Security flaws could leave your Samsung SmartThings home vulnerable to virtual lock-pickers and device hackers.

Samsung SmartThings is a popular smart home automation system ruled by a single wireless hub that lets you link lights, gadgets, and security devices to your smartphone. It’s nothing tricky; complete beginners can grab a SmartThings Starter Kit and hit the ground running in no time.

But recent research by the University of Michigan has shed light on some worrying security risks that could let outsiders hack into the SmartThings system and gain control of a user’s smart home.

The research paper, which was aimed at determining the ways that emerging, programmable smart homes could be vulnerable to attacks, highlights two key discoveries. Firstly, that around 40% of SmartApps (third-party apps used to control individual devices via SmartThings) are ‘over-privileged’. This essentials means an app can gain access to more operations on protected resources than it actually needs to carry out its intended purpose.

The second discovery was that SmartThings itself doesn’t sufficiently protect sensitive information like lock pin codes. In layman’s terms, this basically means a hacker could virtually pick your lock.

To effectively exploit this weakness, the team of researchers sent a malicious link to a third-party app. If users clicked on the link, they were directed to a SmartThings website and prompted to enter their details. Then, all the researchers needed to do was redirect a bug to the app and capture the login data to re-code a smart door lock.

Although the idea of an intruder breaking into your home from afar is a rather concerning prospect, the researchers aren’t completely against the SmartThings system being a fixture in our homes. Atul Prakash, U-M professor of computer science and engineering at the University of Michigan said in a statement, “I would say it’s okay to use as a hobby right now, but I wouldn’t use it where security is paramount.”