I have spoken with several Smartthings support specialist regarding the security flaws of the most recent app update for the Smartthings app version 126.96.36.199. I have tried the new update, 188.8.131.52, with two different VPNs, McAfee Connect and Private Internet Access, at this point and it does not work with them. In case you don’t know using these apps without proper encryption can be attributed to incidents with IoT devices being hacked
- https://www.zdnet.com/article/smart-locks-opened-with-nothing-more-than-a-mac-address/#:~:text=A%20smart%20lock%20sold%20by,a%20MAC%20address%2C%20researchers%20say. The Smarthings Classic app still works with the VPN as do all previous versions of the app, Allowing this new update to bypass my VPN exposes it to cybercriminals. The Smarthings Classic app works just fine with the VPN. Conversely, I would like to respectfully as possible say the Samsung developers should NOT be seeking to encourage consumers to expose their devices to vulnerabilities that can be exploited by bypass the VPN security features. Smartthings app 1.7.50-21 and previous versions worked just fine with VPN protocols. The idea is to PROTECT data and make it MORE secure, not create updates that make it less secure. Are their developers and support team going on record for Samsung acknowledging a security limitation of this new app without informing consumers of the risk?