Incident Details

Incident: SmartThings Platform Vulnerabilities Lead to Home Security Risks

Published Date: 2016-05-02

Postmortem Analysis
Timeline	1. The software failure incident happened in May 2016. - The incident was reported in articles published on May 2, 2016 ([44150, 43759]).
System	1. Samsung's SmartThings platform [44150, 43759] 2. Android app designed to control SmartThings systems [44150, 43759] 3. SmartThings' flawed implementation of OAuth authentication protocol [43759] 4. SmartThings' system of privileges for apps [43759]
Responsible Organization	1. Security researchers from Microsoft Research and the University of Michigan [44150, 43759] 2. Hackers exploiting vulnerabilities in Samsung's SmartThings platform [44150, 43759]
Impacted Organization	1. SmartThings platform users were impacted by the software failure incident as they were vulnerable to potential attacks that could compromise the security of their connected home devices [44150, 43759]. 2. Third-party Android app users designed to control SmartThings systems were also impacted by the phishing attack that could exploit a redirect bug and capture login data [44150]. 3. Users of the Rule Machine third-party SmartThings app were indirectly impacted as the creator decided to stop supporting the software due to ongoing serious degradation of the SmartThings platform [44150].
Software Causes	1. The failure incident was caused by design flaws in Samsung's SmartThings platform, including badly controlled limitations of apps' access to connected devices and an authentication system vulnerability that allowed hackers to impersonate legitimate users [43759]. 2. The incident involved a flaw in SmartThings' implementation of the OAuth authentication protocol, which was exploited by the researchers to plant a backdoor PIN code in a digital lock, allowing unauthorized access to homes [43759]. 3. The incident also highlighted a design flaw in SmartThings' system of privileges for apps, where a malicious app disguised as a battery monitor could gain unauthorized access to devices, disable security settings, trigger smoke detectors, and steal PIN codes [43759].
Non-software Causes	1. Lack of proper control limitations for apps' access to features of connected devices [43759] 2. Flawed implementation of a common authentication protocol known as OAuth [43759] 3. Design flaws in SmartThings' system of privileges for apps [43759]
Impacts	1. The software failure incident allowed hackers to potentially take over smart locks connected to Samsung's SmartThings platform, leading to security vulnerabilities and the ability to inject new codes into door locks [44150, 43759]. 2. The incident raised concerns about the security of smart home platforms and the potential risks associated with Internet of Things devices, highlighting the need for improved security measures and user awareness [44150, 43759]. 3. The incident caused disruptions and frustrations among users of the SmartThings platform, leading to the discontinuation of support for certain third-party apps and concerns about the platform's reliability [44150]. 4. The incident prompted SmartThings to implement updates to enhance security and protect against potential vulnerabilities, demonstrating the need for continuous improvement and collaboration with security researchers [44150].
Preventions	1. Implementing a more robust certification and code review process for third-party apps on the SmartThings platform could have prevented the software failure incident [44150, 43759]. 2. Addressing design flaws in the SmartThings platform related to limitations of apps' access to connected devices and authentication vulnerabilities could have prevented the incident [43759]. 3. Fixing the overprivilege issue in SmartThings' platform by ensuring that apps only have access to the specific functionalities they are intended for could have prevented the incident [43759].
Fixes	1. Implementing additional security review requirements for the publication of any SmartApp on the SmartThings platform to ensure malicious SmartApps are not approved for publication [43759]. 2. Fixing the authentication vulnerability that allowed the addition of a secret lock PIN on the Android app that was exploited by the researchers [43759]. 3. Addressing the design flaw in SmartThings' system of privileges for apps to prevent overprivilege issues, ensuring that apps only have access to the features they are intended to control [43759]. 4. Continuously working on improving the security of the SmartThings platform based on the recommendations of security researchers and collaborating with them to address potential vulnerabilities [44150].
References	1. Security researchers from Microsoft Research and the University of Michigan [Article 44150] 2. University of Michigan and Microsoft researchers [Article 43759]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident related to security vulnerabilities in Samsung's SmartThings platform has happened again within the same organization. The incident involved potential attacks by hackers exploiting design flaws in the SmartThings system, such as an authentication vulnerability and overprivileged apps [43759, 44150]. (b) The incident also highlights the broader issue of security vulnerabilities in networked home systems and the Internet of Things, indicating that similar risks exist for other organizations and their smart home platforms [43759].
