Click to Skip Ad
Closing in...

Have a Samsung smart fridge? Your Gmail credentials might be at risk

Published Aug 25th, 2015 10:05PM EDT
Samsung Smart Fridge Hack

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

With each passing year, more and more everyday objects are being outfitted with network connectivity. This type of futuristic world — dubbed The Internet of Things — promises to make our lives a whole lot easier in ways we never imagined possible even just a few years ago.

Of course, with every great technological advancement comes newfound security risks. Case in point: researchers recently uncovered a security flaw in a Samsung smart fridge which can compromise a user’s Gmail credentials. As to why you might need a refrigerator with an 8-inch Wi-Fi enabled display that can browse the web, mirror what’s on your phone, and even run apps, well, that’s a topic for another day.

DON’T MISS: Another huge leak: iPhone 6s specs and release date detailed by wireless carrier rep

Security researchers from Pen Test Partners disclosed the mechanics behind their hack at the Def Con Hacking conference earlier this month. The researchers revealed that Samsung’s RF28HMELBSR smart fridge is vulnerable to ‘man in the middle’ attacks because it doesn’t validate SSL certificates.

Speaking to The Register, a researcher at Pen Test Partners explained: “The internet-connected fridge is designed to display Gmail Calendar information on its display. It appears to work the same way that any device running a Gmail calendar does. A logged-in user/owner of the calendar makes the updates and those changes are then seen on any device that a user can view the calendar on.

“While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentification and fake WiFi access point attack) can man-in-the-middle the fridge calendar client and steal Google login credentials from their neighbours, for example.”

Is this reason to completely shun the Internet of Things as a revolution that’s more problematic than helpful? We wouldn’t go that far, but it does serve as an important reminder to be vigilant about where you upload sensitive data. This is especially important because connected devices seemingly have less robust security than our smartphones, which themselves are not impervious to any number of exploits.

Upon being made aware of the issue, Samsung issued the following statement: “At Samsung, we understand that our success depends on consumers’ trust in us, and the products and services we provide. We are investigating into this matter as quickly as possible. Protecting our consumer’s privacy is our top priority, and we work hard every day to safeguard our valued Samsung users.”

Pen Test Partners detailed the more technical aspects of their hack via a blogpost they published online last week.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.