- Instagram has mixed feelings about Mindy Kaling supporting Aziz Ansari Saturday 5:02 PM
- Donald Trump keeps pushing his unsubstantiated voter fraud claims Saturday 4:09 PM
- Report: YouTube will no longer run ads on anti-vax channels Saturday 2:54 PM
- Microsoft employees want to cancel a $479 million contract with the U.S. military Saturday 1:14 PM
- Queso recipe gets launched to space Saturday 10:09 AM
- ‘Isabelle Facts’ was a wholesome queer meme account—until harassers showed up Saturday 8:28 AM
- 2016 election stories the ‘Newsroom’ reboot will cover Saturday 6:30 AM
- How to stream Brandon Rios vs. Humberto Soto for free Saturday 6:00 AM
- ‘The Haunting of Hill House’ heads to ‘Bly Manor’ for next installment Saturday 5:45 AM
- How to stream James DeGale vs. Chris Eubank Jr. for free Saturday 5:30 AM
- How to stream UFC Fight Night 145 in Prague for free Saturday 5:00 AM
- R. Kelly charged in Chicago with multiple counts of sex abuse Friday 7:51 PM
- Elon Musk finally hosts PewDiePie’s meme review Friday 6:27 PM
- Netflix throws ‘Umbrella Academy’-themed wedding for fans Friday 4:54 PM
- Report: Facebook collects app data on users’ body weight, menstrual cycles Friday 3:38 PM
Hacks in the kitchen.
The Internet of Things brings with it great promise, but it also carries major risks. The latest such risk: leaky smart refrigerators.
Security researchers at the firm Pen Test Partners found a flaw in Samsung’s smart fridges that lets anyone with the right technical know-how intercept the Gmail username and password of the fridge’s owner.
Ken Munro, one of the researchers, told the Register that the hack—known as a “man-in-the-middle” attack because of the way it intercepts the data—takes advantage of the fridge’s Google Calendar feature.
“It appears to work the same way that any device running a Gmail calendar does,” Munro said. “A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on.”
By accessing the home’s Wi-Fi network and intercepting the stream of data heading toward the fridge, hackers can steal the data and, in analyzing it, divine the homeowner’s login information.
The researchers weren’t able to perform the hack themselves when they played with the fridge at the annual DEF CON security conference, but they looked at the code for the mobile app that comes with the fridge and discovered that the vulnerability existed.
“The name of a file found in a keystore in the mobile app’s code suggested that it contained the certificate used to encrypt traffic between mobile app and fridge,” the Register explained. If the hackers could acquire the password that protected the certificate, they could fool the fridge into thinking that it was receiving genuine commands, thus opening the door to intercept Gmail data.
Hacking smart appliances isn’t exactly new. In January 2014, the security firm Proofpoint identified what it called the first widespread IoT-based hack, which commandeered televisions and refrigerators to send malicious emails. But as with any technology, the more time researchers spend with smart appliances, the more vulnerabilities they discover. And as their discoveries create a bigger and bigger knowledge base, the pace of their discoveries seems to be increasing.
First-generation technology is almost always fundamentally insecure in major ways, and appliances plugged into the Internet of Things are no different. Many of them are running software that hasn’t been tested in other realms—software, in other words, that hasn’t had all the kinks worked out.
The more quickly people discover vulnerabilities, the less adequate the usual cycle of manufacturers patches and recalls will be. And when it’s your refrigerator instead of your smartphone that’s causing the problem, replacing or repairing it won’t always be so easy.
A Samsung spokesperson told the Register that the company was “investigating into this matter as quickly as possible.”
H/T The Register | Illustration by Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.