Major security concern, SmartThings clarification requested

security
hubv2

#1

In light of news about Samsung’s utter failure in securing their Tizen platform, I wanted to ask if the previous plans to move SmartThings hubs to Tizen have progressed, and what that status is.

For those unfamiliar with the Tizen security situation, Ars Technica has a short writeup on it: https://arstechnica.com/gadgets/2017/04/samsungs-tizen-is-riddled-with-security-flaws-amateurishly-written/

tl;dr: an independent security researcher has found numerous inexcusable security holes riddled throughout Tizen. This isn’t just a single security breach, but a chain of breaches and poor design that puts the entire platform into question.

IF the SmartThings hubs are running Tizen, or will be running Tizen in the near future, I will be seriously considering dropping SmartThings for my home automation entirely. If it is still a ways out, I want to hear a commitment from the developer department of SmartThings that they will not push Tizen until it has passed reasonable security procedures. At this point, I would consider nothing less than a full, publicly documented and passed independent penetration test to feel safe using these products under Tizen.

This isn’t about toggling a bunch of lights anymore, folks. If you want to control our locks, and run our security cameras, you better be taking this extremely seriously.


#2

Our hubs don’t run Tizen, and there are no plans that I’m familiar with to move our hubs to Tizen.

Thanks for sharing the article though!


(Geko) #3

I’ll just leave this here, FYI:

we’ll see SmartThings eventually move to use Samsung’s Tizen OS according to SmartThings co-founder and CTO Jeff Hagins.

https://gigaom.com/2015/01/06/smartthings-next-generation-hub-will-support-thread-and-the-oic/

Granted, the article contained a whole bunch of completely outlandish claims, such as:

  • support for Bluetooth Smart
  • support for cellular USB stick
  • support for Thread protocol
  • support for Chamberlain garage doors
  • support for Nest Thermostats
  • an app for the Gear S smartwatch

:grinning:


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #4

To paraphrase @Tyler:

SmartThings doesn’t run on “Jeff Hagins” and there are no plans that I’m familiar with to run on him again. :stuck_out_tongue_winking_eye:


(Eric) #5

lol

lol

lol

lol

lol

lol


(Steve White) #6

Probably the first time in history where vaporware has worked out for the benefit of customer.


(Nick Stevens) #7

I am directly responsible for the operating system and update portions of the Hub v2 and I can confirm that there are no plans to ever use Tizen on the Hub v2.


#8

This is good to hear. security is only going to become more important as this field grows and more devices come out.


#9

Thank you, I am glad that those earlier comments were not indicative of ST’s plans right now.