Phase (Design/Operation)	design, operation	(a) The software failure incident related to the design phase is evident in the SmartThings platform's vulnerabilities discovered by security researchers. The researchers found design flaws in SmartThings that allowed them to develop attacks exploiting limitations of apps' access to connected devices and an authentication system vulnerability [43759]. These design flaws, such as poorly controlled limitations of apps' access and an authentication system flaw, contributed to the potential attacks on the SmartThings system [43759]. (b) The software failure incident related to the operation phase is highlighted by the potential impact of malicious SmartApps or the failure of third-party developers to follow security guidelines on the SmartThings platform. The attacks demonstrated by the researchers required convincing victims to download malware disguised as an app from the SmartThings app store, which could then be used to disable security settings, trigger alarms, or steal PIN codes [43759]. These operational failures could occur if users unknowingly download malicious apps or if developers do not adhere to security best practices, leading to unauthorized access and control of smart home devices.
Boundary (Internal/External)	within_system, outside_system	(a) The software failure incident reported in the articles is primarily within the system. The incident involved vulnerabilities within Samsung's SmartThings platform that allowed hackers to exploit design flaws and authentication vulnerabilities to carry out attacks on connected home devices [43759, 44150]. The attacks were demonstrated by researchers from Microsoft and the University of Michigan, highlighting flaws in the SmartThings platform that could be leveraged to compromise the security of users' smart homes. (b) Additionally, the incident also involved external factors as hackers could exploit these vulnerabilities by tricking users into clicking malicious links or downloading malware disguised as legitimate apps [43759, 44150]. The phishing attack and malware distribution tactics used by hackers to gain access to the SmartThings platform and control connected devices demonstrate how external factors can be manipulated to exploit weaknesses within the system.
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident occurring due to non-human actions: - The software failure incident in the articles was primarily due to design flaws and vulnerabilities in the Samsung SmartThings platform that allowed for potential attacks by hackers without direct human involvement [44150, 43759]. - The attacks demonstrated by the researchers involved exploiting flaws in the SmartThings system, such as poorly controlled limitations of apps' access to connected devices and an authentication system that could be manipulated to impersonate legitimate users [43759]. - One of the attacks involved exploiting a flaw in the SmartThings web server through a redirect bug in a third-party Android app, allowing hackers to inject a new code into a SmartThings-controlled door lock without direct human interaction [44150]. - The researchers also highlighted a design flaw in SmartThings' system of privileges for apps, which could be exploited by malware disguised as an app in the SmartThings app store to gain unauthorized access to devices and perform malicious actions [43759]. (b) The software failure incident occurring due to human actions: - The incident also involved human actions such as users clicking on malicious links or potentially downloading malware disguised as apps from the SmartThings app store, which could further exacerbate the security vulnerabilities in the system [44150, 43759]. - The researchers demonstrated how attackers could trick users into clicking on malicious links or downloading malware, leading to potential compromise of their SmartThings-connected devices [43759]. - While the attacks themselves did not require direct human actions for exploitation, the initial entry points for these attacks, such as clicking on malicious links or downloading malware, were facilitated by human interactions with the system [44150, 43759].
Dimension (Hardware/Software)	software	(a) The software failure incident reported in the articles is primarily related to software issues rather than hardware. The incident involves vulnerabilities and design flaws in the Samsung SmartThings platform, which is a networked home system allowing control of home appliances through smartphones or PCs. The attacks identified by the researchers were based on exploiting flaws in the SmartThings platform's software, such as poorly controlled limitations of apps' access to connected devices, an authentication system vulnerability, and a flawed implementation of the OAuth protocol [43759, 44150]. The attacks demonstrated by the researchers involved manipulating the software to plant backdoor PIN codes in digital locks, triggering smoke detectors remotely, and stealing PIN codes from door locks. These actions were made possible by exploiting software vulnerabilities rather than hardware issues. The incidents highlighted the importance of addressing software vulnerabilities and overprivilege in smart home platforms to enhance security and prevent potential attacks.
Objective (Malicious/Non-malicious)	malicious	(a) The software failure incident described in the articles is malicious in nature. Security researchers from Microsoft Research and the University of Michigan discovered four potential attacks that hackers could use against Samsung's SmartThings platform, including phishing attacks and malware downloads aimed at taking over smart home devices [44150, 43759]. The attacks involved exploiting design flaws and authentication vulnerabilities in the SmartThings system to gain unauthorized access and control over connected devices, such as door locks and smoke detectors. The attacks were demonstrated to show how hackers could plant backdoors, steal PIN codes, trigger alarms, and gain silent access to homes, highlighting the malicious intent behind the software failure incident. The researchers also emphasized the potential risks posed by overprivileged apps in the SmartThings platform, further underscoring the intentional harm that could be caused by exploiting these vulnerabilities.
