The Internet of Things — or the Internet of Shit, depending on how you view it — was supposed to bring us smarter devices to improve life, but as it turns out they may be the reason you wind up getting hacked.
At the annual DEFCON black hat event in Las Vegas, researchers at Pen Test Partners worked to attack a Samsung smart refrigerator and find vulnerabilities.
The fridge in question was a 2015 Samsung RF28HMELBSR smart fridge, which features a display on the door for showing calendar appointments and leaving notes among other “useful” features.
The security flaw the firm found was a big one: the fridge can be forced to leak secure communications stolen with relative ease.
Writing in a post on the Pen Test Partners blog, the team said the fridge implements SSL, but fails to verify if security certificates are valid or not.
That means attackers can use a man-in-the-middle (MITM) attack to steal data, such as passwords and session tokens from the fridge. And because it integrates with Google Calendar, the team says it’d be trivial to expose a user’s Gmail credentials… by attacking a fridge.
Perhaps that’s why Apple is spending a lot of time securing HomeKit before it’s made widely available.
At least when someone asks how your accounts got hacked in the future, you’ll be able to tell them it’s your refrigerator’s fault, not yours.
Image credit: Samsung
Published August 25, 2015 — 12:08 UTC