login process and entering the victim’s email address instead of their own, it was possible to hack into the victim’s account and take control of all LG SmartThinQ devices,” Check Point explained. The security firm added that hackers who tap into these appliances could use the devices as a starting point for further attacks, such as spamming or the spread of malware.
But in the digital age, people unfortunately have more to worry about than vacuums that can spy on you or ovens that can turn themselves on to the max temperature. For many months now, the retail giant Amazon has been at the center of controversy for the notorious Amazon Echo device, which is a constantly-listening Bluetooth speaker that responds to questions and commands, similar to Apple’s virtual assistant Siri.
Last year, it was revealed that the Amazon Echo could easily be hacked and used by government agents to listen in on conversations that you have in your own home. The information collected from these conversations – which may include information regarding music preferences or even finances – can potentially be sold to large corporations for marketing purposes, despite the fact that it is a clear violation of the Fourth Amendment of the Constitution.
It seems as though the more technology advances and the more convenient our lives become as a result, the more of our privacy we sacrifice. The United States is beginning to look more and more like the fictional world created by George Orwell in his famous book 1984, where “big brother” watches over all of society. As we move deeper into the 21st century, technology companies should make a point to find a balance between making our lives more convenient, while at the same time taking the steps necessary to protect the privacy rights of their clients.