Earlier this month, Pen Test Partners found out the smart fridge is vulnerable after an IoT Village challenge at Def Con. The security consultants looked at the fridge’s mobile app and explained in a blog post that using what’s called a man-in-the-middle attack, a third party could gain access to the owner’s Gmail login information, if they were on the user’s Wi-Fi network. While the fridge provides SSL encryption, it gives the data to the Google server without verifying that it has the appropriate certificate, meaning someone else could pretend to be Google and get the login info.
“While SSL is in place, the fridge fails to validate the certificate,” Pen Test Partners security researcher Ken Munro tells The Register. “Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentication and fake Wi-Fi access point attack) can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbours, for example.”
During the hackathon, the team tried several other means of hacking the fridge, including faking a firmware update, but failed.
In a statement, Samsung said, “At Samsung, we understand that our success depends on consumers’ trust in us, and the products and services that we provide. We are investigating into this matter as quickly as possible. Protecting our consumers’ privacy is our top priority, and we work hard every day to safeguard our valued Samsung users.”
Editors' Recommendations
- How to convert your window blinds into smart blinds
- Echo Hub vs. Echo Show 8: Which is the best option for your smart home?
- What is IFTTT and how can you use it in your smart home?
- The Skylight Cal Max is a 27-inch smart calendar that might replace your smart display
- The 5 best smart ceiling fans for your home in 2024
