The only thing worse than having your Gmail account hacked would be to open up your fridge for a consolation drink and finding warm beer. But those problems might actually be related now that cybersecurity researchers have uncovered a way to steal a user’s Google credentials by infiltrating software embedded in the Samsung smart fridge.
Pen Test Partners, a team of white-hat hackers, discovered a Man-in-the-Middle (MITM) vulnerability in the RF28HMELBSR smart fridge, the Register reported. It’s one of Samsung’s top of the line Smart Home appliances that can be operated with the company’s Smart Home app. The fridge fails to validate Secure Socket Layer certificates, which create secure connections between a Web browser and a server, enabling an intruder to take control of the connection (the MITM attack) and view a user’s credentials.
“The Internet-connected fridge is designed to display Gmail Calendar information on its display,” Ken Munro, a researcher at Pen Test Partners, told the Register. “It appears to work the same way that any device running a Gmail calendar does. A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on.”
Pen Test Partners discovered the vulnerability during a hacking challenge at the Def Con security conference in Las Vegas earlier this month. It’s only the latest Internet of Things vulnerability to make waves among unsuspecting device owners, with the revelation Samsung TVs failed to encrypt voice communications recorded in customer’s homes. It also comes after the exposure of a number of security weaknesses in some of the most popular U.S. vehicles.
“At Samsung, we understand that our success depends on consumers’ trust in us, and the products and services that we provide,” Samsung said in a statement to the Register, indicating the company is looking into the claims from Pen Test Partners. “Protecting our consumers’ privacy is our top priority, and we work hard every day to safeguard our valued Samsung customers.”