Samsung SmartThings Hub Vulnerable to Hacks: Check Yours Now

If you own a Samsung SmartThings Hub to control your smart-home devices, check to make sure its firmware has been automatically updated, as a number of security flaws were recently found in the Hub.

Credit: Samsung

(Image credit: Samsung)

An attacker could chain together several of the vulnerabilities to take over the SmartThings Hub and unlock smart locks on your front door, use smart cameras to watch you, turn your smart lights off and on and, well, adjust the settings on your smart thermostat.

Samsung pushed out a firmware patch for the flaws earlier this month. As Samsung SmartThings Hubs are designed to automatically update their own firmware, you're probably all right, but you'll still want to check. [UPDATE: Samsung confirmed with us that only the second-generation Hub was affected, and that updates have been pushed out to all active units.]

MORE: Best Smart Home Hubs

It's not clear if other devices that use Samsung SmartThings Hub software, including the Samsung Connect Home, ADT Security Hub, Nvidia Shield or the first-generation Hubs are affected by these flaws. We're checking with Samsung and will update this story when we learn more.

Cisco's Talos lab detailed last week how it found 20 different vulnerabilities in firmware version 0.20.17, which runs on second-generation Samsung SmartThings Hubs (model numbers STH-ETH-200, STH-ETH-250, F-HUB-US-2, F-HUB-UK-2, F-H-ETH-001 and possibly others).

The second-generation Hub has two USB ports on the back, while the first-generation Hub has none.

"Samsung did a lot of things right and should be commended for the way they designed their devices to be easily updated," Cisco Talos official Craig Williams told ZDNet.

To make sure your Hub's firmware is up to date, check the SmartThings mobile app. In the newer version of the app, tap Devices, then Hub, then the three dots on the upper right, then Information, then Firmware Version. In the older version of the app, tap the menu icon, then Hub, then scroll to Firmware Version.

As of this writing, the latest firmware version for second-generation Hubs was 000.022.00014, or 22.14.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.