Not so smart: Samsung's new fridge might expose your private data

dkpope

Posts: 207   +9

Now it’s not just phones that are smart, it’s TVs and trash cans and appliances too. But there might be some consequences lurking underneath all the smart bells and whistles. Security issues have been widely documented along with the rise of the Internet of Things, so Samsung set Pen Test Partners researchers to work on their smart refrigerator to find vulnerabilities.

At the annual Defcon black hat event in Las Vegas, the team hacked into the 2015 Samsung RF28HMELBSR smart fridge that features a display on the door to show calendar appointments and notes.

If Samsung hoped to pass with flying colors, they didn’t. The team found that the fridge can be forced to share secure communications with relative ease.

In a blog post, the Pen Test Partners team wrote that the fridge does implement SSL, but doesn’t verify if security certificates are valid or not.

So if attackers use a man-in-the-middle attack, they can steal data such as passwords and session tokens from the fridge. Also, since it integrates with Google Calendar, the team said it would be easy to expose a user’s Gmail credentials by targeting the fridge.

Consumers might question the high price tag -- the fridge costs almost $3,600 -- when security isn't guaranteed. Until problems like this are controlled, the safest option might be to go out and buy a magnetic whiteboard to stick on your regular fridge. At least that way it's harder for the neighbors to steal your information.

Permalink to story.

 
Because we dont already have enough screens on phones, tablets, watches, computers, and TVs - we need one on our fridge too.
 
Because we dont already have enough screens on phones, tablets, watches, computers, and TVs - we need one on our fridge too.

It's not the screens the ones to blame. The issue is to communicate it without the addecuate measures. You could put a display in your closet for any infomatic reason without any communication (Bluetooth, ZigBee, wi-fi, ...) and that wouldn't be necessarily a security flaw.
 
I appear to have been misunderstood - I was not necessarily referring literally to the screen, but the real lack need for of another smart device on a fridge when we have so many already.
 
When malfunctioning or out of power, fridges used to leak only water, but now they can also leak all your private data.

The moral of the story - freezing data doesn't work, you should encrypt it instead!

And as far as the fridges go, they can be used as a form of art:

dangerous-minds-doctor-who-ate-my-food-a-tardis-refrigerator_146363.jpeg
 
Last edited:
I can't wait for the smart toilet,then I wouldn't need to take my phone into the bathroom.
 
I can't wait for the smart toilet,then I wouldn't need to take my phone into the bathroom.

As bad as it sounds, there is a plenty of health-related stuff one can draw from analysing your piss & crap :) But perhaps it is one of those cases when ignorance is really a bliss :)
 
All my life I wanted a smart fridge with a display and calender that cost the earth so I could show off with it but they never made them 40 years ago, it's too late to try interest me now.
 
Somehow, this just does not seem like news - given what the majority of readers on this site already know about IOT devices.

If there is a story here, at least as I see it, it is that Samsung has once again failed to provide adequate security measures for yet another of their "smart" devices while pursing the almighty dollar by bottom feeding on the latest fad. Sounds like a pattern to me...
 
Back