If you own a Samsung SmartThings Hub to control your smart-home devices, check to make sure its firmware has been automatically updated, as a number of security flaws were recently found in the Hub.
An attacker could chain together several of the vulnerabilities to take over the SmartThings Hub and unlock smart locks on your front door, use smart cameras to watch you, turn your smart lights off and on and, well, adjust the settings on your smart thermostat.
Samsung pushed out a firmware patch for the flaws earlier this month. As Samsung SmartThings Hubs are designed to automatically update their own firmware, you're probably all right, but you'll still want to check. [UPDATE: Samsung confirmed with us that only the second-generation Hub was affected, and that updates have been pushed out to all active units.]
MORE: Best Smart Home Hubs
It's not clear if other devices that use Samsung SmartThings Hub software, including the Samsung Connect Home, ADT Security Hub, Nvidia Shield or the first-generation Hubs are affected by these flaws. We're checking with Samsung and will update this story when we learn more.
Cisco's Talos lab detailed last week how it found 20 different vulnerabilities in firmware version 0.20.17, which runs on second-generation Samsung SmartThings Hubs (model numbers STH-ETH-200, STH-ETH-250, F-HUB-US-2, F-HUB-UK-2, F-H-ETH-001 and possibly others).
The second-generation Hub has two USB ports on the back, while the first-generation Hub has none.
"Samsung did a lot of things right and should be commended for the way they designed their devices to be easily updated," Cisco Talos official Craig Williams told ZDNet.
To make sure your Hub's firmware is up to date, check the SmartThings mobile app. In the newer version of the app, tap Devices, then Hub, then the three dots on the upper right, then Information, then Firmware Version. In the older version of the app, tap the menu icon, then Hub, then scroll to Firmware Version.
As of this writing, the latest firmware version for second-generation Hubs was 000.022.00014, or 22.14.