- A bunch of celebrities fell for that viral Instagram hoax 4 Years Ago
- Former Die Antwoord crew member says video shows ‘homophobic attack’ 4 Years Ago
- How to stream all the MLS Rivalry Week matches 4 Years Ago
- Nevada officials issue warnings for people prepping to ‘Storm Area 51’ 4 Years Ago
- These are the 8 best fighting games available today 4 Years Ago
- Pluto TV and the NFL launch the NFL Channel 4 Years Ago
- Trump: ‘I am the chosen one’ Today 12:33 PM
- Video shows arrest of 15-year-old who threatened school shooting online Today 12:11 PM
- Woman finds massive diamond after watching YouTube video on how to find diamonds Today 11:30 AM
- Up to 20 states are banding together to probe Facebook, Google Today 11:08 AM
- Get your tinker on with the Electronic Games Advent Calendar Today 10:51 AM
- Why Joe Biden has big Jeb Bush energy Today 10:35 AM
- Trump quotes conspiracy theorist saying he’s the ‘second coming of God’ Today 9:04 AM
- Parkland teens announce massive gun reform proposal Today 9:04 AM
- Here’s how you can get a free palm reading online Today 8:48 AM
Your smart fridge could give up your Gmail password
Hacks in the kitchen.
The Internet of Things brings with it great promise, but it also carries major risks. The latest such risk: leaky smart refrigerators.
Security researchers at the firm Pen Test Partners found a flaw in Samsung’s smart fridges that lets anyone with the right technical know-how intercept the Gmail username and password of the fridge’s owner.
Ken Munro, one of the researchers, told the Register that the hack—known as a “man-in-the-middle” attack because of the way it intercepts the data—takes advantage of the fridge’s Google Calendar feature.
“It appears to work the same way that any device running a Gmail calendar does,” Munro said. “A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on.”
By accessing the home’s Wi-Fi network and intercepting the stream of data heading toward the fridge, hackers can steal the data and, in analyzing it, divine the homeowner’s login information.
The researchers weren’t able to perform the hack themselves when they played with the fridge at the annual DEF CON security conference, but they looked at the code for the mobile app that comes with the fridge and discovered that the vulnerability existed.
“The name of a file found in a keystore in the mobile app’s code suggested that it contained the certificate used to encrypt traffic between mobile app and fridge,” the Register explained. If the hackers could acquire the password that protected the certificate, they could fool the fridge into thinking that it was receiving genuine commands, thus opening the door to intercept Gmail data.
Hacking smart appliances isn’t exactly new. In January 2014, the security firm Proofpoint identified what it called the first widespread IoT-based hack, which commandeered televisions and refrigerators to send malicious emails. But as with any technology, the more time researchers spend with smart appliances, the more vulnerabilities they discover. And as their discoveries create a bigger and bigger knowledge base, the pace of their discoveries seems to be increasing.
First-generation technology is almost always fundamentally insecure in major ways, and appliances plugged into the Internet of Things are no different. Many of them are running software that hasn’t been tested in other realms—software, in other words, that hasn’t had all the kinks worked out.
The more quickly people discover vulnerabilities, the less adequate the usual cycle of manufacturers patches and recalls will be. And when it’s your refrigerator instead of your smartphone that’s causing the problem, replacing or repairing it won’t always be so easy.
A Samsung spokesperson told the Register that the company was “investigating into this matter as quickly as possible.”
H/T The Register | Illustration by Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.