VodkaPundit

The Fridge Is Watching You

Not really, or at least not yet — but hackers are working on it:

Security researchers have discovered a potential way to steal users’ Gmail credentials from a Samsung smart fridge.

Pen Test Partners discovered the MiTM (man-in-the-middle) vulnerability that facilitated the exploit during an IoT hacking challenge at the recent DEF CON hacking conference.

The hack was pulled off against the RF28HMELBSR smart fridge, part of Samsung’s line-up of Smart Home appliances which can be controlled via their Smart Home app. While the fridge implements SSL, it fails to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections.

The internet-connected device is designed to download Gmail Calendar information to an on-screen display. Security shortcomings mean that hackers who manage to jump on to the same network can potentially steal Google login credentials from their neighbours.

This MiTM attack is a potential exploit proven in the lab, rather than a real-world threat.

But beware the Internet of Things.

For all my love of gadgets and early adopter habits, I’ve been wary of installing any IoT appliances, devices, monitors, etc. It’s one thing for hackers to steal data off of your phone or add your computer to a botnet, but it’s quite another for them to gain physical control of your car, furnace, or baby monitor.

In this case, adopt later rather than earlier.

POSSIBLY RELATED: “11 smart gadgets which should have stayed dumb.”

What, you think I should have anted up to the Kickstarter for the smart cocktail shaker?