Samsung SmartFridge Security Flaw Leaves Gmail Login Information Vulnerable

You probably don’t worry about hackers compromising the security settings of your refrigerator, but its time that you should. Researchers have found a flaw that is leaving Gmail credentials vulnerable to cyber criminals.

The future of the Internet of Things promises an easy and convenient way of life, but it also opened a whole new flood of problems starting with privacy and cyber security. There is definitely a threat when everything about you, can easily be snatched by criminals on the web  and it seems like technology is outrunning security measures in terms of development.

The 8-inch WiFi enabled display of the Samsung smart fridge allows users to receive messages, stream Twitter or Facebook feeds, browse the web and other functions that regular smartphones and tablets can do, but it is a two-way street. It lets information come in from the web but with it comes all the security threats.

At this year’s DefCon hacker conference, security researchers from Pen Test Partners exposed the connectivity flaws of smart refrigerators particularly of the SamsungRF28HMELBSR model. According to their study, the home appliance is vulnerable to man-in-the-middle attacks.

In this kind of cyber attack, the hacker can intercept the signal sent by the device connected to the internet before it reaches its destination. The hacker then will gain control over the entire conversation and will be able to modify the connection before it reaches the server or the server flings back the signal to the user.

In the Samsung fridge’s case, the problem lies in its connection. Apparently, the technology does not validate SSL certificates, the researchers explained.

“While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentication and fake WiFi access point attack) can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbours, for example.”

The device displays the user’s Gmail calendar which, as you would have guessed, requires Google login credentials to be accessed. From the refrigerator’s tiny display, the user can modify or schedule an event on the digital calendar, and it will automatically change the records on all the devices the calendar can be viewed. Anyone who can get into the network can steal your password.

Samsung Electronics has yet to send a patch for the bug, but the company reassured that they are currently looking into the situation.


. . . . . . . .

Print Friendly, PDF & Email

Leave a Reply