Intent (Poor/Accidental Decisions)	poor_decisions	(a) The intent of the software failure incident related to poor_decisions: - The software failure incident related to poor decisions is evident in the security vulnerabilities discovered in Samsung's SmartThings platform. Researchers found design flaws and authentication vulnerabilities that allowed for potential attacks on the system [43759]. - The incident involved a flaw in the SmartThings web server known as an "open redirect," which was exploited by the researchers to plant a backdoor in the front door lock. This flaw was a result of poor implementation of a common authentication protocol [43759]. - The researchers highlighted a design flaw in SmartThings' system of privileges for apps, which allowed for greater access to devices than intended. This flaw could be exploited by convincing victims to download malware disguised as an app from the SmartThings app store [43759]. (b) The intent of the software failure incident related to accidental_decisions: - The software failure incident was not primarily due to accidental decisions but rather due to deliberate actions taken by the researchers to identify and exploit vulnerabilities in the SmartThings platform [43759]. - The attacks demonstrated by the researchers required a level of trickery and planning, such as convincing victims to click on malicious links or download disguised malware, indicating a deliberate intent to exploit the system's weaknesses [43759]. - The incident involved intentional actions to reverse engineer an Android app, exploit authentication flaws, and demonstrate potential attacks on SmartThings devices, indicating a calculated approach to uncovering security vulnerabilities [43759].
Capability (Incompetence/Accidental)	development_incompetence, accidental	(a) The software failure incident related to development incompetence is evident in the articles. The security researchers from Microsoft Research and the University of Michigan identified four potential attacks against Samsung's SmartThings platform due to design flaws and authentication vulnerabilities [44150, 43759]. These vulnerabilities allowed hackers to exploit flaws in the system, such as an open redirect bug and overprivileged app capabilities, to gain unauthorized access to smart home devices like door locks and smoke detectors. The researchers highlighted issues with the SmartThings platform's authentication protocol and the lack of proper restrictions on apps' access to connected devices, indicating a lack of professional competence in ensuring robust security measures during development. (b) The software failure incident also involved accidental factors. The researchers discovered that the SmartThings platform had design flaws that inadvertently allowed for severe security breaches, such as planting backdoor PIN codes in digital locks and triggering smoke detectors remotely [43759]. These accidental vulnerabilities were exploited by the researchers to demonstrate how attackers could compromise the security of smart home devices through malicious apps and phishing attacks. Despite SmartThings' efforts to address the vulnerabilities, the researchers emphasized the need for better security measures to prevent accidental exploitation of the platform's weaknesses.
Duration	permanent	(a) The software failure incident described in the articles can be categorized as a permanent failure. The incident involved serious security vulnerabilities in Samsung's SmartThings platform that allowed hackers to exploit design flaws and authentication vulnerabilities to take control of connected home devices, such as door locks and smoke detectors. The vulnerabilities were not limited to specific circumstances but were inherent in the platform's architecture, making it a persistent risk for users [43759, 44150]. The security researchers identified flaws in the SmartThings platform that could be exploited to plant backdoors in door locks, trigger smoke detectors remotely, and steal PIN codes. These vulnerabilities were not limited to a specific scenario but represented fundamental weaknesses in the platform's security design, making them ongoing risks for users [43759, 44150].
Behaviour	value, other	(a) crash: The articles do not mention any instances of a crash where the system loses state and does not perform any of its intended functions. (b) omission: The software failure incident described in the articles does not involve the system omitting to perform its intended functions at an instance(s). (c) timing: The incident does not involve the system performing its intended functions correctly but too late or too early. (d) value: The software failure incident falls under the category of a value failure. It involves the system performing its intended functions incorrectly. Specifically, the incident describes how hackers could exploit vulnerabilities in Samsung's SmartThings platform to take over smart locks and perform unauthorized actions, such as injecting new codes into door locks and planting backdoor PIN codes in digital locks [43759]. (e) byzantine: The incident does not exhibit a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: The behavior of the software failure incident can be categorized as a security vulnerability. The incident involves potential attacks on Samsung's SmartThings platform, including phishing attacks, malware downloads, and exploitation of authentication flaws, leading to unauthorized access and control over smart home devices [43759, 44150].

