A while back, we here at Komando.com predicted that hackers would eventually be able to break into high-tech TVs, lightbulbs, nanny cams, refrigerators, toilets, smart thermostats and other appliances. In a little over a year, our prediction came true: Security researchers have now found a way to steal Google logins and credentials through Samsung's RF28HMELBSR smart fridge.
You see, the Samsung smart fridge, part of Samsung's line of Smart Home appliances, is connected to the user's Google account to access Google Calendar for the on-screen display. Only here's the problem: It might display more information than you would like.
Here's an example of one of Samsung's smart refrigerators in action, so you can get an idea of why a refrigerator would need your Google login information in the first place:
Exposed at the recent DEFCON hacking conference, security researchers found that hackers can use fake Wi-Fi access points to access the refrigerator's network and steal Google login information. The bigger problem however, lies within SSL - the fridge fails to validate certificates, which then enables man-in-the-middle attacks, which translates to stolen Google credentials.
The researchers detailed the hacking process on their blog, and noted that they couldn't complete all the hacking they wanted to on the fridge before DEFCON, suggesting that the problem could still linger. Despite that, there are still a few bugs that Samsung should look into.
And it will. Samsung is aware of the problem and gave The Register the following statement: "At Samsung, we understand that our success depends on consumers’ trust in us, and the products and services that we provide. We are investigating into this matter as quickly as possible. Protecting our consumers’ privacy is our top priority, and we work hard every day to safeguard our valued Samsung users.”
Be sure to stay tuned to what's Happening Now for the latest on this story as it breaks.