Not Cool – Samsung Smart Fridge Flaw Makes Gmail Open to Attacks

Security research team, Pen Test Partners has uncovered a MiTM (man-in-the-middle) vulnerability during an IOT hacking challenge. The hack was achieved on a RF28HMELBSR smart fridge which contributes to Samsung’s Smart Home appliances line-up. In theory, the Smart Home App downloads data from Gmail Calender to an on-screen display and protected by SSL credentials. However, it’s possible for hackers to gain access to this network and steal your information. Ken Munro, a security researcher at Pen Test Partners explained:

“The internet-connected fridge is designed to display Gmail Calendar information on its display,”

“It appears to work the same way that any device running a Gmail calendar does. A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on.”

“While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentication and fake Wi-Fi access point attack) can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbours, for example.”

Technological advancements in household appliances are designed to enhance user convenience and provide useful information. Unfortunately, this makes rather ordinary devices prone to software bugs or hacking. Samsung has acknowledged the situation and released the following statement:

“At Samsung, we understand that our success depends on consumers’ trust in us, and the products and services that we provide. We are investigating into this matter as quickly as possible. Protecting our consumers’ privacy is our top priority, and we work hard every day to safeguard our valued Samsung users.”

Do you own any smart appliances?

Image courtesy of Gizmodo

Thank you The Register for providing us with this information.