A white hat security firm has discovered a vulnerability in one of Samsung‘s smart fridges that exposes owner’s Gmail credentials.A ‘Man in The Middle’ is the vulnerability allows potential hackers to intercept data as it travels from a server to a device. The Samsung’s RF28HMELBSR smart fridge is vulnerable to this ‘Man in The Middle’.
Ken Munro, a security researcher at Pen Test Partners discovered this vulnerability and he explained that,“While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentication and fake Wi-Fi access point attack) can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbors, for example.”
According to Samsung, refrigerators will be updated automatically when they are connected to a network. Now, there’s no evidence that such a hack has occurred in Samsung refrigerators out in the real world, but the incident does highlight some of the security and privacy challenges posed by the Internet of Things.
After knowing this issue by Samsung it released the statement saying “At Samsung, we understand that our success depends on consumers’ trust in us, and the products and services we provide. We are investigating into this matter as quickly as possible. Protecting our consumer’s privacy is our top priority, and we work hard every day to safeguard our valued Samsung users.”