Posted in Shoddy Security

Google partner Samsung’s “smart” refrigerator turns out to be a hackable refrigerator, too

Whoops:

A team of hackers recently discovered a man-in-the-middle vulnerability in a Samsung smart refrigerator that can be exploited to steal Gmail users’ login credentials, The Register reported this week.

Hackers from security company Pen Test Partners discovered the flaw while participating in an Internet of Things (IoT) hacking challenge at the Def Con security conference earlier this month. The smart refrigerator, Samsung model RF28HMELBSR, is designed to integrate the user’s Gmail Calendar with its display. Samsung implemented SSL to secure the Gmail integration, but the hackers found that the device does not validate SSL certificates, opening the opportunity for hackers to access the network and monitor activity for the user name and password used to link the refrigerator to Gmail.

This story neatly demonstrates the folly of adding Internet connectivity to refrigerators, washing machines, toasters, coffeemakers, and other home appliances. Not everything that draws electric current in a home needs to be able to browse the Web and talk to Google’s data centers. But companies like Samsung are so obsessed with catching the next trend in consumer electronics (the next trend being the so-called Internet of Things) that they are adding extra, unnecessary, gee-whiz features to the appliances they’re making.

Our advice: Steer clear of tricked-out, IoT branded home appliances. You’ll save on energy costs, and you won’t end up with a home full of hackable devices in every room.