SmartThings & Cybersecurity

Some companies, when they discover faults in their products, rush to cover it up. Others come forward openly as they seek to fix whatever problems they've discovered.

One of the reasons we believe in fellow home automation company SmartThings is because they're the latter. After researchers at the University of Michigan discovered several critical cybersecurity vulnerabilities with the SmartThings platform, they collaborated together to patch up those problems.

Essentially, the SmartThings platform had a cybersecurity issue known as overprivilege. This means that the SmartThings platofrm granted more access to smart devices than originally intended. Because of that, devices could do things they aren't programmed to do. Loopholes researchers found included activities such as making an unauthorized door key for an electronic lock, turn off a home set to vacation mode, and even make the fire alarms unnecessarily turn on.

While researchers did find these vulnerabilities, the issues haven't actually caused problems for consumers yet. Nevertheless, SmartThings is working to find and secure the issues. According to SmartThings, the vulnerabilities are primarily caused by two specific scenarios: the installation of a malicious SmartApp, and the failure of third-party developers to follow SmartThings guidelines on how to keep their code secure. The company has updated its best-practices guide in an effort to help developers.

SmartThings also performs regular security checks and works with third-party experts to solve problems like these and keep their cybersecurity safe. Keep up the good work, SmartThings!