One of Samsung’s snazzy new smart fridge models is the latest victim to feel the chill of cyber attacks, as it has been discovered that hackers can use the fridge to gain access to Gmail login credentials.
Penn Test Partners, who specialise in exploiting security flaws, discovered that the Wi-Fi connected Samsung RF28MELBSR smart fridge, which allows users to display their Google calendar on a smart screen, had an SSL certificate flaw that potentially allowed hackers to gain access to Gmail credentials.
An SSL certificate, in theory, should encrypt any data that is sent over a computer network. The researchers clarify that ‘while SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on [...] can Man-In-The-Middle the fridge calendar client and steal the Google login credentials from their neighbours.’
This isn’t the first time a household Wi-Fi connected item has been hacked, let alone a Samsung device; earlier this year it was discovered that Samsung’s Smart TV’s were failing to encrypt voice commands the TV was sending over the internet.
The ‘Internet of things’, linking together all manner of household items together over the web, is designed to make our lives easier, but is it causing us more problems? As we connect a greater number of devices online we are potentially making our private details more susceptible to hacking. I remember when all you had to worry about with fridges was the odd defrosting, or that handy little inner bulb blowing. [International Business Times, The Register]