Security Experts Unveil Vulnerabilities in Samsung’s SmartThings
Researchers at the University of Michigan have exposed security flaws in Samsung‘s SmartThings platform, which is designed to give consumers a means to remotely monitor and control lights, video cameras, door locks or security systems.
The researchers devised and demonstrated what they call a “lock-pick malware app” that is disguised as an app to monitor the battery level of an electronic door lock linked to a user’s SmartThings platform. In fact, the malicious code monitors communications between the platform and the lock, and if a user changes the PIN code used to unlock the door, the new code is automatically forwarded to the researcher’s app via an SMS text message. A second hack showed that they could use an app that can be downloaded from the SmartThings app store to generate new PIN codes for the same type of door lock, without a user’s knowledge.
The team also discovered a way to alter a SmartThings app in a way that would turn off the “vacation mode” setting in a separate app that lets homeowners program the timing of lights or blinds while they are away on vacation, in order to help secure the home. Lastly, they determined that they could exploit a SmartThings-platform-connected fire alarm by having other apps on the platform send it messages that would trigger it to alarm. The researchers say these exploits were aided by the way in which the SmartThings platform is designed, which gives apps running on the platform what the researchers call “over privilege”—too much access to devices, and to the messages those devices generate.
In addition, SmartThings often provides apps with access to devices running the platform even if the code describing the app clearly does not necessitate that access. This, combined with a bug that allowed the team to use an authentication method called OAuth incorrectly, is how they were able to write the app to generate new PIN codes for door locks, the researchers explain.
The platform’s event subsystem—a stream of messages that devices generate as they are programmed and carry out instructions—has an insecurity that the researchers also compromised. This, the team reports, enabled them to trigger the fire alarm using other apps.
The researchers note that they advised Samsung of the vulnerabilities in December 2015, and that the company told them it would address these issues. Despite this, the researchers were able to repeat one of the door lock hacks again a few weeks ago.
SmartThings provided a statement indicating that it is exploring “long-term, automated, defensive capabilities to address these vulnerabilities.” The researchers will present a paper discussing their findings on May 24 at the IEEE Symposium on Security and Privacy, being held in San Jose, Calif.
GlobeRanger Upgrades iMotion for Easier Cloud Connectivity
GlobeRanger, a supply chain and asset-tracking software provider that serves the aerospace, manufacturing, food and drug sectors, has upgraded its iMotion Edgeware platform, which connects, manages and processes data from edge devices, such as gateways and RFID readers. iMotion 7.0 offers new features designed to enable developers to use iMotion as part of larger IoT platforms, including Amazon Web Services (AWS), Microsoft Azure IoT, GE Predix and IBM Watson, by adding support for the MQTT messaging protocol, greater scalability and support for .NET 4.6.
Eric Pearson, GlobeRanger’s VP of engineering and chief architect, says adding MQTT support means GlobeRanger customers who want to link iMotion to cloud-based platforms that require MQTT-based integration can now do so.
Microsoft Buys Italian IoT Platform Provider Solair
Microsoft reports that it has acquired Solair, a five-year-old company, founded in Italy, that makes Internet of Things software and an IoT gateway designed for enterprise and industrial applications. Solair’s products are designed to connect workplace machines or devices to the cloud, either directly (via Web protocols) or through its gateway device (via field protocols such as Modbus).
For example, Rancilio Group uses Solair’s gateway and software to remotely monitor the espresso machines it manufactures. The application enables the machines to be programmed remotely, alerting the company and its third-party maintenance providers if any machine is not operating properly or fails. Solair also provides cloud-connectivity services to a number of manufacturers, including Bosch.
Solair already runs on Microsoft’s Azure cloud platform, and Microsoft plans to integrate Solair’s products into its Azure IoT Suite for its customers to use. Financial terms of the deal have not been released.
Nokia Joins Z-Wave Alliance
The Z-Wave Alliance, a membership organization that works to promote the adoption of the Z-Wave wireless communication protocol for smart-home products, reports that telecommunications company Nokia, looking to advance its smart-home product-development strategy, has become a Z-Wave Alliance member. In a statement, Leopold Diouf, Nokia’s general manager of digital homes, said that using the Z-Wave protocol will allow Nokia to combine its “core offerings of residential gateways for communication and entertainment to gateways that support Internet of Things functionality.”
In 2008, Nokia introduced an early smart-home platform called the Home Control Center, which was made to control lighting, heating and cooling systems, but shuttered that product line before releasing it. Carol DeMatteo, a Nokia spokesperson, says she could not provide more details regarding the Z-Wave-compliant home-networking products that Nokia is planning, except that it expects to launch them later this year.
Last week, Nokia announced its intension to acquire Withings, which makes smart-home devices (as well as wearable devices designed to track fitness and well-being) that communicate via Bluetooth and Wi-Fi connections. DeMatteo says that it is too early to speculate over whether future Withings products for the home, such as its smart scale, may eventually add Z-Wave support, especially given that the sale has not yet been finalized.