IoT System Layer

Layer	Option	Rationale
Perception	sensor, network_communication, embedded_software	(a) sensor: The software failure incident discussed in the articles is related to the perception layer of the cyber physical system that failed due to contributing factors introduced by sensor error. The incident involved attacks on Samsung's SmartThings platform, which allows users to control home appliances from light bulbs to locks with a PC or smartphone. Researchers found design flaws in SmartThings that allowed them to develop attacks, including exploiting a flaw in the SmartThings web server through a redirect bug in a third-party Android app designed to control SmartThings systems [43759]. (b) actuator: The software failure incident did not specifically mention any failure related to the actuator in the cyber physical system. (c) processing_unit: The incident did not directly involve a failure related to the processing unit of the cyber physical system. (d) network_communication: The software failure incident involved vulnerabilities in the network communication aspect of the SmartThings platform. Researchers discovered flaws in SmartThings' flawed implementation of a common authentication protocol known as OAuth, which allowed them to exploit an open redirect bug in the SmartThings web server through a third-party Android app [43759]. (e) embedded_software: The incident highlighted vulnerabilities in the embedded software of the SmartThings platform. Researchers identified a design flaw in SmartThings' system of privileges for apps, which allowed them to demonstrate attacks by convincing victims to download malware disguised as an app from the SmartThings app store. This malware could then have greater access to devices than intended, enabling actions like disabling "vacation mode," setting off a smoke detector, or stealing PINs from door locks [43759].
Communication	connectivity_level	The software failure incident discussed in the articles is related to the communication layer of the cyber-physical system that failed at the connectivity level. The failure was due to contributing factors introduced by the network or transport layer. The incident involved vulnerabilities in Samsung's SmartThings platform that allowed hackers to exploit flaws in the system's design, including poorly controlled limitations of apps' access to connected devices and an authentication system that could be impersonated by hackers [43759]. The attackers were able to exploit an authentication vulnerability in SmartThings' flawed implementation of the OAuth protocol, allowing them to plant a backdoor PIN code in a digital lock and gain unauthorized access to the system [43759]. Additionally, the researchers demonstrated that attackers could trick victims into clicking on malicious links that would redirect them to the SmartThings website, enabling the attackers to capture login credentials and inject new codes into SmartThings-controlled devices [44150]. This attack vector exploited a redirect bug in a third-party Android app designed to control SmartThings systems [44150]. Overall, the failure in this software incident was primarily at the connectivity level, involving network vulnerabilities and flaws in the authentication system of the SmartThings platform.
Application	TRUE	The software failure incident described in the articles was related to the application layer of the cyber physical system. The failure was due to contributing factors introduced by bugs, operating system errors, unhandled exceptions, and incorrect usage. The incident involved security vulnerabilities in Samsung's SmartThings platform, where researchers discovered flaws that allowed them to exploit the system through various attacks. These attacks included phishing attempts, malware downloads, and exploiting design flaws in the SmartThings system [43759, 44150]. The vulnerabilities allowed attackers to take control of connected devices, such as door locks, and perform unauthorized actions like triggering smoke detectors or planting backdoor PIN codes in digital locks. The attacks demonstrated by the researchers highlighted issues at the application layer of the SmartThings platform, including flaws in authentication protocols, open redirects, and overprivileged app capabilities. These issues could be exploited by attackers to compromise the security of the smart home system [43759, 44150].

