Using the Samsung Smart Fridge Could Expose Gmail Credentials to Hackers
Using Samsung’s smart refrigerator, part of its Smart Home appliance line, could leave you vulnerable to hackers, experts recently proved at the DEF CON hacking conference, a major annual competition which aims to expose computer security risks for further analysis.
The discovery, made by the firm Pen Test Partners, was identified by testing the Wi-Fi capabilities of Samsung’s RF28HMELBSR fridge. The professional hackers confirmed that the high-tech refrigerator, which allows a user to display their Gmail calendar, fails to validate certificates in the Secure Sockets Layer (SSL), meaning that hackers who access the same Wi-Fi network would potentially be able to steal Google login credentials.
“The internet-connected fridge is designed to display Gmail Calendar information on its display,” explained Ken Munro, a security researcher at Pen Test Partners. “It appears to work the same way that any device running a Gmail calendar does. A logged-in user or owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on.”
“While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on, can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbors, for example.”