Samsung's Smart Home Platform Is Full of Security Holes

The “smart home” is a Jetsonian future concept in which all our domestic needs are automated. As it stands today, however, smart devices are buggy and often very easy to hack. The latest scary example of a security failure comes from a team of researchers at the University of Michigan who managed to hack one of the most popular smart home ecosystems in the world.


Samsung’s SmartThings is one of our favorite smart home systems because it can do so much for so little cost. Unfortunately, the open ecosystem that makes it so versatile ends up being one of its biggest weakness when it comes to security.

In the video above, researchers show how they were able to pull off four successful proof-of-concept hacks by creating malicious apps. The hacks allow the researchers to open electronic locks, change a smart home’s “vacation” settings, and even set off a house’s fire alarm with false messages. According to these white-hat hackers, the main issue is “over-privilege,” meaning apps on the SmartThings platform have too much access to connected devices.

Atul Prakash, one of the researchers on the project, explains why this is such a big vulnerability. “Say you give someone permission to change the lightbulb in your office, but the person also ends up getting access to your entire office, including the contents of your filing cabinets.”

The University of Michigan and SmartThings have been working for the past few weeks to fix these vulnerabilities. In a statement to Gizmodo, SmartThings adds that “potential vulnerabilities disclosed in the report are primarily dependent on two scenarios - the installation of a malicious SmartApp or the failure of third party developers to follow SmartThings guidelines on how to keep their code secure.” The CEO of SmartThings has also addressed these new hacks in a blog post.

So in a perfect world, this wouldn’t be a problem—but the world is far from perfect. Simply put, smart homes have a long way to go before you can be confident that they’re secure. One of the biggest problems with any smart ecosystem is that it inevitably makes your home a bigger target for hackers. Once a hacker is inside your smart fridge or electronic lock, it doesn’t take much for them to gain access to the whole system.

Luckily, most hackers usually go after targets where they can make the most money, like a cache of credit card data. A single smart home isn’t exactly an appealing target. But if you don’t like the idea of potentially handing over the keys to your kingdom, maybe it’s best to give smart home tech some more time to grow up.


[University of Michigan]



I have completely lost faith in the SmartThing platform! I use it to control lights and have door sensors on each exterior door and garage door. I have well over $1,000 invested into the system.

On more than twenty occasions the house will not disarm. Making a siren go off when any door is opened. My wife and I feel like captives inside our own house. I eventually had to remove the siren from the system, we had so many false alarms it was really stressing our dogs out.