Other Details

Category	Option	Rationale
Consequence	harm, property, non-human, theoretical_consequence	(a) death: There is no mention of any deaths resulting from the software failure incident in the articles [44150, 43759]. (b) harm: The articles discuss potential harm that could result from the software failure incident, such as unauthorized access to homes through the manipulation of smart locks, triggering smoke detectors at will, and stealing PIN codes for door locks [44150, 43759]. (c) basic: There is no mention of people's access to food or shelter being impacted due to the software failure incident in the articles [44150, 43759]. (d) property: The software failure incident impacted people's property in terms of potential unauthorized access to homes, manipulation of smart locks, and potential theft of PIN codes for door locks [44150, 43759]. (e) delay: There is no mention of people having to postpone an activity due to the software failure incident in the articles [44150, 43759]. (f) non-human: Non-human entities, such as smart home devices like smoke detectors and door locks, were impacted by the software failure incident as they could be manipulated or triggered by malicious actors [44150, 43759]. (g) no_consequence: The articles do not mention that there were no real observed consequences of the software failure incident [44150, 43759]. (h) theoretical_consequence: The articles discuss potential consequences of the software failure incident, such as the ability for attackers to gain unauthorized access to homes, plant backdoor PIN codes in digital locks, and trigger smoke detectors remotely [44150, 43759]. (i) other: The articles do not mention any other specific consequences of the software failure incident beyond those related to harm, property, and theoretical consequences [44150, 43759].
Domain	information	(a) The failed system was related to the information industry as it involved a security analysis of emerging smart home applications connected to Samsung's SmartThings platform, which allows users to control their home appliances from light bulbs to locks with a PC or smartphone [43759]. (b) The incident did not directly involve the transportation industry. (c) The incident did not directly involve the natural resources industry. (d) The incident did not directly involve the sales industry. (e) The incident did not directly involve the construction industry. (f) The incident did not directly involve the manufacturing industry. (g) The incident did not directly involve the utilities industry. (h) The incident did not directly involve the finance industry. (i) The incident did not directly involve the knowledge industry. (j) The incident did not directly involve the health industry. (k) The incident did not directly involve the entertainment industry. (l) The incident did not directly involve the government industry. (m) The incident was related to the smart home industry, which falls under the broader category of the technology industry.

Sources

Security researchers warn of key vulnerabilities in Samsung's SmartThings platform - CNET - Published on: 2016-05-02
Article ID: 44150
Flaws in Samsung's 'Smart' Home Let Hackers Unlock Doors and Set Off Fire Alarms - WIRED - Published on: 2016-05-02
Article ID: 43759

Back to List