Samsung SmartThings Hub (3rd Generation)
From Wiki-IoT
Classification
| Samsung SmartThings Hub (3rd Generation) | |
|---|---|
| Classification | |
| Grade | A- |
| Calculator version | 1 |
| Classification date | 2025-10-16 |
| Information | |
| Name | Samsung SmartThings Hub (3rd Generation) |
| Brand by Parent | Samsung by Samsung Electronics Co., Ltd. |
| Generation | 3rd gen |
| Model(s) | GP-U999SJVLGDA (US), ET-WV525 (EU) |
| Release date | 2018-08-09 |
| Type/Category | Smart-home gateway (Zigbee 3.0, Z-Wave Plus, Wi-Fi, BLE) |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 127 × 127 × 30 mm (5 × 5 × 1.2 in) |
| Mass | 226 g (8 oz) |
| Operating system | OpenWrt-based Samsung SmartThings OS (Linux 4.4) |
| Companion App | SmartThings (iOS/Android) – formerly Samsung Connect |
| CPU | ARM Cortex-A7 @ 720 MHz (NXP i.MX6 UltraLite) |
| GPU | None |
| Memory | 512 MB DDR3L |
| Storage | 4 GB eMMC (AES-256 encrypted) |
| Battery | None (5 V mains) |
| Power | 5 V ⎓ 2 A via micro-USB |
| Charging | micro-USB (no battery) |
| Display | 1 RGB LED ring (status) |
| Camera | None |
| Sound | 1 speaker for voice prompts |
| Connectivity | Wi-Fi 4 (802.11 b/g/n) 2.4 GHz, Zigbee 3.0, Z-Wave Plus, BLE 5.0, Ethernet (optional via USB-C dongle) |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | Rare | [2] | UART pins under epoxy; case requires prying |
| Known vulnerabilities | Very common | [3] | Remote code execution in UPnP stack (MiWi) patched 2021-09 |
| Prior attacks | Rare | [4] | No large-scale botnet recorded |
| Updatability | Very common | [5] | Automatic OTA every 4 weeks; forced updates, signed images |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Full | [6] | Public REST API, Matter controller, Google/Alexa, open CLI via SmartThings-CLI |
| Communications | Encrypted with up-to-date encryption | [7] | TLS 1.3, AES-256-GCM, certificate pinning, mutual auth |
| Storage | Encrypted with up-to-date encryption | [8] | eMMC AES-256-XTS, keys in secure enclave (TrustZone) |
| Category score | 1 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [9] | Family group, roles, location-based access, device revocation |
| Authentication | Secure | [10] | Samsung-account + 2FA (TOTP, WebAuthn, push) |
| Brute-force protection | Exist | [11] | Account lock-out & CAPTCHA after 5 failed attempts |
| Event logging | Access event logged | [12] | Login/logout, device add/remove, automation runs; 90-day retention, exportable |
| Passwords | Require change after setup | [13] | 8-char min, no reused Samsung password, breached-password detection |
| Category score | 2 | ||
| Grade | A- |
|---|
