back to article Smart? Don't ThinQ so! Hacked robo-vacuum could spy on your home

LG SmartThinQ smart home devices were totally hackable prior to a recent security update, according to new research. The so-called HomeHack vulnerabilities in LG's SmartThinkQ mobile app and cloud application created a means for hackers to remotely log into the SmartThinQ cloud application and take over the user's LG account, …

  1. Daedalus

    Prototypical!

    "Hey guys, we want a prototype that we can take to show prospective customers. No need to worry about security and so forth, just knock something together and we'll get Design to put it in a nice looking case"

    "The customers love it. We're going to production right away."

  2. This post has been deleted by its author

  3. Ralph the Wonder Llama
    Joke

    "IoT hackers might be able to gain control of the LG Hom-Bot vacuum cleaner's video camera."

    Well, that sucks.

    HAHAHAHAHA.

  4. Tim Brown 1

    Uhm...

    Darling, why does the new vacuum cleaner keep following me into the bathroom?

  5. Doctor Syntax Silver badge

    "manager of smart development team"

    A really smart development team would have sorted this out before shipping products.

    1. stevel
      Pirate

      Yars. Obligatory comic reference....and not even XKCD!

      http://www.commitstrip.com/en/2017/06/19/security-too-expensive-try-a-hack/

  6. Anonymous Coward
    Anonymous Coward

    Good to see they got the patches out fast, usually the customer just has to suck it up.

  7. tiggity Silver badge

    Fire

    Why would you allow remote access to control washing machines, dryers etc.? i.e. appliances that have a history of occasionally catching fire in use (often enough to be a treated as a serious fire risk by the cautious).

    I only have those sort of "high" fire risk appliances on when I am in the house, just in case.

    Disclosure: Several acquaintances have had their houses burn down due to appliance fires, tends to focus the mind on the risks of unattended use.

  8. djstardust

    LG

    Are a fucking disaster.

    Their phones are poor quality and they try any excuse not to honour the warranty, even down to if you're not the first owner the warranty is completely void.

    Their washing machines are crap, they go out of balance constantly and won't spin, but that's my fault for not loading it properly. the smart diagnosis doesn't work over the phone and the Android app doesn't even start.

    Utter shambles of a company. Best avoided at all costs.

    1. Mage Silver badge

      Re: LG

      I think almost all consumer electrical products are now pretty rubbish.

      Bad ergonomics

      Insecure

      Short life due to too poor capacitors

      Short life due to post design cost reduction

      Unreliable and poor operation due to cost reduction

      Inability to perform / short life due to excessive power saving (Lights, Dishwasher, toaster etc).

  9. Mage Silver badge
    Flame

    Smart Devices?

    Perhaps we should call them stupidly designed gadgets bought by people with more money than sense.

    Though it's hard to get things WITHOUT internet built in. The solution is DON'T connect them to your WiFi or ethernet.

    Why has "Marketing" and "Media" decided that something connected to Internet makes it "smart". It would be nice if I could use the ethernet on my Sony TV to say, browse and play stuff on the server, in practice the Android TV GUI is a joke, the T&C you must agree to Google/Sony Slurp just to tune aerial is an insult (Is it even legal?), the inability to record on a USB HDD unless it's dedicated, wiped and encrypted, the voice control, monitoring of what the HDMI BD/DVD player does etc means that it's just a crippled version of TV that's not "Smart". No way am I connecting ANY setbox or TV today to the Internet/my LAN.

    1. Mark 65

      Re: Smart Devices?

      Problem is we are rapidly moving towards the point where you cannot get a dumb alternative. Admittedly we don't seem to yet be so fucked that you need to provide a connection or these things won't work at all so a certain amount of idiocy is required.

      The issue I have is when manufacturers don't allow alternative access. For example, Daikin air conditioners offer App control of their split systems via: direct phone to unit; phone to unit via LAN; or phone to unit via external Daikin portal. This at least gives you the option of having control without allowing access from the portal which IMHO is just a giant honeypot waiting to be hacked.

      For a lot of IoT devices access is strictly via the manufacturers portal and that is the disaster waiting to happen.

      With LAN access at least the savvy can block external outbound comms but have control via a VPN link from their phone back to their network.

  10. Steve Davies 3 Silver badge

    IOT Systems Vunerable?

    Not News. Move along there. Nothing to see

    Please come back when an IoT solution isn't vunerable to grade 1 hackers.chancers.

    Just more confirmation that my decision to NOT allow any of this [redacted] [redacted] into my home was the right one.

  11. John Smith 19 Gold badge
    Go

    OMFG this is *huge*. "disclosed.vulnerability on July 31. LG fixed..issues..end of September

    Seriously.

    That is (by IoT standards) phenomenal

    Obviously it would have been better if they weren't there in the first place, and hopefully they will have updated there build process to not include many of them in future.

    Of course wheather you actually need to have all your stuff monitoreable through your phone (because you run everything in your fridge right up to the use by date, which you can't remember) is another question.

  12. David Roberts
    Coat

    Hom bot?

    Really?

    My sordid mind is reminded of the homosexual smuggler who was caught with a false bottom in his suitcase.

    Not of a modern intelligent self motivating vacuum cleaner.

    Left pondian marketing team? Remember, kiddies, when left of the pond never ask to bum a fag.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like