If your "internet of things" dishwasher keeps flashing its lights, your smart oven turns on or off by itself, and your webcam-enabled robotic vacuum cleaner keeps stalking you from room to room, you might not be the victim of a poltergeist, but a hacker.
A vulnerability in almost one million LG smartThinQ internet-connected home devices can let hackers break into and take over all your gadgets, causing mayhem and invading personal privacy, Check Point security researchers disclosed Thursday. That includes any LG device or appliance connected to the account, including the robot vacuum, refrigerators, ovens, dishwasher, mashing machines and dryers, and air conditioners.gi
As opposed to hacking the individual devices, the researchers hacked the app that controls them, creating fake LG accounts and using them to take over real LG accounts.
"As more and more smart devices are being used in the home, hackers will shift their focus from targeting individual devices, to hacking the apps that control networks of devices. This provides cyber criminals with even more opportunities to exploit software flaws, cause disruption in users' homes and access their sensitive data," Oded Vanunu, head of products vulnerability research at Check Point, said in a statement.
LG said it started working with the researchers in August after they brought it to their attention and developed a software patch at the end of September. Under best ethical practices, security researchers notify the vendor first and give them a chance to develop a fix before announcing the vulnerability to the world where bad actors could take advantage of it.
So what can you do?
LG smartThinQ users need to make sure to check their apps and make sure they're updated to the latest version.
To update their firmware, users should click on the "smart home product" under the smartThinQ application dashboard.
Over 400,000 LG Hom-Bot robotic vacuum cleaner were sold in the first half of 2016. In total, over 80 million smart home devices were shipped worldwide that year, according to IHS Markit, 64 percent more than in 2015.