According to security researchers at Pen Test Partners (via BGR), it seems that they have recently discovered a security flaw in the Samsung RF28HMELBSR smart fridge that makes it susceptible to man-in-the-middle attacks which could end up stealing your Gmail credentials. As the fridge connects to the internet to display your Gmail Calendar information, the researchers found that it does not validate SSL certificates.
The researchers write, “While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentification and fake WiFi access point attack) can man-in-the-middle the fridge calendar client and steal Google login credentials from their neighbours, for example.”
They have since notified Samsung about the flaw to which Samsung has since responded by saying, “We are investigating into this matter as quickly as possible. Protecting our consumer’s privacy is our top priority, and we work hard every day to safeguard our valued Samsung users.”