A fridge is meant to keep food cold and fresh, but as technology advances and the more connected we get, so do our regular household items which might expand why smart fridges that can connect to the internet exists. However with all things that can be connected, there are risks, and it seems that Samsung’s smart fridge could be one of them.
According to security researchers at Pen Test Partners (via BGR), it seems that they have recently discovered a security flaw in the Samsung RF28HMELBSR smart fridge that makes it susceptible to man-in-the-middle attacks which could end up stealing your Gmail credentials. As the fridge connects to the internet to display your Gmail Calendar information, the researchers found that it does not validate SSL certificates.
The researchers write, “While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentification and fake WiFi access point attack) can man-in-the-middle the fridge calendar client and steal Google login credentials from their neighbours, for example.”
They have since notified Samsung about the flaw to which Samsung has since responded by saying, “We are investigating into this matter as quickly as possible. Protecting our consumer’s privacy is our top priority, and we work hard every day to safeguard our valued Samsung users.”
Filed in Hacking, IoT (Internet of Things), Samsung and Security.
. Read more about