Hackers can steal your Gmail login from your refrigerator
One of the more seemingly pointless but totally awesome gadgets you can get for your home is a smart fridge. Not everything needs to be “smart,” but that lack of necessity won’t stop progress. Though all you really need from your fridge is to keep your turkey pastrami cool and preserved, it’s admittedly useful being able to tune into your favorite Pandora station, and fun drawing hilarious pictures on the little notepad app for your family to come home and find later in the day. While the smart applications of a refrigerator may seem a bit innocuous, what isn’t harmless is that researchers recently discovered that your Gmail login can be easily hacked out of your fridge.
As part of the recent DEF CON hacking conference, a group of refrigerator hooligans (a research group called Pen Test Partners) found a man-in-the-middle vulnerability that allowed them to extract Google login credentials from the refrigerator when it attempts to update its Google Calendar app. The hack is a result of the fridge not checking proper security credentials on one end of the data transaction. When the refrigerator begins the process of updating Google Calendar with a user’s current schedule, it provides its own security authentication, but doesn’t check if the recipient of the data transaction — what is supposed to be Google’s Calendar — has proper security credentials. So, if hackers can pose as Google Calendar, the fridge will just hand over the data, which includes whatever Google login is tied to the calendar.
The model of the vulnerable refrigerator is RF28HMELBSR, which will set you back a cool $3,599, and possibly whatever sensitive information can be accessed from the Google account you end up linking to it. At the moment, Samsung is looking into the matter, so if you really need to raise the intelligence of your fridge, you at least might want to avoid giving it your Google info until Samsung issues a patch to plug up the hole.