- Furries stop domestic assault in viral video Wednesday 6:10 PM
- Gritty under police investigation for allegedly punching a teen fan Wednesday 6:04 PM
- Twitter users throw animal parties with emoji in new meme Wednesday 5:21 PM
- Woman who went viral supporting Soleimani killing exposed as Libyan militia lobbyist Wednesday 5:01 PM
- Jeff Bezos subtweets Saudi prince following phone hack report Wednesday 3:29 PM
- ‘Yeah, good. OK’ Bernie Sanders meme is a new way to dismiss people Wednesday 3:10 PM
- ‘Vanderpump Rules’ recap: Petty displays of affection Wednesday 2:12 PM
- Makeup artist transforms into Timothée Chalamet on TikTok Wednesday 1:54 PM
- Iguanas are falling from trees—and people are selling them online for food Wednesday 1:02 PM
- 75,000 sign petition to fire Wendy Williams after ‘cleft lip’ comment about Joaquin Phoenix Wednesday 12:30 PM
- Kim Kardashian says Kylie Jenner’s setting spray is ‘cheap sh*t’ Wednesday 11:59 AM
- Trump continues to demand Apple unlock iPhones for the government Wednesday 11:46 AM
- Police officer suspended after video of a handcuffed Delonte West surfaces Wednesday 11:33 AM
- ‘Girls don’t want a boyfriend’ meme leaves boyfriends in 2019 Wednesday 11:21 AM
- Are these tweets about ‘The Bachelor’ or Trump’s impeachment? Wednesday 10:45 AM
Your smart fridge could give up your Gmail password
Hacks in the kitchen.
The Internet of Things brings with it great promise, but it also carries major risks. The latest such risk: leaky smart refrigerators.
Security researchers at the firm Pen Test Partners found a flaw in Samsung’s smart fridges that lets anyone with the right technical know-how intercept the Gmail username and password of the fridge’s owner.
Ken Munro, one of the researchers, told the Register that the hack—known as a “man-in-the-middle” attack because of the way it intercepts the data—takes advantage of the fridge’s Google Calendar feature.
“It appears to work the same way that any device running a Gmail calendar does,” Munro said. “A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on.”
By accessing the home’s Wi-Fi network and intercepting the stream of data heading toward the fridge, hackers can steal the data and, in analyzing it, divine the homeowner’s login information.
The researchers weren’t able to perform the hack themselves when they played with the fridge at the annual DEF CON security conference, but they looked at the code for the mobile app that comes with the fridge and discovered that the vulnerability existed.
“The name of a file found in a keystore in the mobile app’s code suggested that it contained the certificate used to encrypt traffic between mobile app and fridge,” the Register explained. If the hackers could acquire the password that protected the certificate, they could fool the fridge into thinking that it was receiving genuine commands, thus opening the door to intercept Gmail data.
Hacking smart appliances isn’t exactly new. In January 2014, the security firm Proofpoint identified what it called the first widespread IoT-based hack, which commandeered televisions and refrigerators to send malicious emails. But as with any technology, the more time researchers spend with smart appliances, the more vulnerabilities they discover. And as their discoveries create a bigger and bigger knowledge base, the pace of their discoveries seems to be increasing.
First-generation technology is almost always fundamentally insecure in major ways, and appliances plugged into the Internet of Things are no different. Many of them are running software that hasn’t been tested in other realms—software, in other words, that hasn’t had all the kinks worked out.
The more quickly people discover vulnerabilities, the less adequate the usual cycle of manufacturers patches and recalls will be. And when it’s your refrigerator instead of your smartphone that’s causing the problem, replacing or repairing it won’t always be so easy.
A Samsung spokesperson told the Register that the company was “investigating into this matter as quickly as possible.”
H/T The Register | Illustration by Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.