Major security concern, SmartThings clarification requested

Fourier · April 4, 2017, 9:32pm

In light of news about Samsung’s utter failure in securing their Tizen platform, I wanted to ask if the previous plans to move SmartThings hubs to Tizen have progressed, and what that status is.

For those unfamiliar with the Tizen security situation, Ars Technica has a short writeup on it: https://arstechnica.com/gadgets/2017/04/samsungs-tizen-is-riddled-with-security-flaws-amateurishly-written/

tl;dr: an independent security researcher has found numerous inexcusable security holes riddled throughout Tizen. This isn’t just a single security breach, but a chain of breaches and poor design that puts the entire platform into question.

IF the SmartThings hubs are running Tizen, or will be running Tizen in the near future, I will be seriously considering dropping SmartThings for my home automation entirely. If it is still a ways out, I want to hear a commitment from the developer department of SmartThings that they will not push Tizen until it has passed reasonable security procedures. At this point, I would consider nothing less than a full, publicly documented and passed independent penetration test to feel safe using these products under Tizen.

This isn’t about toggling a bunch of lights anymore, folks. If you want to control our locks, and run our security cameras, you better be taking this extremely seriously.

Tyler · April 4, 2017, 9:39pm

Our hubs don’t run Tizen, and there are no plans that I’m familiar with to move our hubs to Tizen.

Thanks for sharing the article though!

geko · April 4, 2017, 10:05pm

I’ll just leave this here, FYI:

we’ll see SmartThings eventually move to use Samsung’s Tizen OS according to SmartThings co-founder and CTO Jeff Hagins.

https://gigaom.com/2015/01/06/smartthings-next-generation-hub-will-support-thread-and-the-oic/

Granted, the article contained a whole bunch of completely outlandish claims, such as:

support for Bluetooth Smart
support for cellular USB stick
support for Thread protocol
support for Chamberlain garage doors
support for Nest Thermostats
an app for the Gear S smartwatch

tgauchat · April 5, 2017, 12:52am

To paraphrase @Tyler:

SmartThings doesn’t run on “Jeff Hagins” and there are no plans that I’m familiar with to run on him again.

whoismoses · April 5, 2017, 7:10am

lol

SteveWhite · April 5, 2017, 12:15pm

Probably the first time in history where vaporware has worked out for the benefit of customer.

nastevens · April 6, 2017, 12:01pm

I am directly responsible for the operating system and update portions of the Hub v2 and I can confirm that there are no plans to ever use Tizen on the Hub v2.

raidflex · April 7, 2017, 1:28pm

This is good to hear. security is only going to become more important as this field grows and more devices come out.

Fourier · April 14, 2017, 7:36am

Thank you, I am glad that those earlier comments were not indicative of ST’s plans right now.

Topic		Replies	Views
Please talk me down off this General Discussion eol_hub_migration	2	776	April 10, 2021
Alternatives to smartthings? General Discussion	15	11298	August 17, 2018
Any update on getting smartthings operational so a new hub can be added? (June 2019) General Discussion	14	1139	June 22, 2019
Major Security Flaw with SmartThings, OAuth, and Zigbee General Discussion security	3	2246	May 21, 2016
Jumping away from Smartthings Devices & Integrations	4	1174	July 20, 2018

Major security concern, SmartThings clarification requested

Related topics