- This Pokémon generator site is creating hilarious monsters 4 Years Ago
- MrBeast impersonator tricks kid into destroying his XBox Today 12:50 PM
- This mom has the perfect nickname for her nonbinary kid Today 12:25 PM
- Netflix tests pop-out player that will allow viewers to multitask Today 11:44 AM
- Man allowed to sue media publishers over readers’ Facebook comments Today 11:42 AM
- Republicans slammed for joke about ‘heavily armed militia’ at Oregon statehouse Today 11:30 AM
- New bill wants tech companies to tell you how much your data is worth Today 10:53 AM
- AOC has the best response to Steve King’s ‘concentration camp’ criticism Today 10:19 AM
- Did Jake Paul and Tana Mongeau just get engaged? Today 9:26 AM
- Leaked documents reveal all the ‘red flags’ about Trump officials Today 9:02 AM
- Elon Musk, who wants to colonize space, thought the moon was Mars Today 8:56 AM
- How to watch ‘Legion’ for free Today 8:46 AM
- Netflix’s ‘Bolívar’ reduces hero’s tale to irredeemable melodrama Today 8:18 AM
- How to watch the U.S. vs. Spain at the World Cup for free Today 7:55 AM
- How to watch ‘The Hills: New Beginnings’ for free Today 7:40 AM
Hacks in the kitchen.
The Internet of Things brings with it great promise, but it also carries major risks. The latest such risk: leaky smart refrigerators.
Security researchers at the firm Pen Test Partners found a flaw in Samsung’s smart fridges that lets anyone with the right technical know-how intercept the Gmail username and password of the fridge’s owner.
Ken Munro, one of the researchers, told the Register that the hack—known as a “man-in-the-middle” attack because of the way it intercepts the data—takes advantage of the fridge’s Google Calendar feature.
“It appears to work the same way that any device running a Gmail calendar does,” Munro said. “A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on.”
By accessing the home’s Wi-Fi network and intercepting the stream of data heading toward the fridge, hackers can steal the data and, in analyzing it, divine the homeowner’s login information.
The researchers weren’t able to perform the hack themselves when they played with the fridge at the annual DEF CON security conference, but they looked at the code for the mobile app that comes with the fridge and discovered that the vulnerability existed.
“The name of a file found in a keystore in the mobile app’s code suggested that it contained the certificate used to encrypt traffic between mobile app and fridge,” the Register explained. If the hackers could acquire the password that protected the certificate, they could fool the fridge into thinking that it was receiving genuine commands, thus opening the door to intercept Gmail data.
Hacking smart appliances isn’t exactly new. In January 2014, the security firm Proofpoint identified what it called the first widespread IoT-based hack, which commandeered televisions and refrigerators to send malicious emails. But as with any technology, the more time researchers spend with smart appliances, the more vulnerabilities they discover. And as their discoveries create a bigger and bigger knowledge base, the pace of their discoveries seems to be increasing.
First-generation technology is almost always fundamentally insecure in major ways, and appliances plugged into the Internet of Things are no different. Many of them are running software that hasn’t been tested in other realms—software, in other words, that hasn’t had all the kinks worked out.
The more quickly people discover vulnerabilities, the less adequate the usual cycle of manufacturers patches and recalls will be. And when it’s your refrigerator instead of your smartphone that’s causing the problem, replacing or repairing it won’t always be so easy.
A Samsung spokesperson told the Register that the company was “investigating into this matter as quickly as possible.”
H/T The Register | Illustration by Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.